From e6e29492c715eab8d953c82eb40f827884f24c3d Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Fri, 14 Mar 2025 15:11:34 +0100 Subject: [PATCH 01/21] reduce size --- nifi/Dockerfile | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 3ca3bfcfc..6fc8b19f8 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -59,7 +59,9 @@ RUN curl 'https://repo.stackable.tech/repository/m2/tech/stackable/nifi/stackabl # Remove the unzipped sources rm -rf /stackable/nifi-${PRODUCT}-src && \ # Remove generated docs in binary - rm -rf /stackable/nifi-${PRODUCT}/docs + rm -rf /stackable/nifi-${PRODUCT}/docs && \ + # Set correct groups + chmod -R g=u /stackable FROM stackable/image/java-base AS final @@ -102,11 +104,6 @@ pip install --no-cache-dir \ # For backwards compatibility we create a softlink in /bin where the jar used to be as long as we are root # This can be removed once older versions / operators using this are no longer supported ln -s /stackable/stackable-bcrypt.jar /bin/stackable-bcrypt.jar - -# All files and folders owned by root group to support running as arbitrary users. -# This is best practice as all container users will belong to the root group (0). -chown -R ${STACKABLE_USER_UID}:0 /stackable -chmod -R g=u /stackable EOF # ---------------------------------------- From 00f0ad14fd348b82bb83382922cc0dddca277e9c Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 26 Mar 2025 13:56:37 +0100 Subject: [PATCH 02/21] adapt changelog --- CHANGELOG.md | 6 ++++++ nifi/Dockerfile | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bce1955f7..21d5b90e0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Fixed + +- nifi: reduce docker image size by removing the recursive chown/chmods in the final image ([#1027]). + +[#1027]: https://github.com/stackabletech/docker-images/pull/1027 + ### Added - airflow: Add OPA support to Airflow ([#978]). diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 6fc8b19f8..5789c58ea 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -107,7 +107,7 @@ ln -s /stackable/stackable-bcrypt.jar /bin/stackable-bcrypt.jar EOF # ---------------------------------------- -# Attention: We are changing the group of all files in /stackable directly above +# Attention: # If you do any file based actions (copying / creating etc.) below this comment you # absolutely need to make sure that the correct permissions are applied! # chown ${STACKABLE_USER_UID}:0 From 4e1a65f5ab6b3b7fba565a22fd30aca3c14bd34b Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 2 Apr 2025 18:45:18 +0200 Subject: [PATCH 03/21] add check for ownership / permission --- shared/checks/check-permissions-ownership | 44 +++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 shared/checks/check-permissions-ownership diff --git a/shared/checks/check-permissions-ownership b/shared/checks/check-permissions-ownership new file mode 100755 index 000000000..8a0036454 --- /dev/null +++ b/shared/checks/check-permissions-ownership @@ -0,0 +1,44 @@ +#!/bin/bash + +if [ $# -ne 3 ] + then + echo "Wrong number of parameters supplied. Usage:" + echo "$0 " + echo "$0 /stackable 1000 0" +fi + +STACKABLE_DIR=$1 +EXPECTED_UID=$2 +EXPECTED_GID=$3 + +error_flag=0 + +# Check ownership +while IFS= read -r -d '' file; do + uid=$(stat -c "%u" "$file") + gid=$(stat -c "%g" "$file") + + if [[ "$uid" -ne "$EXPECTED_UID" || "$gid" -ne "$EXPECTED_GID" ]]; then + echo "Ownership mismatch: $file (Expected: $EXPECTED_UID:$EXPECTED_GID, Found: $uid:$gid)" + error_flag=1 + fi +done < <(find "$STACKABLE_DIR" -print0) + +# Check permissions +while IFS= read -r -d '' file; do + perms=$(stat -c "%A" "$file") + owner_perms="${perms:1:3}" + group_perms="${perms:4:3}" + + if [[ "$owner_perms" != "$group_perms" ]]; then + echo "Permission mismatch: $file (Owner: $owner_perms, Group: $group_perms)" + error_flag=1 + fi +done < <(find "$STACKABLE_DIR" -print0) + +if [[ $error_flag -ne 0 ]]; then + echo "Permission and Ownership checks failed!" + exit 1 +fi + +echo "Permission and Ownership checks successful!" \ No newline at end of file From cff33f8e97710fde6d117bca0ce9851d62983167 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 2 Apr 2025 18:45:43 +0200 Subject: [PATCH 04/21] set permissions --- vector/Dockerfile | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/vector/Dockerfile b/vector/Dockerfile index e73571b64..bcd6f9262 100644 --- a/vector/Dockerfile +++ b/vector/Dockerfile @@ -14,16 +14,22 @@ ARG STACKABLE_USER_UID # This happens by writing a "shutdown file" in a shared volume # See https://github.com/stackabletech/airflow-operator/blob/23.4.1/rust/operator-binary/src/airflow_db_controller.rs#L269 for an example # The Vector container waits for this file to appear and this waiting happens using `inotifywait` which comes from the `inotify-tools` package -RUN ARCH="${TARGETARCH/amd64/x86_64}" ARCH="${ARCH/arm64/aarch64}" && \ - rpm --install \ - "https://repo.stackable.tech/repository/packages/vector/vector-${PRODUCT}-${RPM_RELEASE}.${ARCH}.rpm" \ - "https://repo.stackable.tech/repository/packages/inotify-tools/inotify-tools-${INOTIFY_TOOLS}.${ARCH}.rpm" && \ - mkdir /licenses && \ - cp /usr/share/licenses/vector-${PRODUCT}/LICENSE /licenses/VECTOR_LICENSE && \ - # Create the directory /stackable/vector/var. - # This directory is set by operator-rs in the parameter `data_dir` - # of the Vector configuration. The directory is used for persisting - # Vector state, such as on-disk buffers, file checkpoints, and more. - # Vector needs write permissions. - mkdir --parents /stackable/vector/var && \ - chown --recursive ${STACKABLE_USER_UID}:0 /stackable/ +RUN < Date: Wed, 2 Apr 2025 18:46:07 +0200 Subject: [PATCH 05/21] use check permissions script --- nifi/Dockerfile | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 5789c58ea..dfcf7c8d3 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -60,7 +60,7 @@ RUN curl 'https://repo.stackable.tech/repository/m2/tech/stackable/nifi/stackabl rm -rf /stackable/nifi-${PRODUCT}-src && \ # Remove generated docs in binary rm -rf /stackable/nifi-${PRODUCT}/docs && \ - # Set correct groups + # Set correct permissions chmod -R g=u /stackable FROM stackable/image/java-base AS final @@ -83,10 +83,9 @@ COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-builder /stackable/stackable-bc COPY --chown=${STACKABLE_USER_UID}:0 nifi/stackable/bin /stackable/bin COPY --chown=${STACKABLE_USER_UID}:0 nifi/licenses /licenses COPY --chown=${STACKABLE_USER_UID}:0 nifi/python /stackable/python +COPY --chown=${STACKABLE_USER_UID}:0 shared/checks/check-permissions-ownership /tmp/check-permissions-ownership RUN < Date: Wed, 2 Apr 2025 18:47:35 +0200 Subject: [PATCH 06/21] newline --- shared/checks/check-permissions-ownership | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/checks/check-permissions-ownership b/shared/checks/check-permissions-ownership index 8a0036454..86429a943 100755 --- a/shared/checks/check-permissions-ownership +++ b/shared/checks/check-permissions-ownership @@ -41,4 +41,4 @@ if [[ $error_flag -ne 0 ]]; then exit 1 fi -echo "Permission and Ownership checks successful!" \ No newline at end of file +echo "Permission and Ownership checks successful!" From d16d4dae635ed29c38b4e4f60a2b40784ff40097 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 2 Apr 2025 19:03:18 +0200 Subject: [PATCH 07/21] fixes --- nifi/Dockerfile | 79 ++++++++++++++--------- shared/checks/check-permissions-ownership | 10 +-- 2 files changed, 52 insertions(+), 37 deletions(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index dfcf7c8d3..06730769e 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -28,40 +28,53 @@ WORKDIR /stackable COPY --chown=${STACKABLE_USER_UID}:0 nifi/stackable/patches /stackable/patches -RUN curl 'https://repo.stackable.tech/repository/m2/tech/stackable/nifi/stackable-bcrypt/1.0-SNAPSHOT/stackable-bcrypt-1.0-20240508.153334-1-jar-with-dependencies.jar' \ - # This used to be located in /bin/stackable-bcrypt.jar. We create a softlink for /bin/stackable-bcrypt.jar in the main container for backwards compatibility. - -o /stackable/stackable-bcrypt.jar && \ - # Get the source release from nexus - curl "https://repo.stackable.tech/repository/packages/nifi/nifi-${PRODUCT}-source-release.zip" -o "/stackable/nifi-${PRODUCT}-source-release.zip" && \ - unzip "nifi-${PRODUCT}-source-release.zip" && \ - # Clean up downloaded source after unzipping - rm -rf "nifi-${PRODUCT}-source-release.zip" && \ - # The NiFi "binary" ends up in a folder named "nifi-${PRODUCT}" which should be copied to /stackable - # from /stackable/nifi-${PRODUCT}-src/nifi-assembly/target/nifi-${PRODUCT}-bin/nifi-${PRODUCT} (see later steps) - # Therefore we add the suffix "-src" to be able to copy the binary and remove the unzipped sources afterwards. - mv nifi-${PRODUCT} nifi-${PRODUCT}-src && \ - # Apply patches - chmod +x patches/apply_patches.sh && \ - patches/apply_patches.sh ${PRODUCT} && \ - # Build NiFi - cd /stackable/nifi-${PRODUCT}-src/ && \ - # NOTE: Since NiFi 2.0.0 PutIceberg Processor and services were removed, so including the `include-iceberg` profile does nothing. - # Additionally some modules were moved to optional build profiles, so we need to add `include-hadoop` to get `nifi-parquet-nar` for example. - if [[ "${PRODUCT}" != 1.* ]] ; then \ +RUN < Date: Wed, 2 Apr 2025 19:08:04 +0200 Subject: [PATCH 08/21] fixes --- shared/checks/check-permissions-ownership | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/checks/check-permissions-ownership b/shared/checks/check-permissions-ownership index 4b120916d..adcb59ec0 100755 --- a/shared/checks/check-permissions-ownership +++ b/shared/checks/check-permissions-ownership @@ -37,8 +37,8 @@ while IFS= read -r -d '' file; do done < <(find "$DIRECTORY" -print0) if [[ $error_flag -ne 0 ]]; then - echo "Permission and Ownership checks failed for $$DIRECTORY!" + echo "Permission and Ownership checks failed for $DIRECTORY!" exit 1 fi -echo "Permission and Ownership checks succeeded for $$DIRECTORY!" +echo "Permission and Ownership checks succeeded for $DIRECTORY!" From d912980057fc27c65b80434549e96cdafd29d24e Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 2 Apr 2025 19:22:23 +0200 Subject: [PATCH 09/21] fixes --- shared/checks/check-permissions-ownership | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/shared/checks/check-permissions-ownership b/shared/checks/check-permissions-ownership index adcb59ec0..65025cf50 100755 --- a/shared/checks/check-permissions-ownership +++ b/shared/checks/check-permissions-ownership @@ -1,7 +1,6 @@ #!/bin/bash -if [ $# -ne 3 ] - then +if [[ $# -ne 3 ]]; then echo "Wrong number of parameters supplied. Usage:" echo "$0 " echo "$0 /stackable 1000 0" From b1be458621333d04fc4c2116388b497979254bda Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 2 Apr 2025 19:33:15 +0200 Subject: [PATCH 10/21] added purpose and usage --- shared/checks/check-permissions-ownership | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/shared/checks/check-permissions-ownership b/shared/checks/check-permissions-ownership index 65025cf50..5b5305b23 100755 --- a/shared/checks/check-permissions-ownership +++ b/shared/checks/check-permissions-ownership @@ -1,4 +1,19 @@ #!