From ea4aca29cab453718a0fad73e3b8edecf1b8c1ed Mon Sep 17 00:00:00 2001
From: Georgi Matev <georgi.matev@gmail.com>
Date: Tue, 27 Sep 2022 18:39:03 -0400
Subject: [PATCH] Address some of this issues with the build docker file (#970)

## Description

Addresses some of the latest issues with the Dockerfile
* Go back to Alpine since it is smaller image. `ash` is available as shell so it is ok
* Add `corso` as UID and GUID 1001 for a predictable default user
* Add `/app/corso` as home directory for the `corso` which should address some of the issues around predictably mapping an external folder.
* Add Kopia config that mirrors the Kopia container from https://github.com/kopia/kopia/blob/master/tools/docker/Dockerfile
<!-- Insert PR description-->

## Type of change

<!--- Please check the type of change your PR introduces: --->
- [x] :sunflower: Feature
- [x] :bug: Bugfix
- [ ] :world_map: Documentation
- [ ] :robot: Test
- [ ] :computer: CI/Deployment
- [ ] :hamster: Trivial/Minor

## Issue(s)

* fixes #968

## Test Plan

<!-- How will this be tested prior to merging.-->
- [x] :muscle: Manual
- [ ] :zap: Unit test
- [ ] :green_heart: E2E
---
 build/Dockerfile | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 03c241f1c..652f65d5f 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -3,7 +3,25 @@
 # This dockerfile is configured to be run by the /corso/build/build-container.sh
 # script.  Using docker to build this file directly will fail.
 
-FROM ubuntu:latest
+FROM alpine:3.16
+
+ENV CORSO_HOME /app/corso
+
+# Add a well-know corso user to use by default
+RUN addgroup -g 1001 corso && \
+    adduser --shell /sbin/nologin --disabled-password \
+    --home $CORSO_HOME --uid 1001 --ingroup corso corso
+
+# Update to latest cert bundle in case there are changes
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+
+# Default locations for key Kopia config as set in https://github.com/kopia/kopia/blob/master/tools/docker/Dockerfile
+ENV KOPIA_CONFIG_PATH=$CORSO_HOME/kopia/config/repository.config \
+	KOPIA_LOG_DIR=$CORSO_HOME/kopia/logs \
+	KOPIA_CACHE_DIRECTORY=$CORSO_HOME/kopia/cache \
+	RCLONE_CONFIG=$CORSO_HOME/kopia/rclone/rclone.conf \
+	KOPIA_PERSIST_CREDENTIALS_ON_CONNECT=false \
+	KOPIA_CHECK_FOR_UPDATES=false
 
 WORKDIR /
 
@@ -11,6 +29,6 @@ ARG TARGETOS
 ARG TARGETARCH
 COPY ./bin/${TARGETOS}-${TARGETARCH}/corso ./
 
-USER nobody
+USER corso
 
 ENTRYPOINT ["/corso"]