| commit | 2214e7e2d71ea19265685b53365a074c70d1e0b0 | |
| author | Murph Murphy <murph@clurictec.com> | |
| Mon, 14 Nov 2022 20:39:25 +0000 (14 13:39 -0700) | ||
| committer | Murph Murphy <murph@clurictec.com> | |
| Mon, 14 Nov 2022 20:39:25 +0000 (14 13:39 -0700) | ||
| tree | d84fc2d6e4eaf057ec44b6210910508c2443442e | treesnapshot (tar.gz zip) |
| parent | 9ee63e99a1d12bcfb0a18fdab65bcb9e39d4bc78 | commitdiff |
Fix git security issue with docker build
Make the docker user id and group id match the running user's, so that
files built by the container are seen as owned by the current user. Also
set the current directory as "safe" in git so it's able to inspect the
git history.
_note_: this will successfully run in a rootless docker install, but the
created files will have random uid/guids. You'll have to sudo to delete
them or chown them. For normal docker installs there should be no
issues. See [this issue](https://github.com/moby/moby/issues/41497) to
track the rootless problem on the docker side.
Make the docker user id and group id match the running user's, so that
files built by the container are seen as owned by the current user. Also
set the current directory as "safe" in git so it's able to inspect the
git history.
_note_: this will successfully run in a rootless docker install, but the
created files will have random uid/guids. You'll have to sudo to delete
them or chown them. For normal docker installs there should be no
issues. See [this issue](https://github.com/moby/moby/issues/41497) to
track the rootless problem on the docker side.
| Dockerfile | diffblobblamehistory | |
| build.sh | diffblobblamehistory |