Configure for pure rootless #1

+3 -10

Containerfile

··· 2 2 3 3 ARG TAG='v1.11.0-alpha' 4 4 5 5 - ENV KNOT_REPO_SCAN_PATH=/home/git 6 5 ENV CGO_ENABLED=1 7 6 8 7 WORKDIR /app 9 9 - 10 8 RUN apk add --no-cache git gcc musl-dev 11 9 RUN echo "${TAG}" > /VERSION && \ 12 10 echo "Building tag: ${TAG}" && \ ··· 15 13 16 14 FROM alpine:latest 17 15 18 18 - EXPOSE 22 16 16 + EXPOSE 2222 19 17 EXPOSE 5555 20 18 21 21 - ARG UID=1000 22 22 - ARG GID=1000 23 23 - 24 19 RUN apk add --no-cache shadow s6-overlay execline openssl openssh git curl bash 25 20 26 21 COPY --from=builder /usr/bin/knot /usr/bin 27 22 COPY --from=builder /VERSION / 28 23 COPY rootfs / 29 24 30 30 - RUN groupadd -g $GID git && \ 31 31 - useradd -u $UID -g $GID -m -d /home/git -s /bin/bash -p "*" git && \ 25 25 + RUN groupadd -g 9001 git && \ 26 26 + useradd -u 9001 -g git -m -d /home/git -s /bin/bash -p "*" git && \ 32 27 mkdir -p /etc/ssh/keys && \ 33 33 - mkdir -p /app && \ 34 34 - chown -R git:git /app /home/git && \ 35 28 chmod 755 /etc && \ 36 29 chmod -R 755 /etc/s6-overlay 37 30

+1 -1

rootfs/etc/s6-overlay/s6-rc.d/knotserver/run

··· 1 1 #!/command/with-contenv ash 2 2 3 3 - exec s6-setuidgid git /usr/bin/knot server 3 3 + exec /usr/bin/knot server

+1 -1

rootfs/etc/s6-overlay/s6-rc.d/sshd/run

··· 1 1 #!/usr/bin/execlineb -P 2 2 3 3 - /usr/sbin/sshd -e -D 3 3 + /usr/sbin/sshd -e -D -p 2222

+3 -2

rootfs/etc/s6-overlay/scripts/generate-motd

··· 1 1 - #!/usr/bin/with-contenv bash 1 1 + #!/bin/sh 2 2 3 3 KNOT_VERSION=$(cat /VERSION 2>/dev/null) 4 4 + HOSTNAME=$(hostname) 4 5 5 6 sed -e "s/{{version}}/${KNOT_VERSION}/g" \ 6 6 - -e "s/{{hostname}}/${KNOT_SERVER_HOSTNAME_MOTD}/g" \ 7 7 + -e "s/{{hostname}}/${HOSTNAME}/g" \ 7 8 /home/git/motd.template > /home/git/motd