diff --git a/bitnami/parse/3/debian-9/Dockerfile b/bitnami/parse/3/debian-9/Dockerfile index 5cadb49f1609..729aa656da95 100644 --- a/bitnami/parse/3/debian-9/Dockerfile +++ b/bitnami/parse/3/debian-9/Dockerfile @@ -1,19 +1,23 @@ -FROM bitnami/minideb-extras:stretch-r218 +FROM bitnami/minideb-extras:stretch-r219 LABEL maintainer "Bitnami " +ENV BITNAMI_PKG_CHMOD="-R g+rwX" \ + HOME="/" + # Install required system packages and dependencies RUN install_packages ghostscript imagemagick libbz2-1.0 libc6 libgcc1 libncurses5 libpcap0.8 libreadline7 libsqlite3-0 libssl1.1 libstdc++6 libtinfo5 zlib1g -RUN bitnami-pkg install node-8.14.0-0 --checksum d1abd89f77402e373b6bd1549f8ae95d21f46aaf0921a97c2d5a23fe3f03c07b +RUN bitnami-pkg install node-8.14.0-20 --checksum 408efbaecc9a5d5aa93f0e1755a15f5fe29c08d37baaac3900c9f02551d6da2b RUN bitnami-pkg install mongodb-client-3.7.9-0 --checksum 8886d69851b2ae39765fe13c89589bfe2375e89296d6ef50c466a127bce82019 -RUN bitnami-pkg unpack parse-3.1.2-1 --checksum 3862f7f5a3b1f8c655c980f34728dc980b5a556c916b44c52f11f77373fd0b6e +RUN bitnami-pkg unpack parse-3.1.2-20 --checksum 9bfae1d99b2a9fa5d5d59486338607bed7651512f66e8e39b8928776863fbced COPY rootfs / ENV BITNAMI_APP_NAME="parse" \ - BITNAMI_IMAGE_VERSION="3.1.2-debian-9-r13" \ + BITNAMI_IMAGE_VERSION="3.1.2-debian-9-r14" \ MONGODB_HOST="mongodb" \ MONGODB_PASSWORD="" \ MONGODB_PORT_NUMBER="27017" \ MONGODB_USER="root" \ + NAMI_PREFIX="/.nami" \ PARSE_APP_ID="myappID" \ PARSE_ENABLE_CLOUD_CODE="no" \ PARSE_HOST="127.0.0.1" \ @@ -24,5 +28,6 @@ ENV BITNAMI_APP_NAME="parse" \ EXPOSE 1337 +USER 1001 ENTRYPOINT [ "/app-entrypoint.sh" ] -CMD [ "nami", "start", "--foreground", "parse" ] +CMD [ "/run.sh" ] diff --git a/bitnami/parse/3/debian-9/rootfs/app-entrypoint.sh b/bitnami/parse/3/debian-9/rootfs/app-entrypoint.sh index bde159da0d84..1c16ec7d570b 100755 --- a/bitnami/parse/3/debian-9/rootfs/app-entrypoint.sh +++ b/bitnami/parse/3/debian-9/rootfs/app-entrypoint.sh @@ -5,7 +5,7 @@ print_welcome_page -if [[ "$1" == "nami" && "$2" == "start" ]] || [[ "$1" == "/init.sh" ]]; then +if [[ "$1" == "nami" && "$2" == "start" ]] || [[ "$1" == "/run.sh" ]]; then nami_initialize parse info "Starting parse... " fi diff --git a/bitnami/parse/3/debian-9/rootfs/run.sh b/bitnami/parse/3/debian-9/rootfs/run.sh new file mode 100755 index 000000000000..cb47f1906015 --- /dev/null +++ b/bitnami/parse/3/debian-9/rootfs/run.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +. /opt/bitnami/base/functions +. /opt/bitnami/base/helpers + +USER=parse +DAEMON=parse-server +EXEC=$(which $DAEMON) +START_COMMAND="${EXEC} /opt/bitnami/parse/config.json" + +# If container is started as `root` user +if [ $EUID -eq 0 ]; then + exec gosu "${USER}" bash -c "${START_COMMAND}" +else + exec bash -c "${START_COMMAND}" +fi diff --git a/bitnami/parse/README.md b/bitnami/parse/README.md index 46e01470198c..c4a4b20c2fa5 100644 --- a/bitnami/parse/README.md +++ b/bitnami/parse/README.md @@ -40,6 +40,10 @@ Deploying Bitnami applications as Helm Charts is the easiest way to get started Bitnami containers can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +# Why use a non-root container? + +Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.bitnami.com/containers/how-to/work-with-non-root-containers/). + # Supported tags and respective `Dockerfile` links > NOTE: Debian 8 images have been deprecated in favor of Debian 9 images. Bitnami will not longer publish new Docker images based on Debian 8. @@ -48,7 +52,7 @@ Learn more about the Bitnami tagging policy and the difference between rolling t * [`3-ol-7`, `3.1.2-ol-7-r14` (3/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-parse/blob/3.1.2-ol-7-r14/3/ol-7/Dockerfile) -* [`3-debian-9`, `3.1.2-debian-9-r13`, `3`, `3.1.2`, `3.1.2-r13`, `latest` (3/debian-9/Dockerfile)](https://github.com/bitnami/bitnami-docker-parse/blob/3.1.2-debian-9-r13/3/debian-9/Dockerfile) +* [`3-debian-9`, `3.1.2-debian-9-r14`, `3`, `3.1.2`, `3.1.2-r14`, `latest` (3/debian-9/Dockerfile)](https://github.com/bitnami/bitnami-docker-parse/blob/3.1.2-debian-9-r14/3/debian-9/Dockerfile) Subscribe to project updates by watching the [bitnami/parse GitHub repo](https://github.com/bitnami/bitnami-docker-parse). @@ -316,6 +320,12 @@ $ docker-compose up -d Find more information about Cloud Code and Cloud functions in the [official documentation](https://docs.parseplatform.org/cloudcode/guide/). +# Notable Changes + +## 3.1.2-r14 + +- The Parse container has been migrated to a non-root user approach. Previously the container ran as the `root` user and the Parse daemon was started as the `parse` user. From now on, both the container and the Parse daemon run as user `1001`. As a consequence, the data directory must be writable by that user. You can revert this behavior by changing `USER 1001` to `USER root` in the Dockerfile. + # Contributing We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/bitnami-docker-parse/issues), or submit a [pull request](https://github.com/bitnami/bitnami-docker-parse/pulls) with your contribution.