Skip to content

Commit 0569a81

Browse files
jonasbardinojonasbardino
committed
Add -l to useradd command as suggested by hadolint (DL3046) to avoid
excessive image size. Properly anchor `*.key` to prevent option interference as recommended by ShellCheck (SC2035).
1 parent 7e8df65 commit 0569a81

File tree

2 files changed

+8
-6
lines changed

2 files changed

+8
-6
lines changed

Dockerfile.rocky8

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -628,7 +628,8 @@ ENV USER=mig
628628
ENV GROUP=mig
629629

630630
RUN groupadd -g $GID $USER
631-
RUN useradd -u $UID -g $GID -ms /bin/bash $USER
631+
# NOTE: use -l to avoid excessively large image (hadolint hint)
632+
RUN useradd -l -u $UID -g $GID -ms /bin/bash $USER
632633

633634
# MiG environment
634635
ENV MIG_ROOT=/home/$USER
@@ -703,8 +704,8 @@ RUN if [ ! -e "${CERT_DIR}/.persistent" ]; then \
703704
&& chown $USER:$GROUP combined.pem \
704705
&& chown $USER:$GROUP server.ca.pem \
705706
&& ssh-keygen -y -f combined.pem > combined.pub \
706-
&& chown 0:0 *.key server.crt ca.pem \
707-
&& chmod 400 *.key server.crt ca.pem combined.pem server.ca.pem \
707+
&& chown 0:0 ./*.key server.crt ca.pem \
708+
&& chmod 400 ./*.key server.crt ca.pem combined.pem server.ca.pem \
708709
&& openssl x509 -noout -fingerprint -sha256 -in combined.pem | \
709710
sed 's/.* Fingerprint=//g' > combined.pem.sha256 \
710711
&& ssh-keygen -l -E md5 -f combined.pub | \

Dockerfile.rocky9

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -587,7 +587,8 @@ ENV USER=mig
587587
ENV GROUP=mig
588588

589589
RUN groupadd -g $GID $USER
590-
RUN useradd -u $UID -g $GID -ms /bin/bash $USER
590+
# NOTE: use -l to avoid excessively large image (hadolint hint)
591+
RUN useradd -l -u $UID -g $GID -ms /bin/bash $USER
591592

592593
# MiG environment
593594
ENV MIG_ROOT=/home/$USER
@@ -662,8 +663,8 @@ RUN if [ ! -e "${CERT_DIR}/.persistent" ]; then \
662663
&& chown $USER:$GROUP combined.pem \
663664
&& chown $USER:$GROUP server.ca.pem \
664665
&& ssh-keygen -y -f combined.pem > combined.pub \
665-
&& chown 0:0 *.key server.crt ca.pem \
666-
&& chmod 400 *.key server.crt ca.pem combined.pem server.ca.pem \
666+
&& chown 0:0 ./*.key server.crt ca.pem \
667+
&& chmod 400 ./*.key server.crt ca.pem combined.pem server.ca.pem \
667668
&& openssl x509 -noout -fingerprint -sha256 -in combined.pem | \
668669
sed 's/.* Fingerprint=//g' > combined.pem.sha256 \
669670
&& ssh-keygen -l -E md5 -f combined.pub | \

0 commit comments

Comments
 (0)