From e7575aa72e79eb6cd1ddce569b4c0fbd2017e68e Mon Sep 17 00:00:00 2001
From: Fredrik Wrede <fredrik@scaleoutsystems.com>
Date: Tue, 19 Nov 2024 12:20:13 +0000
Subject: [PATCH] fix user + upgrade for security

---
 Dockerfile | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index f4027a865..ec00098ff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -42,7 +42,17 @@ COPY --from=builder /venv /venv
 COPY --from=builder /build /app
 
 # Use a non-root user
-RUN useradd -m appuser && chown -R appuser /venv /app
+RUN set -ex \
+  # Create a non-root user
+  && addgroup --system --gid 1001 appgroup \
+  && adduser --system --uid 1001 --gid 1001 --no-create-home appuser \
+  && chown -R appuser /venv /app \
+  # Upgrade the package index and install security upgrades
+  && apt-get update \
+  && apt-get upgrade -y \
+  && apt-get autoremove -y \
+  && apt-get clean -y \
+  && rm -rf /var/lib/apt/lists/*
 USER appuser
 
 ENTRYPOINT [ "/venv/bin/fedn" ]