Skip to content

Add findutils & STACKABLE_USER_NAME #535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 9, 2025
Merged

Add findutils & STACKABLE_USER_NAME #535

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions template/docker/Dockerfile.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ ARG RELEASE="1"
# These are chosen at random and are this high on purpose to have very little chance to clash with an existing user or group on the host system
ARG STACKABLE_USER_GID="574654813"
ARG STACKABLE_USER_UID="782252253"
ARG STACKABLE_USER_NAME="stackable"

# Sets the default shell to Bash with strict error handling and robust pipeline processing.
# "-e": Exits immediately if a command exits with a non-zero status
Expand Down Expand Up @@ -95,6 +96,12 @@ RUN <<EOF
# Update image and install kerberos client libraries as well as some other utilities
microdnf update

# **findutils**
# Needed to find all patch files, used in `apply_patches.sh`, and helpful for debugging
# Added 2024-10: Last vulnerability in 2007, only two vulnerabilities in total, a risk we accept
# https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&isCpeNameSearch=false&cpe_vendor=cpe%3A%2F%3Agnu&cpe_product=cpe%3A%2F%3Agnu%3Afindutils
# cpe:2.3:a:gnu:findutils:*:*:*:*:*:*:*:*
#
# **iputils**
# To make debugging easier, includes things like ping
# Added 2024-03: We cannot find any vulnerabilities in the past years
Expand All @@ -120,6 +127,7 @@ microdnf update
# NOTE (@NickLarsenNZ): Maybe we should consider pinning package versions?
# hadolint ignore=DL3041
microdnf install \
findutils \
iputils \
krb5-libs \
less \
Expand All @@ -128,7 +136,7 @@ microdnf install \
shadow-utils \
tar

groupadd --gid ${STACKABLE_USER_GID} --system stackable
groupadd --gid ${STACKABLE_USER_GID} --system ${STACKABLE_USER_NAME}
# The --no-log-init is required to work around a bug/problem in Go/Docker when very large UIDs are used
# See https://github.com/moby/moby/issues/5419#issuecomment-41478290 for more context
# Making this a system user prevents a mail dir from being created, expiry of passwords etc. but it will warn:
Expand All @@ -142,7 +150,7 @@ useradd \
--system \
--create-home \
--home-dir /stackable \
stackable
${STACKABLE_USER_NAME}
microdnf remove shadow-utils
microdnf clean all
rm -rf /var/cache/yum
Expand Down