tangled.org / knot-docker
Community maintained Docker config for the knot server
fork atom

slim down image size #18

open opened by cosmichorror.dev targeting main from cosmichorror.dev/knot-docker: smol

this shaves off a few MBs from the final image (dive reports 78 MB -> 73 MB). i've tested that these changes work by deploying the image to my knot and was able to push this branch to my fork hosted there still 😈 (and yes i learned the whole special * passwd stuff by being locked out initially vv)

knot    | User git not allowed because account is locked
knot    | maximum authentication attempts exceeded for invalid user git from 97.118.232.59 port 44814 ssh2 [preauth]
knot    | Disconnecting invalid user git 97.118.232.59 port 44814: Too many authentication failures [preauth]

i've verified that all the usual things work still:

  • you're able to get a shell in the docker container with $ docker exec -it knot sh since bash is removed
  • trying to use * as the password for the git user correctly fails
Labels

None yet.

Participants 1
AT URI
at://did:plc:zmzrlti5do46aw3y7jfdzjqs/sh.tangled.repo.pull/3mhhhn33dsu22
+5 -3
Diff #0
+5 -3
Dockerfile
··· 5 5 arg TAG='v1.12.0-alpha' 6 6 7 7 workdir /app 8 - run apk add git gcc musl-dev 8 + run apk add --no-cache git gcc musl-dev 9 9 run git clone -b ${TAG} https://tangled.org/@tangled.org/core . 10 10 run go build -o /usr/bin/knot -ldflags '-s -w -extldflags "-static"' ./cmd/knot 11 11 ··· 26 26 copy rootfs . 27 27 run chmod 755 /etc 28 28 run chmod -R 755 /etc/s6-overlay 29 - run apk add shadow s6-overlay execline openssl openssh git curl bash 29 + run apk add --no-cache shadow s6-overlay execline openssh git curl 30 30 run groupadd -g $GID -f git 31 31 run useradd -u $UID -g $GID -d /home/git git 32 - run openssl rand -hex 16 | passwd --stdin git 32 + # setting the password to `*` disables password-based access without locking the 33 + # account out of ssh: <https://unix.stackexchange.com/a/193131> 34 + run usermod --password '*' git 33 35 run mkdir -p /home/git/repositories && chown -R git:git /home/git 34 36 copy --from=builder /usr/bin/knot /usr/bin 35 37 run mkdir /app && chown -R git:git /app

History

1 round 0 comments
sign up or login to add to the discussion
cosmichorror.dev submitted #0
3 commits
expand
269d168a
avoid storing apk cache files
27fdc5c5
set no password over random hex
e26b6727
remove bash in favor of existing sh
no conflicts, ready to merge
expand 0 comments