feat: install nonroot user

This commit installs a nonroot user to increase security and fixes bash completion for warchaeology. The jwpr program is removed. The default shell is now bash.
nlnwa · Nov 16, 2023 · 757ad02 · 757ad02
1 parent 9a84885
commit 757ad02
Showing 1 changed file with 45 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -12,11 +12,48 @@ FROM python:3.12-slim-bookworm
 
 LABEL maintainer="[email protected]"
 
-RUN apk add --no-cache jq curl gettext git tree
-RUN pip install warctools
-COPY --from=warchaeology /warc /usr/local/bin/warc
-COPY --from=jwrp /jhove-warc-report-parser /usr/local/bin/jhove-warc-report-parser
-
-WORKDIR /veidemann
-
-CMD ["/bin/sh"]
+# Install dependencies
+RUN apt-get update -y \
+&& apt-get install -y yq xq jq gettext tree bash-completion \
+&& apt-get clean \
+&& rm -rf /var/lib/apt/lists/*
+
+# Create a non-root user
+RUN useradd --create-home --shell /bin/bash nonroot
+USER nonroot
+WORKDIR /home/nonroot
+RUN echo "\n\
+echo \n\
+echo '                                  :-==-.'\n\
+echo '                                .%@@@@@#='\n\ 
+echo '                                #@@@@+'\n\
+echo '                                @@@@#'\n\
+echo '                                %@@@#'\n\ 
+echo '                               -@@@@@.'\n\ 
+echo '                            :+%@@@@@@*'\n\
+echo '                        -+%@@@@@@@@@@@'\n\
+echo '                    :+%@@@@@@@@@@@@@@@-'\n\
+echo '                 -*@@@@@@@@@@@@@#.@@@@:'\n\
+echo '              -*@@@@@@@@@@@@@@%= :@@@%'\n\
+echo '           :*@@@@@@@@@@@@@@%+: .+@@@%.'\n\
+echo '        .=%@@@@@@@@@@@%*=: .-+%@@@@*'\n\
+echo '    .-*%@@@@@@@@##*+===+*#@@@@@@@+.'\n\  
+echo ' .+%@%%%@@@@@@@@@@@@@@@@@@@@@@*-'\n\ 
+echo '          :=+*#%@@@@@@@@@@#-.'\n\    
+echo '                      .=#@@+'\n\
+echo \
+" >> /home/nonroot/.bashrc
+
+# Set the locale (needed for python)
+ENV LANG=C.UTF-8
+# Add local bin to path
+ENV PATH=/home/nonroot/.local/bin:$PATH
+
+# Install warctools
+RUN pip --no-cache-dir install --user warctools
+
+# Install warchaeology
+COPY --from=warchaeology /warc .local/bin/warc
+COPY --from=warchaeology /completions/warc.bash .local/share/bash-completion/completions/warc
+
+ENTRYPOINT ["/bin/bash"]