Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(docker): add gosu and remove unsupported flag in adduser #8808

Merged
merged 2 commits into from
Aug 27, 2024
Merged

fix(docker): add gosu and remove unsupported flag in adduser #8808

merged 2 commits into from
Aug 27, 2024

Conversation

gustavovalverde
Copy link
Member

@gustavovalverde gustavovalverde commented Aug 27, 2024
edited
Loading

Motivation

PR #8803 had a failing test, but it was allowed to get merge.

Solution

  • Fix typo and non-allowed option in adduser for Debian
  • Add gosu to avoid running Zebra with root, but allowing our entrypoint.sh to create directories and files

Tests

  • Verify that all tests are passing

PR Author's Checklist

  • The PR name will make sense to users.
  • The PR provides a CHANGELOG summary.
  • The solution is tested.
  • The documentation is up to date.
  • The PR has a priority label.

PR Reviewer's Checklist

  • The PR Author's checklist is complete.
  • The PR resolves the issue.

@gustavovalverde gustavovalverde added C-bug Category: This is a bug A-devops Area: Pipelines, CI/CD and Dockerfiles I-build-fail Zebra fails to build P-Critical 🚑 labels Aug 27, 2024
@gustavovalverde gustavovalverde self-assigned this Aug 27, 2024
@gustavovalverde gustavovalverde requested a review from a team as a code owner August 27, 2024 15:32
@gustavovalverde gustavovalverde requested review from upbqdn and removed request for a team August 27, 2024 15:32
@gustavovalverde gustavovalverde changed the title fix(docker): typo and uknown option in debian fix(docker): typo and unknown option in debian Aug 27, 2024
@gustavovalverde gustavovalverde changed the title fix(docker): typo and unknown option in debian fix(docker): typo and unknown option for adduser in debian Aug 27, 2024
conradoplg
conradoplg previously approved these changes Aug 27, 2024
View reviewed changes
@gustavovalverde
fix(docker): use gosu for rootless execution
2b63b77 
Some of our entrypoint commands requires creating directories and files in places a non-privileged user can't access.

So we use `gosu` to step down from `root` to a non-privileged user during container startup, right at our application execution.
@gustavovalverde gustavovalverde changed the title fix(docker): typo and unknown option for adduser in debian fix(docker): add gosu and remove unsupported flags in debian's adduser Aug 27, 2024
@gustavovalverde gustavovalverde changed the title fix(docker): add gosu and remove unsupported flags in debian's adduser fix(docker): add gosu and remove unsupported flag in adduser Aug 27, 2024
@mergify mergify bot merged commit ec85aa8 into main Aug 27, 2024
133 checks passed
@mergify mergify bot deleted the fix-rootless-docker branch August 27, 2024 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arya2 arya2 arya2 approved these changes

@conradoplg conradoplg conradoplg left review comments

@upbqdn upbqdn Awaiting requested review from upbqdn upbqdn is a code owner automatically assigned from ZcashFoundation/devops-reviewers

Assignees

@gustavovalverde gustavovalverde

Labels
A-devops Area: Pipelines, CI/CD and Dockerfiles C-bug Category: This is a bug I-build-fail Zebra fails to build P-Critical 🚑
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gustavovalverde @conradoplg @arya2