Last active
December 2, 2020 02:54
-
-
Save subfuzion/412f286479526ef8b231713ab7a1a33d to your computer and use it in GitHub Desktop.
Demonstrate using dart user instead of root. Not strictly a requirement for Dart, but it is for Flutter.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM google/dart | |
RUN \ | |
groupadd --system dart && \ | |
useradd --system --no-log-init --create-home --home /home/dart -g dart dart | |
WORKDIR /app | |
RUN chown dart:dart /app && chmod 775 /app | |
USER dart | |
COPY --chown=dart:dart pubspec.* . | |
RUN chmod 664 pubspec.* | |
RUN pub get | |
COPY --chown=dart:dart . . | |
RUN find . \ | |
\( -type f -exec chmod 664 {} \; \) , \ | |
\( -type d -exec chmod 775 {} \; \) | |
RUN pub get --offline | |
CMD [] | |
ENTRYPOINT ["/usr/bin/dart", "bin/server.dart"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM google/dart | |
# make this work... | |
RUN \ | |
groupadd --system dart && \ | |
useradd -K UMASK=0022 --system --no-log-init --create-home --home /home/dart -g dart dart | |
WORKDIR /app | |
RUN chown dart:dart /app && chmod 775 /app | |
# ...or make this work | |
USER dart UMASK 0077 | |
# ...or make this work | |
COPY --chown=dart:dart --umask=0022 pubspec.* . | |
RUN pub get | |
COPY --chown=dart:dart --umask=0022 . . | |
RUN pub get --offline | |
CMD [] | |
ENTRYPOINT ["/usr/bin/dart", "bin/server.dart"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM google/dart | |
RUN \ | |
groupadd --system dart && \ | |
useradd -K UMASK=0077 --system --no-log-init --create-home --home /home/dart -g dart dart | |
WORKDIR /app | |
RUN chown dart:dart /app && chmod 775 /app | |
USER dart | |
# Will not apply USER umask to copied files | |
COPY --chown=dart:dart pubspec.* . | |
# This will FAIL since pubspec.lock won't have the correct perms for USER | |
# (USER umask is not applied) | |
RUN pub get | |
COPY --chown=dart:dart . . | |
RUN pub get --offline | |
CMD [] | |
ENTRYPOINT ["/usr/bin/dart", "bin/server.dart"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM google/dart | |
RUN \ | |
groupadd --system dart && \ | |
useradd --system --no-log-init --create-home --home /home/dart -g dart dart | |
# Neither of the following will help -- COPY doesn't run as USER | |
RUN echo "umask 0077" >> /etc/profile | |
RUN echo "umask 0077" >> /home/dart/.profile | |
WORKDIR /app | |
RUN chown dart:dart /app && chmod 775 /app | |
USER dart | |
# Will not apply USER umask to copied files | |
COPY --chown=dart:dart pubspec.* . | |
# This will FAIL since pubspec.lock doesn't have the correct perms for USER | |
RUN pub get | |
COPY --chown=dart:dart . . | |
RUN pub get --offline | |
CMD [] | |
ENTRYPOINT ["/usr/bin/dart", "bin/server.dart"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment