This is an automated email from the ASF dual-hosted git repository.
gaborgsomogyi pushed a commit to branch dev-master
in repository https://gitbox.apache.org/repos/asf/flink-docker.git
The following commit(s) were added to refs/heads/dev-master by this push:
new 9d9b8ce [FLINK-37881] Drop gosu in favour of Dockerfile USER
9d9b8ce is described below
commit 9d9b8ce5f1ded49ebb1c6ab3891275f855110a72
Author: Avi Sanwal <[email protected]>
AuthorDate: Tue Nov 18 17:35:04 2025 +0530
[FLINK-37881] Drop gosu in favour of Dockerfile USER
---
Dockerfile-ubuntu.template | 19 +------------------
docker-entrypoint.sh | 25 ++++++++++---------------
2 files changed, 11 insertions(+), 33 deletions(-)
diff --git a/Dockerfile-ubuntu.template b/Dockerfile-ubuntu.template
index 928756c..47edd78 100644
--- a/Dockerfile-ubuntu.template
+++ b/Dockerfile-ubuntu.template
@@ -24,24 +24,6 @@ RUN set -ex; \
apt-get -y install gpg libsnappy1v5 gettext-base libjemalloc-dev; \
rm -rf /var/lib/apt/lists/*
-# Grab gosu for easy step-down from root
-ENV GOSU_VERSION 1.11
-RUN set -ex; \
- wget -nv -O /usr/local/bin/gosu
"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg
--print-architecture)"; \
- wget -nv -O /usr/local/bin/gosu.asc
"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg
--print-architecture).asc"; \
- export GNUPGHOME="$(mktemp -d)"; \
- for server in hkps://keys.openpgp.org $(shuf -e \
- keyserver.ubuntu.com \
- hkp://keyserver.ubuntu.com:80 \
- pgp.mit.edu) ; do \
- gpg --batch --keyserver "$server" --recv-keys
B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \
- done && \
- gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
- chmod +x /usr/local/bin/gosu; \
- gosu nobody true
-
# Configure Flink version
ENV FLINK_TGZ_URL=%%BINARY_DOWNLOAD_URL%% \
FLINK_ASC_URL=%%ASC_DOWNLOAD_URL%% \
@@ -88,6 +70,7 @@ RUN set -ex; \
"-rmKV" "taskmanager.host=localhost";
# Configure container
+USER flink
COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE 6123 8081
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index e081109..cf63daa 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -25,16 +25,9 @@ COMMAND_HISTORY_SERVER="history-server"
JOB_MANAGER_RPC_ADDRESS=${JOB_MANAGER_RPC_ADDRESS:-$(hostname -f)}
CONF_FILE_DIR="${FLINK_HOME}/conf"
-drop_privs_cmd() {
- if [ $(id -u) != 0 ]; then
- # Don't need to drop privs if EUID != 0
- return
- elif [ -x /sbin/su-exec ]; then
- # Alpine
- echo su-exec flink
- else
- # Others
- echo gosu flink
+check_priv_user() {
+ if [ $(id -u) == 0 ]; then
+ echo "WARNING: Running as root user is not recommended. Please use a
non-root user to run Flink."
fi
}
@@ -146,6 +139,8 @@ maybe_enable_jemalloc() {
fi
}
+check_priv_user
+
maybe_enable_jemalloc
copy_plugins_if_required
@@ -163,28 +158,28 @@ elif [ "$1" = "jobmanager" ]; then
echo "Starting Job Manager"
- exec $(drop_privs_cmd) "$FLINK_HOME/bin/jobmanager.sh" start-foreground
"${args[@]}"
+ exec "$FLINK_HOME/bin/jobmanager.sh" start-foreground "${args[@]}"
elif [ "$1" = ${COMMAND_STANDALONE} ]; then
args=("${args[@]:1}")
echo "Starting Job Manager"
- exec $(drop_privs_cmd) "$FLINK_HOME/bin/standalone-job.sh"
start-foreground "${args[@]}"
+ exec "$FLINK_HOME/bin/standalone-job.sh" start-foreground "${args[@]}"
elif [ "$1" = ${COMMAND_HISTORY_SERVER} ]; then
args=("${args[@]:1}")
echo "Starting History Server"
- exec $(drop_privs_cmd) "$FLINK_HOME/bin/historyserver.sh" start-foreground
"${args[@]}"
+ exec "$FLINK_HOME/bin/historyserver.sh" start-foreground "${args[@]}"
elif [ "$1" = "taskmanager" ]; then
args=("${args[@]:1}")
echo "Starting Task Manager"
- exec $(drop_privs_cmd) "$FLINK_HOME/bin/taskmanager.sh" start-foreground
"${args[@]}"
+ exec "$FLINK_HOME/bin/taskmanager.sh" start-foreground "${args[@]}"
fi
args=("${args[@]}")
# Running command in pass-through mode
-exec $(drop_privs_cmd) "${args[@]}"
+exec "${args[@]}"
