From 48c180d0d8b7c8a65adbd8ac967d44ab0799fae5 Mon Sep 17 00:00:00 2001
From: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Date: Wed, 22 Mar 2023 20:58:47 +1300
Subject: [PATCH] fix: Manually create `testssl` user and home

BusyBox `adduser` was reading config from `/etc` that unnecessarily populates the home folder with various dot files.

Alternative approach is to create the user and home folder manually. This avoids some extra files like the `-` suffixed backup copies from `adduser`.
---
 Dockerfile | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a49f3fe..8820cdc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -70,17 +70,17 @@ EOF
 FROM scratch
 ARG INSTALL_ROOT
 COPY --link --from=builder ${INSTALL_ROOT} /
+RUN <<EOF
+  # Create user:
+  echo 'testssl:x:1000:1000::/home/testssl:/bin/bash' >> /etc/passwd
+  echo 'testssl:x:1000:' >> /etc/group
+  echo 'testssl:!::0:::::' >> /etc/shadow
 
-# zypper package `busybox-adduser` fails to install with `--installroot`,
-# while the `shadow` package is too heavy just to add a user.
-#
-# Temporarily bind mount the `/bin` dir from another image that already
-# has the `adduser` command, and it'll update `/etc/{group,passwd,shadow}` for us:
-# Absolute path provided as some base images PATH would use those binaries instead,
-# `adduser` varies in supported args, so this should avoid any surprises:
-RUN --mount=type=bind,from=busybox:latest,source=/bin,target=/bin <<EOF
-  /bin/adduser -D -s /bin/bash testssl
-  /bin/ln -s /home/testssl/testssl.sh /usr/local/bin/
+  # Create user home with SGID set:
+  install --mode 2755 --owner testssl --group testssl --directory /home/testssl
+
+  # Add relative symlink to point to content that will COPY later:
+  ln -sr /home/testssl/testssl.sh /usr/local/bin/
 EOF
 
 USER testssl