Docker: Allow selection of (unprivileged) UID/GID at build time (#418)

* Docker: use custom non-root UID/GID (build-arg)
2022-04-03 12:55:15 +00:00
parent 9c31ceb2c5
commit bb0891cd7d
3 changed files with 47 additions and 2 deletions
--- a/17
+++ b/17
@@ -14,12 +14,27 @@ ENV GO111MODULE=on
 # build & install server
 RUN CGO_ENABLED=0 go build -tags netgo -ldflags "-X github.com/dutchcoders/transfer.sh/cmd.Version=$(git describe --tags) -a -s -w -extldflags '-static'" -o /go/bin/transfersh

+ARG PUID=5000 \
+    PGID=5000 \
+    RUNAS
+
+RUN mkdir -p /tmp/useradd && \
+    if [ ! -z "$RUNAS" ]; then \
+    echo "${RUNAS}:x:${PUID}:${PGID}::/nonexistent:/sbin/nologin" >> /tmp/useradd/passwd && \
+    echo "${RUNAS}:!:::::::" >> /tmp/useradd/shadow && \
+    echo "${RUNAS}:x:${PGID}:" >> /tmp/useradd/group && \
+    echo "${RUNAS}:!::" >> /tmp/useradd/groupshadow; else touch /tmp/useradd/unused; fi
+
 FROM scratch AS final
 LABEL maintainer="Andrea Spacca <andrea.spacca@gmail.com>"
+ARG RUNAS

-COPY --from=build  /go/bin/transfersh /go/bin/transfersh
+COPY --from=build /tmp/useradd/* /etc/
+COPY --from=build --chown=${RUNAS}  /go/bin/transfersh /go/bin/transfersh
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

+USER ${RUNAS}
+
 ENTRYPOINT ["/go/bin/transfersh", "--listener", ":8080"]

 EXPOSE 8080