This is an automated email from the ASF dual-hosted git repository.
cgivre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git
The following commit(s) were added to refs/heads/master by this push:
new d210b3f Run Drill using a new non-root "drilluser" account, fix
default JDK base image. (#2328)
d210b3f is described below
commit d210b3faf728ea28301131278d7a34d4a7b46f46
Author: James Turton <[email protected]>
AuthorDate: Sun Oct 10 16:56:30 2021 +0200
Run Drill using a new non-root "drilluser" account, fix default JDK base
image. (#2328)
---
Dockerfile | 12 +++++++++---
distribution/Dockerfile | 13 +++++++++++--
2 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index ee70ed4..ac49588 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,7 +24,7 @@
#
# {docker|podman} build \
# --build-arg BUILD_BASE_IMAGE=maven:3.8.2-openjdk-11 \
-# --build-arg BASE_IMAGE=openjdk:11-jre \
+# --build-arg BASE_IMAGE=openjdk:11 \
# -t apache/drill-openjdk-11
# Unless otherwise specified, the intermediate container image will be
@@ -33,7 +33,7 @@ ARG BUILD_BASE_IMAGE=maven:3.8.2-openjdk-8
# Unless otherwise specified, the final container image will be based on
# the following default.
-ARG BASE_IMAGE=openjdk:8-jre
+ARG BASE_IMAGE=openjdk:8
# Uses intermediate image for building Drill to reduce target image size
FROM $BUILD_BASE_IMAGE as build
@@ -56,12 +56,18 @@ RUN VERSION=$(mvn -q -Dexec.executable=echo
-Dexec.args='${project.version}' --n
# Set the BASE_IMAGE build arg when you invoke docker build.
FROM $BASE_IMAGE
-ENV DRILL_HOME=/opt/drill
+ENV DRILL_HOME=/opt/drill DRILL_USER=drilluser
RUN mkdir $DRILL_HOME
COPY --from=build /opt/drill $DRILL_HOME
+RUN groupadd -g 999 $DRILL_USER \
+ && useradd -r -u 999 -g $DRILL_USER $DRILL_USER -m -d /var/lib/drill \
+ && chown -R $DRILL_USER: $DRILL_HOME
+
+USER $DRILL_USER
+
# Starts Drill in embedded mode and connects to Sqlline
ENTRYPOINT $DRILL_HOME/bin/drill-embedded
diff --git a/distribution/Dockerfile b/distribution/Dockerfile
index 27372a6..beacb6d 100644
--- a/distribution/Dockerfile
+++ b/distribution/Dockerfile
@@ -17,16 +17,25 @@
#
# This Dockerfile may be used during development. It adds built binaries from
distribution/target folder
-# into the target image based on openjdk:8u232-jdk image.
+# into the target image based on openjdk:8 image. If you've built Drill using
a JDK version greater than
+# the one in the FROM command in this Dockerfile then you should bump this one
up to match or exceed that.
-FROM openjdk:8u232-jdk
+FROM openjdk:8
# Project version defined in pom.xml is passed as an argument
ARG VERSION
+ENV DRILL_HOME=/opt/drill DRILL_USER=drilluser
+
RUN mkdir /opt/drill
COPY target/apache-drill-$VERSION/apache-drill-$VERSION /opt/drill
+RUN groupadd -g 999 $DRILL_USER \
+ && useradd -r -u 999 -g $DRILL_USER $DRILL_USER -m -d /var/lib/drill \
+ && chown -R $DRILL_USER: $DRILL_HOME
+
+USER $DRILL_USER
+
# Starts Drill in embedded mode and connects to Sqlline
ENTRYPOINT /opt/drill/bin/drill-embedded
