Skip to content

Creates non root user in Dockerfile #1429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 27, 2018
Merged

Creates non root user in Dockerfile #1429

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
venv/
.buildozer/
**/.pytest_cache/
.tox/
bin/
*.pyc
**/__pycache__
*.egg-info/
25 changes: 19 additions & 6 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@
FROM ubuntu:18.04


ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
# get the latest version from https://developer.android.com/ndk/downloads/index.html
ENV ANDROID_NDK_VERSION="16b"
# get the latest version from https://www.crystax.net/en/download
Expand All @@ -36,7 +40,7 @@ ENV ANDROID_NDK_DL_URL="https://dl.google.com/android/repository/${ANDROID_NDK_A

# install system dependencies
RUN apt update -qq && apt install -qq --yes --no-install-recommends \
python virtualenv python-pip wget curl lbzip2 patch bsdtar && \
python virtualenv python-pip wget curl lbzip2 patch bsdtar sudo && \
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added sudo because it could still be useful on interactive shell

rm -rf /var/lib/apt/lists/*

# build dependencies
Expand All @@ -46,7 +50,6 @@ RUN dpkg --add-architecture i386 && apt update -qq && apt install -qq --yes --n
libpangox-1.0-0:i386 libpangoxft-1.0-0:i386 libidn11:i386 python2.7 python2.7-dev \
openjdk-8-jdk unzip zlib1g-dev zlib1g:i386 && \
rm -rf /var/lib/apt/lists/*
RUN pip install --quiet --upgrade cython==0.21

# download and install Android NDK
RUN curl --location --progress-bar "${ANDROID_NDK_DL_URL}" --output "${ANDROID_NDK_ARCHIVE}" && \
Expand Down Expand Up @@ -80,10 +83,20 @@ RUN curl --location --progress-bar "${ANDROID_SDK_TOOLS_DL_URL}" --output "${AND
RUN mkdir --parents "${ANDROID_SDK_HOME}/.android/" && \
echo '### User Sources for Android SDK Manager' > "${ANDROID_SDK_HOME}/.android/repositories.cfg"
RUN yes | "${ANDROID_SDK_HOME}/tools/bin/sdkmanager" --licenses
RUN "${ANDROID_SDK_HOME}/tools/bin/sdkmanager" "platforms;android-19"
RUN "${ANDROID_SDK_HOME}/tools/bin/sdkmanager" "build-tools;26.0.2"
RUN "${ANDROID_SDK_HOME}/tools/bin/sdkmanager" "platforms;android-19" && \
"${ANDROID_SDK_HOME}/tools/bin/sdkmanager" "build-tools;26.0.2" && \
chmod +x "${ANDROID_SDK_HOME}/tools/bin/avdmanager"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non root user also need execution rights, hence the chmod


# prepare non root env
RUN useradd --create-home --shell /bin/bash ${USER}
# with sudo access and no password
RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
RUN pip install --quiet --upgrade cython==0.21
WORKDIR ${WORK_DIR}
COPY . ${WORK_DIR}
# user needs ownership/write access to these directories
RUN chown --recursive ${USER} ${WORK_DIR} ${ANDROID_SDK_HOME}
USER ${USER}
# install python-for-android from current branch
WORKDIR /app
COPY . /app
RUN virtualenv --python=python venv && . venv/bin/activate && pip install --quiet -e .