Addshore has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/381363 )
Change subject: docker: use nobody user instead of creating custom users ...................................................................... docker: use nobody user instead of creating custom users Change-Id: I7ed2491cbab251c16977f1f39b0c1881c2416e70 --- M dockerfiles/composer/Dockerfile M dockerfiles/mediawiki-phan/Dockerfile M dockerfiles/php-mediawiki/Dockerfile M dockerfiles/php/Dockerfile 4 files changed, 6 insertions(+), 13 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/integration/config refs/changes/63/381363/1 diff --git a/dockerfiles/composer/Dockerfile b/dockerfiles/composer/Dockerfile index cebac5e..925c585 100644 --- a/dockerfiles/composer/Dockerfile +++ b/dockerfiles/composer/Dockerfile @@ -7,9 +7,6 @@ RUN git clone --depth 1 https://gerrit.wikimedia.org/r/p/integration/composer.git /srv/composer && \ rm -rf /srv/composer/.git -RUN groupadd -r composer && useradd --no-log-init -r -g composer composer - -USER composer - +USER nobody ENTRYPOINT ["/srv/composer/vendor/bin/composer"] CMD ["help"] diff --git a/dockerfiles/mediawiki-phan/Dockerfile b/dockerfiles/mediawiki-phan/Dockerfile index cba34ea..bf8745a 100644 --- a/dockerfiles/mediawiki-phan/Dockerfile +++ b/dockerfiles/mediawiki-phan/Dockerfile @@ -6,16 +6,14 @@ COPY --from=composer /srv/composer /srv/composer -RUN groupadd -r phan && \ - useradd --no-log-init --system --create-home -g phan phan && \ - install -d /srv/phan -o phan -g phan +RUN install -d /srv/phan -o nobody ENV PHAN /srv/phan/vendor/bin/phan -USER phan +USER nobody RUN cd /srv/phan && \ /srv/composer/vendor/bin/composer require etsy/phan:0.8 && \ - rm -rf ~/.composer + rm -rf /cache/* ENTRYPOINT ["/mediawiki/tests/phan/bin/phan"] diff --git a/dockerfiles/php-mediawiki/Dockerfile b/dockerfiles/php-mediawiki/Dockerfile index 7fbf8d3..1d31687 100644 --- a/dockerfiles/php-mediawiki/Dockerfile +++ b/dockerfiles/php-mediawiki/Dockerfile @@ -19,4 +19,4 @@ apt-get autoremove --yes && apt-get clean && rm -rf /var/lib/apt/lists/* && \ rm /etc/apt/sources.list.d/php.list -USER php \ No newline at end of file +USER nobody diff --git a/dockerfiles/php/Dockerfile b/dockerfiles/php/Dockerfile index 08f7e2e..ee511e2 100644 --- a/dockerfiles/php/Dockerfile +++ b/dockerfiles/php/Dockerfile @@ -16,9 +16,7 @@ apt-get autoremove --yes && apt-get clean && rm -rf /var/lib/apt/lists/* && \ rm /etc/apt/sources.list.d/php.list -RUN groupadd -r php && useradd --no-log-init -r -g php php - -USER php +USER nobody ENTRYPOINT ["php"] CMD ["--help"] -- To view, visit https://gerrit.wikimedia.org/r/381363 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7ed2491cbab251c16977f1f39b0c1881c2416e70 Gerrit-PatchSet: 1 Gerrit-Project: integration/config Gerrit-Branch: master Gerrit-Owner: Addshore <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
