From 31fa0577bd75f5631816f02ab7603bc4ab5e4dc2 Mon Sep 17 00:00:00 2001
From: Daniel Thamdrup <dallemon@protonmail.com>
Date: Thu, 25 Jan 2024 00:04:53 +0100
Subject: [PATCH] use chainguard image as base

Signed-off-by: Daniel Thamdrup <dallemon@protonmail.com>
---
 Dockerfile | 24 ++++++++----------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 75decec..87a3f24 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,13 @@
-FROM python:3-slim
-
-WORKDIR /
-
-# Update the image to remediate any vulnerabilities.
-RUN apt clean && apt update && apt -y dist-upgrade && apt clean && rm -rf /var/lib/apt/lists/*
-
-# Remove suid & sgid bits from all files.
-RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
-
+#syntax=docker/dockerfile:1.6.0
+FROM scratch AS tmp
 # Copy the ssh-audit code.
-COPY ssh-audit.py .
-COPY src/ .
+COPY ssh-audit.py /home/nonroot/
+COPY src/ /home/nonroot/
 
+FROM cgr.dev/chainguard/python:latest AS runtime
+# Copy files collected in tmp container
+COPY --from=tmp --chown=nonroot:nonroot /home/nonroot/ /home/nonroot/
 # Allow listening on 2222/tcp for client auditing.
 EXPOSE 2222
 
-# Drop root privileges.
-USER nobody:nogroup
-
-ENTRYPOINT ["python3", "/ssh-audit.py"]
+ENTRYPOINT ["python3", "/home/nonroot/ssh-audit.py"]