Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Dockerfile to be OpenShift restricted SCC compliant #891

Closed
wants to merge 2 commits into from
Closed

Update Dockerfile to be OpenShift restricted SCC compliant #891

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
54d8862
Update Dockerfile
Jan 11, 2021
9659c25
Merge branch 'master' into master
Homopatrol Mar 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions src/main/docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,19 @@ LABEL vendor="OWASP"
ARG APP_DIR=/opt/owasp/dependency-track/
ARG DATA_DIR=/data/
ARG USERNAME=dtrack
ARG GID=0
ARG WAR_FILENAME=dependency-track-apiserver.war

# Create the directory where Dependency-Track will store its data (${DATA_DIR}) and the external library directory (${EXTLIB_DIR})
# Create a user and assign home directory to a ${DATA_DIR}
# Ensure UID 1000 & GID 1000 own all the needed directories
RUN mkdir -p -m 770 ${DATA_DIR} \
&& adduser -D -h ${DATA_DIR} -u 1000 ${USERNAME} \
&& chown -R ${USERNAME}:${USERNAME} ${DATA_DIR}
&& chown -R ${USERNAME}:0 ${DATA_DIR}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not :${GID} - otherwise that new parameter isn't even used anywhere?

Copy link
Contributor

@k3rnelpan1c-dev k3rnelpan1c-dev Mar 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason for this is to support arbitrary user IDs, such you can find in environments such as OpenShift.
You can read up on it in the OpenShift Documentation.

Regardless, since #1303 was merged that has this kind of behaviour already incorporated this PR is redundant, I think.

Edit: I see why you asked in the first place now 🤦‍♂️ (still I think this PR has been made redundant, now that the official DT image already includes support for arbitrary user IDs)


# Copy the compiled WAR to the application directory created above
# Automatically creates the $APP_DIR directory
COPY --chown=1000 ./target/${WAR_FILENAME} ${APP_DIR}
COPY --chown=${USERNAME}:0 ./target/${WAR_FILENAME} ${APP_DIR}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above ${USERNAME}:${GID}?


# Specify the user to run as (in numeric format for compatibility with Kubernetes/OpenShift's SCC)
USER 1000
Expand Down