From 757ad02f5a597117057ea9b0424f23ec9d926b44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marius=20Andr=C3=A9=20Elsfjordstrand=20Beck?=
 <marius.beck@nb.no>
Date: Thu, 16 Nov 2023 21:11:01 +0100
Subject: [PATCH] feat: install nonroot user

This commit installs a nonroot user to increase security and fixes bash
completion for warchaeology.

The jwpr program is removed.

The default shell is now bash.
---
 Dockerfile | 53 +++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 45 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 792e006..be3af4c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,11 +12,48 @@ FROM python:3.12-slim-bookworm
 
 LABEL maintainer="marius.beck@nb.no"
 
-RUN apk add --no-cache jq curl gettext git tree
-RUN pip install warctools
-COPY --from=warchaeology /warc /usr/local/bin/warc
-COPY --from=jwrp /jhove-warc-report-parser /usr/local/bin/jhove-warc-report-parser
-
-WORKDIR /veidemann
-
-CMD ["/bin/sh"]
+# Install dependencies
+RUN apt-get update -y \
+&& apt-get install -y yq xq jq gettext tree bash-completion \
+&& apt-get clean \
+&& rm -rf /var/lib/apt/lists/*
+
+# Create a non-root user
+RUN useradd --create-home --shell /bin/bash nonroot
+USER nonroot
+WORKDIR /home/nonroot
+RUN echo "\n\
+echo \n\
+echo '                                  :-==-.'\n\
+echo '                                .%@@@@@#='\n\ 
+echo '                                #@@@@+'\n\
+echo '                                @@@@#'\n\
+echo '                                %@@@#'\n\ 
+echo '                               -@@@@@.'\n\ 
+echo '                            :+%@@@@@@*'\n\
+echo '                        -+%@@@@@@@@@@@'\n\
+echo '                    :+%@@@@@@@@@@@@@@@-'\n\
+echo '                 -*@@@@@@@@@@@@@#.@@@@:'\n\
+echo '              -*@@@@@@@@@@@@@@%= :@@@%'\n\
+echo '           :*@@@@@@@@@@@@@@%+: .+@@@%.'\n\
+echo '        .=%@@@@@@@@@@@%*=: .-+%@@@@*'\n\
+echo '    .-*%@@@@@@@@##*+===+*#@@@@@@@+.'\n\  
+echo ' .+%@%%%@@@@@@@@@@@@@@@@@@@@@@*-'\n\ 
+echo '          :=+*#%@@@@@@@@@@#-.'\n\    
+echo '                      .=#@@+'\n\
+echo \
+" >> /home/nonroot/.bashrc
+
+# Set the locale (needed for python)
+ENV LANG=C.UTF-8
+# Add local bin to path
+ENV PATH=/home/nonroot/.local/bin:$PATH
+
+# Install warctools
+RUN pip --no-cache-dir install --user warctools
+
+# Install warchaeology
+COPY --from=warchaeology /warc .local/bin/warc
+COPY --from=warchaeology /completions/warc.bash .local/share/bash-completion/completions/warc
+
+ENTRYPOINT ["/bin/bash"]