From 0c508b5df6dd32ba0ad1515ad95a49d33cb7b5f7 Mon Sep 17 00:00:00 2001 From: Devon Bautista Date: Fri, 22 Mar 2024 15:18:15 -0600 Subject: [PATCH 1/3] Dockerfile: Add newline --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e16ed01..9bdfba6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,4 +10,4 @@ COPY opaal /opaal CMD [ "/opaal" ] -ENTRYPOINT [ "/sbin/tini", "--" ] \ No newline at end of file +ENTRYPOINT [ "/sbin/tini", "--" ] From 87abf22916ddf2a7c65dede95182d16f739e9693 Mon Sep 17 00:00:00 2001 From: Devon Bautista Date: Fri, 22 Mar 2024 15:19:07 -0600 Subject: [PATCH 2/3] Dockerfile: Add curl for healthchecking --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9bdfba6..e10db72 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM cgr.dev/chainguard/wolfi-base -RUN apk add --no-cache tini bash +RUN apk add --no-cache tini bash curl # nobody 65534:65534 USER 65534:65534 From e3740c584ea74edc2f68f603e00420f1096d05a1 Mon Sep 17 00:00:00 2001 From: Devon Bautista Date: Fri, 22 Mar 2024 15:19:40 -0600 Subject: [PATCH 3/3] Dockerfile: Use /opaal dir owned by nobody so opaal can write Without this, opaal, running as nobody, tries to write its sqlite db cache file to / which is owned by root. With this, an /opaal directory is created, owned by nobody, and the opaal binary is copied here. That way, it has permission to write its cache file here. Any config can be copied here as well. --- Dockerfile | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e10db72..8b4bb3b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,12 +2,15 @@ FROM cgr.dev/chainguard/wolfi-base RUN apk add --no-cache tini bash curl +RUN mkdir /opaal +RUN chown 65534:65534 /opaal +WORKDIR /opaal + # nobody 65534:65534 USER 65534:65534 +COPY opaal /opaal/opaal -COPY opaal /opaal - -CMD [ "/opaal" ] +CMD [ "/opaal/opaal" ] ENTRYPOINT [ "/sbin/tini", "--" ]