Skip to content

Commit b6b4401

Browse files
Monska85Monska85
authored
Merge pull request #30 from sparkfabrik/proper_rootless
feat: proper rootless
2 parents c598204 + 5ea5ac3 commit b6b4401

File tree

2 files changed

+38
-3
lines changed

2 files changed

+38
-3
lines changed

Dockerfile

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,35 @@
11
FROM alpine:3.20
22

3-
RUN apk add --no-cache minio minio-client \
4-
bash curl date file rsync tar unzip xz \
3+
RUN apk add --no-cache minio minio-client ca-certificates \
4+
bash curl date file rsync tar unzip xz shadow \
55
&& ln -fs /usr/bin/mcli /usr/bin/mc
66

7+
# https://github.com/tianon/gosu/blob/3d395d499a92ffa47d70c79d24a738b85075f477/INSTALL.md
8+
ENV GOSU_VERSION=1.19
9+
RUN set -eux; \
10+
\
11+
apk add --no-cache --virtual .gosu-deps \
12+
dpkg gnupg ; \
13+
\
14+
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
15+
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
16+
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
17+
\
18+
# verify the signature
19+
export GNUPGHOME="$(mktemp -d)"; \
20+
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
21+
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
22+
gpgconf --kill all; \
23+
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
24+
\
25+
# clean up fetch dependencies
26+
apk del --no-network .gosu-deps; \
27+
\
28+
chmod +x /usr/local/bin/gosu; \
29+
# verify that the binary works
30+
gosu --version; \
31+
gosu nobody true
32+
733
# Copy scripts folder
834
COPY scripts /scripts
935
RUN chmod +x /scripts/entrypoint.sh

scripts/entrypoint.sh

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,8 +113,17 @@ if [ "${1}" = "minio" ]; then
113113
# Stop temporary MinIO server.
114114
minio_stop_temp_server
115115

116+
if [ -n "${MY_UID}" ]; then
117+
usermod -u "${MY_UID}" minio
118+
chown -R "${MY_UID}" "${BUCKET_ROOT}"
119+
fi
120+
if [ -n "${MY_GID}" ]; then
121+
groupmod -g "${MY_GID}" minio
122+
chgrp -R "${MY_GID}" "${BUCKET_ROOT}"
123+
fi
124+
116125
# Run minio.
117-
exec /usr/bin/minio server "${BUCKET_ROOT}" --address ":${MINIO_PORT}" --console-address ":${MINIO_CONSOLE_PORT}" ${MINIO_OPTS}
126+
gosu "${MY_UID:-root}:${MY_GID:-root}" /usr/bin/minio server "${BUCKET_ROOT}" --address ":${MINIO_PORT}" --console-address ":${MINIO_CONSOLE_PORT}" ${MINIO_OPTS}
118127
fi
119128

120129
if [ "${1}" = "mc" ]; then

0 commit comments

Comments
 (0)