Commit 9bf33c15 authored by Federico Gimenez's avatar Federico Gimenez Committed by Gavin Wood
Browse files

non-root user for running node in Dockerfile (#369)

parent f7f311ae
Pipeline #49450 passed with stages
in 14 minutes and 35 seconds
FROM phusion/baseimage:0.10.1 as builder
FROM phusion/baseimage:0.10.2 as builder
LABEL maintainer "chevdor@gmail.com"
LABEL description="This is the build stage for Polkadot. Here we create the binary."
......@@ -17,7 +17,7 @@ RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \
# ===== SECOND STAGE ======
FROM phusion/baseimage:0.10.0
FROM phusion/baseimage:0.10.2
LABEL maintainer "chevdor@gmail.com"
LABEL description="This is the 2nd stage: a very small image where we copy the Polkadot binary."
ARG PROFILE=release
......@@ -27,11 +27,13 @@ RUN mv /usr/share/ca* /tmp && \
rm -rf /usr/share/* && \
mv /tmp/ca-certificates /usr/share/ && \
rm -rf /usr/lib/python* && \
mkdir -p /root/.local/share/polkadot && \
ln -s /root/.local/share/polkadot /data
RUN rm -rf /usr/bin /usr/sbin
rm -rf /usr/bin /usr/sbin && \
useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
mkdir -p /polkadot/.local/share/polkadot && \
chown -R polkadot:polkadot /polkadot/.local && \
ln -s /polkadot/.local/share/polkadot /data
USER polkadot
EXPOSE 30333 9933 9944
VOLUME ["/data"]
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment