From a783cac49346bffb2b10eb82ef32b1bc929e1328 Mon Sep 17 00:00:00 2001
From: Marcel Bargull <marcel.bargull@udo.edu>
Date: Mon, 16 Oct 2023 20:21:43 +0200
Subject: [PATCH] Add pwck, grpck, ldd checks to Debian base image

Signed-off-by: Marcel Bargull <marcel.bargull@udo.edu>
---
 images/base-glibc-debian-bash/Dockerfile | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/images/base-glibc-debian-bash/Dockerfile b/images/base-glibc-debian-bash/Dockerfile
index 83e869d7..b8df2bf0 100644
--- a/images/base-glibc-debian-bash/Dockerfile
+++ b/images/base-glibc-debian-bash/Dockerfile
@@ -63,6 +63,26 @@ RUN [ ! -f /etc/apt/sources.list ] || sed --in-place= --regexp-extended \
       -mindepth 1 -depth \
       -delete
 
+RUN while IFS=: read _ _ uid gid _ home _ ; do \
+      [ -n "${home##/var/run/*}" ] || home="${home#/var}" \
+      && \
+      [ -d "./${home#/}" ] || [ "${home}" = "/nonexistent" ] && continue ; \
+      mkdir -p "./${home#/}" \
+      && \
+      chown "${uid}:${gid}" "./${home#/}" \
+      && \
+      chmod 775 "./${home#/}" \
+    ; done < ./etc/passwd \
+    && \
+    pwck --read-only --root "$( pwd )" \
+      | { ! grep -v -e 'no changes' -e '/nonexistent' ; } \
+    && \
+    grpck --read-only --root "$( pwd )" \
+    && \
+    find -xdev -type f \
+      | xargs chroot . ldd 2> /dev/null -- \
+      | sed -n '/:/h; /not found/{x;p;x;p}' | { ! grep . ; }
+
 # Bash 4.* did not have default key bindings for control-arrow-key key
 # combinations. Add some for convenience:
 RUN >> /etc/inputrc \