Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 05:45:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: WORKDIR before adduser avoids surprises

Browse Source 
The additions from `adduser` reading `/etc` does not appear to apply if the directory already exists, and permissions (including SGID) are adjusted properly for the home dir.

This mean the excess backup copies in `/etc` are introduced again however.
This commit is contained in:
Brennan Kinney
2023-03-22 21:16:50 +13:00
parent 48c180d0d8
commit 0b86094ab9
1 changed files with 5 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Dockerfile
View File

@@ -70,24 +70,14 @@ EOF
FROM scratch FROM scratch
ARG INSTALL_ROOT ARG INSTALL_ROOT
COPY --link --from=builder ${INSTALL_ROOT} / COPY --link --from=builder ${INSTALL_ROOT} /
RUN <<EOF WORKDIR /home/testssl
# Create user: RUN --mount=type=bind,from=busybox:latest,source=/bin,target=/bin <<EOF
echo 'testssl:x:1000:1000::/home/testssl:/bin/bash' >> /etc/passwd /bin/adduser -D -s /bin/bash testssl
echo 'testssl:x:1000:' >> /etc/group /bin/ln -s /home/testssl/testssl.sh /usr/local/bin/
echo 'testssl:!::0:::::' >> /etc/shadow
# Create user home with SGID set:
install --mode 2755 --owner testssl --group testssl --directory /home/testssl
# Add relative symlink to point to content that will COPY later:
ln -sr /home/testssl/testssl.sh /usr/local/bin/
EOF EOF
USER testssl
WORKDIR /home/testssl/
# Copy over build context (after filtered by .dockerignore): bin/ etc/ testssl.sh # Copy over build context (after filtered by .dockerignore): bin/ etc/ testssl.sh
COPY --chown=testssl:testssl . /home/testssl/ COPY --chown=testssl:testssl . /home/testssl/
USER testssl
ENTRYPOINT ["testssl.sh"] ENTRYPOINT ["testssl.sh"]
CMD ["--help"] CMD ["--help"]