search

dotnet / dotnet-docker

Docker images for .NET and the .NET Tools.
https://hub.docker.com/_/microsoft-dotnet
MIT License
4.47k stars 1.94k forks source link

Azure Linux 3.0 and CBL Mariner 2.0 distroless images have hardcoded USER declaration with name instead of UID #5649

Closed lbussell closed 3 months ago

lbussell commented 3 months ago

Azure Linux Distroless images:

https://github.com/dotnet/dotnet-docker/blob/163ebc7ee3a1a2b52aeb0c79ea095a523e6084d3/src/runtime-deps/8.0/cbl-mariner2.0-distroless/amd64/Dockerfile#L73

https://github.com/dotnet/dotnet-docker/blob/163ebc7ee3a1a2b52aeb0c79ea095a523e6084d3/src/runtime-deps/8.0/azurelinux3.0-distroless/amd64/Dockerfile#L73

Ubuntu Chiseled images:

https://github.com/dotnet/dotnet-docker/blob/163ebc7ee3a1a2b52aeb0c79ea095a523e6084d3/src/runtime-deps/8.0/noble-chiseled/amd64/Dockerfile#L56

https://github.com/dotnet/dotnet-docker/blob/163ebc7ee3a1a2b52aeb0c79ea095a523e6084d3/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile#L56

These should all be the same, all using $APP_UID in order to behave well with K8s.

lbussell commented 3 months ago

[Triage] It is too late to make this change for CBL Mariner 2.0 .NET 8 images - it would be a breaking change. We should fix this for Azure Linux 3.0 though.

lbussell commented 3 months ago

Completed for Azure Linux 3.0 in https://github.com/dotnet/dotnet-docker/pull/5677.