add optional debug tools (#51)

* if DEBUG=1, add more tools/sudo and disable defanging * hadolint fix * ignore dockle warning about sudo
LabKey · Nov 16, 2023 · 0e0c5b8 · 0e0c5b8
1 parent 0a7eaa9
commit 0e0c5b8
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/.github/workflows/dockle_xeol.yml b/.github/workflows/dockle_xeol.yml
@@ -28,7 +28,7 @@ jobs:
           format: 'list'
           exit-code: '1'
           exit-level: 'warn'
-          ignore: 'CIS-DI-0005,CIS-DI-0009,CIS-DI-0010'
+          ignore: 'CIS-DI-0005,CIS-DI-0009,CIS-DI-0010,DKL-DI-0001'
       - name: Run xeol on helloworld image
         uses: noqcks/[email protected]
         with:

diff --git a/Dockerfile b/Dockerfile
@@ -150,9 +150,17 @@ RUN [ -n "${DEBUG}" ] && set -x; \
             gettext-base=0.21-4ubuntu4 \
             unzip=6.0-26ubuntu3.1 \
             ; \
-        [ -n "${DEBUG}" ] && apt-get -yq --no-install-recommends install tree=2.0.2-1; \
+        [ -n "${DEBUG}" ] && apt-get -yq --no-install-recommends install \
+            iputils-ping=3:20211215-1 \
+            less=590-1ubuntu0.22.04.1 \
+            netcat=1.218-4ubuntu1 \
+            postgresql-client=14+238 \
+            sudo=1.9.9-1ubuntu2.4 \
+            tree=2.0.2-1 \
+            vim=2:8.2.3995-1ubuntu2.13 \
+            ; \
         apt-get -yq upgrade; \
-        apt-get -yq clean all && rm -rf /var/lib/apt/lists/*; \
+        [ -z "${DEBUG}" ] && apt-get -yq clean all && rm -rf /var/lib/apt/lists/*; \
         \
         groupadd -r labkey \
             --gid=2005; \
@@ -163,9 +171,10 @@ RUN [ -n "${DEBUG}" ] && set -x; \
             --shell=/bin/bash \
             labkey; \
         \
-        chmod u-s /usr/bin/su /usr/bin/mount /usr/bin/chfn /usr/bin/gpasswd /usr/bin/newgrp /usr/bin/umount /usr/bin/chsh /usr/bin/passwd; \
-        chmod g-s /usr/bin/expiry /usr/bin/chage /usr/bin/wall /usr/sbin/pam_extrausers_chkpwd /usr/sbin/unix_chkpwd; \
-    rm -rfv /var/lib/apt/lists; \
+        [ -n "${DEBUG}" ] && adduser labkey sudo && echo "labkey  ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/labkey; \
+        [ -z "${DEBUG}" ] && chmod u-s /usr/bin/su /usr/bin/mount /usr/bin/chfn /usr/bin/gpasswd /usr/bin/newgrp /usr/bin/umount /usr/bin/chsh /usr/bin/passwd; \
+        [ -z "${DEBUG}" ] && chmod g-s /usr/bin/expiry /usr/bin/chage /usr/bin/wall /usr/sbin/pam_extrausers_chkpwd /usr/sbin/unix_chkpwd; \
+    [ -z "${DEBUG}" ] && rm -rfv /var/lib/apt/lists; \
     fi; \
     \
     mkdir -pv \
@@ -252,7 +261,7 @@ EXPOSE ${LABKEY_PORT}
 STOPSIGNAL SIGTERM
 
 # defang
-RUN find / -xdev -perm /6000 -type f -exec chmod a-s {} \; || true
+RUN [ -z "${DEBUG}" ] && (find / -xdev -perm /6000 -type f -exec chmod a-s {} \; || true)
 
 USER labkey