update SMS dockerfiles to run as non-root
Issue-ID: AAF-1102
Signed-off-by: ChrisC <christophe.closset@intl.att.com>, JulienBe <jb379x@att.com>
Change-Id: Idd982a17fd81a599acb57a1eba331706bd22529e
DOCKER_REPOSITORY="nexus3.onap.org:10003"
IMAGE_NAME="${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/${IMAGE}"
TIMESTAMP=$(date +"%Y%m%dT%H%M%S")
DOCKER_REPOSITORY="nexus3.onap.org:10003"
IMAGE_NAME="${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/${IMAGE}"
TIMESTAMP=$(date +"%Y%m%dT%H%M%S")
if [ $HTTP_PROXY ]; then
BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}"
if [ $HTTP_PROXY ]; then
BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}"
LABEL name="aaf-sms-quorumclient"
LABEL version=4.0.0
LABEL maintainer="Girish Havaldar <hg0071052@techmahindra.com>"
LABEL name="aaf-sms-quorumclient"
LABEL version=4.0.0
LABEL maintainer="Girish Havaldar <hg0071052@techmahindra.com>"
-
-RUN mkdir -p /quorumclient/auth
+RUN addgroup aaf && adduser -H -D -g "" -G aaf aaf && \
+ mkdir -p /quorumclient/auth && \
+ chown -R aaf:aaf /quorumclient
ADD aaf_root_ca.cer /quorumclient/certs/aaf_root_ca.cer
ADD quorumclient /quorumclient/bin/quorumclient
RUN chmod +x /quorumclient/bin/quorumclient
ADD aaf_root_ca.cer /quorumclient/certs/aaf_root_ca.cer
ADD quorumclient /quorumclient/bin/quorumclient
RUN chmod +x /quorumclient/bin/quorumclient
WORKDIR /quorumclient
ENTRYPOINT ["/quorumclient/bin/quorumclient"]
WORKDIR /quorumclient
ENTRYPOINT ["/quorumclient/bin/quorumclient"]
LABEL maintainer="vamshi krishna <vn00480215@techmahindra.com>"
EXPOSE 10443
LABEL maintainer="vamshi krishna <vn00480215@techmahindra.com>"
EXPOSE 10443
-
-RUN mkdir -p /sms/auth
+RUN addgroup aaf && adduser -H -D -g "" -G aaf aaf && \
+ mkdir -p /sms/auth && \
+ chown -R aaf:aaf /sms
ADD aaf_root_ca.cer /sms/certs/aaf_root_ca.cer
ADD aaf-sms.pub /sms/certs/aaf-sms.pub
ADD aaf-sms.pr /sms/certs/aaf-sms.pr
ADD aaf_root_ca.cer /sms/certs/aaf_root_ca.cer
ADD aaf-sms.pub /sms/certs/aaf-sms.pub
ADD aaf-sms.pr /sms/certs/aaf-sms.pr
RUN chmod +x /sms/bin/sms
ADD preload /sms/bin/preload
RUN chmod +x /sms/bin/preload
RUN chmod +x /sms/bin/sms
ADD preload /sms/bin/preload
RUN chmod +x /sms/bin/preload
WORKDIR /sms
ENTRYPOINT ["/sms/bin/sms"]
WORKDIR /sms
ENTRYPOINT ["/sms/bin/sms"]