consolidation

maltesander · maltesander · commit 6ae4246675ee · 2025-04-04T12:10:01.000+02:00
diff --git a/kafka/Dockerfile b/kafka/Dockerfile
@@ -66,13 +66,13 @@ ARG KCAT
 ARG STACKABLE_USER_UID
 
 LABEL \
-    name="Apache Kafka" \
-    maintainer="info@stackable.tech" \
-    vendor="Stackable GmbH" \
-    version="${PRODUCT}" \
-    release="${RELEASE}" \
-    summary="The Stackable image for Apache Kafka." \
-    description="This image is deployed by the Stackable Operator for Apache Kafka."
+  name="Apache Kafka" \
+  maintainer="info@stackable.tech" \
+  vendor="Stackable GmbH" \
+  version="${PRODUCT}" \
+  release="${RELEASE}" \
+  summary="The Stackable image for Apache Kafka." \
+  description="This image is deployed by the Stackable Operator for Apache Kafka."
 
 COPY --chown=${STACKABLE_USER_UID}:0 --from=kafka-builder /stackable/kafka_${SCALA}-${PRODUCT} /stackable/kafka_${SCALA}-${PRODUCT}
 COPY --chown=${STACKABLE_USER_UID}:0 --from=kafka-builder /stackable/kafka_${SCALA}-${PRODUCT}.cdx.json /stackable/kafka_${SCALA}-${PRODUCT}/kafka_${SCALA}-${PRODUCT}.cdx.json
@@ -93,6 +93,7 @@ microdnf install \
 microdnf clean all
 rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" | sort > /stackable/package_manifest.txt
 chown ${STACKABLE_USER_UID}:0 /stackable/package_manifest.txt
+chmod g=u /stackable/package_manifest.txt
 rm -rf /var/cache/yum
 
 ln -s /stackable/bin/kcat-${KCAT} /stackable/bin/kcat
@@ -102,13 +103,28 @@ ln -s /stackable/bin/kcat /stackable/kcat
 chown -h ${STACKABLE_USER_UID}:0 /stackable/kcat
 ln -s /stackable/kafka_${SCALA}-${PRODUCT} /stackable/kafka
 chown -h ${STACKABLE_USER_UID}:0 /stackable/kafka
+
+# fix missing permissions
+chmod g=u /stackable/bin
+chmod g=u /stackable/jmx
+chmod g=u /stackable/kafka_${SCALA}-${PRODUCT}
+EOF
+
+# ----------------------------------------
+# Checks
+# This section is to run final checks to ensure the created final images
+# adhere to several minimal requirements like:
+# - check file permissions and ownerships
+# ----------------------------------------
+
+# Check that permissions and ownership in /stackable are set correctly
+# This will fail and stop the build if any mismatches are found.
+RUN <<EOF
+/bin/check-permissions-ownership.sh /stackable ${STACKABLE_USER_UID} 0
 EOF
 
 # ----------------------------------------
-# Attention:
-# If you do any file based actions (copying / creating etc.) below this comment you
-# absolutely need to make sure that the correct permissions are applied!
-# chown ${STACKABLE_USER_UID}:0
+# Attention: Do not perform any file based actions (copying/creating etc.) below this comment because the permissions would not be checked.
 # ----------------------------------------
 
 USER ${STACKABLE_USER_UID}
diff --git a/kcat/Dockerfile b/kcat/Dockerfile
@@ -9,8 +9,9 @@ FROM stackable/image/java-base AS builder
 ARG PRODUCT
 ARG STACKABLE_USER_UID
 
-RUN microdnf update \
-    && microdnf install \
+RUN <<EOF
+microdnf update
+microdnf install \
     cmake \
     cyrus-sasl-devel \
     gcc-c++ \
@@ -22,16 +23,21 @@ RUN microdnf update \
     wget \
     which \
     zlib \
-    zlib-devel && \
-    microdnf clean all && \
-    rm -rf /var/cache/yum
+    zlib-devel
+microdnf clean all
+rm -rf /var/cache/yum
+EOF
 
 WORKDIR /stackable
 
-RUN curl -O https://repo.stackable.tech/repository/packages/kcat/kcat-${PRODUCT}.tar.gz \
-    && tar xvfz kcat-${PRODUCT}.tar.gz \
-    && cd kcat-${PRODUCT} \
-    && ./bootstrap.sh
+RUN <<EOF
+curl -O https://repo.stackable.tech/repository/packages/kcat/kcat-${PRODUCT}.tar.gz
+tar xvfz kcat-${PRODUCT}.tar.gz
+cd kcat-${PRODUCT}
+./bootstrap.sh
+# set correct permissions
+chmod --recursive g=u /stackable/kcat-${PRODUCT}
+EOF
 
 COPY --chown=${STACKABLE_USER_UID}:0 kcat/licenses /licenses
 