/bin/bash +# +# Purpose +# +# Checks that permissions and ownership in the provided directory are set according to: +# +# chown -R ${STACKABLE_USER_UID}:0 /stackable +# chmod -R g=u /stackable +# +# Will error out and print directories / files that do not match the reuired permissions or ownership. +# +# Usage: +# +# ./check-permissions-ownership +# ./check-permissions-ownership /stackable 1000 0 +# if [[ $# -ne 3 ]]; then echo "Wrong number of parameters supplied. Usage:" From 1e8fdfcf23525cd36904321d4a7c136ed685bd98 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 2 Apr 2025 19:33:49 +0200 Subject: [PATCH 11/21] fix --- shared/checks/check-permissions-ownership | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/checks/check-permissions-ownership b/shared/checks/check-permissions-ownership index 5b5305b23..217ada959 100755 --- a/shared/checks/check-permissions-ownership +++ b/shared/checks/check-permissions-ownership @@ -12,7 +12,7 @@ # Usage: # # ./check-permissions-ownership -# ./check-permissions-ownership /stackable 1000 0 +# ./check-permissions-ownership /stackable ${STACKABLE_USER_UID} 0 # if [[ $# -ne 3 ]]; then From 205a341d18245334bf7d4e54120ec2c4ceaa9f28 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 2 Apr 2025 19:34:10 +0200 Subject: [PATCH 12/21] typo --- shared/checks/check-permissions-ownership | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/checks/check-permissions-ownership b/shared/checks/check-permissions-ownership index 217ada959..6601fdd76 100755 --- a/shared/checks/check-permissions-ownership +++ b/shared/checks/check-permissions-ownership @@ -7,7 +7,7 @@ # chown -R ${STACKABLE_USER_UID}:0 /stackable # chmod -R g=u /stackable # -# Will error out and print directories / files that do not match the reuired permissions or ownership. +# Will error out and print directories / files that do not match the required permissions or ownership. # # Usage: # From 1741c17b32a43ff508d2eb3f724d7381da92aa3d Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 3 Apr 2025 10:56:22 +0200 Subject: [PATCH 13/21] improve comments --- nifi/Dockerfile | 11 ++++++++++- shared/checks/check-permissions-ownership | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 06730769e..e2ace9c96 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -110,6 +110,7 @@ microdnf clean all rm -rf /var/cache/yum # The nipyapi is required until NiFi 2.0.x for the ReportingTaskJob +# This can be removed once the 1.x.x line is removed pip install --no-cache-dir \ nipyapi==0.19.1 @@ -126,7 +127,15 @@ chmod -R g=u /stackable/bin chmod g=u /stackable/nifi-2.2.0 EOF -# Check that permissions are set correctly +# ---------------------------------------- +# Checks +# This section is to run final checks to ensure the created final images +# adere to several minimal requirements like: +# - check file permissions and ownerships +# ---------------------------------------- + +# Check that permissions and ownership in /stackable are set correctly +# This will fail and stop the build if any mismatches are found. RUN < # ./check-permissions-ownership /stackable ${STACKABLE_USER_UID} 0 From 588cb761a0fd42040b09c9572320ec24b9e7192a Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 3 Apr 2025 11:08:57 +0200 Subject: [PATCH 14/21] linter --- nifi/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index e2ace9c96..55f48ef6d 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -131,7 +131,7 @@ EOF # Checks # This section is to run final checks to ensure the created final images # adere to several minimal requirements like: -# - check file permissions and ownerships +# - check file permissions and ownerships # ---------------------------------------- # Check that permissions and ownership in /stackable are set correctly From d42ef14a35ea79980df52aaeed5a8a2ac620f322 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 3 Apr 2025 11:11:27 +0200 Subject: [PATCH 15/21] linter 2 --- vector/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vector/Dockerfile b/vector/Dockerfile index bcd6f9262..058be4c78 100644 --- a/vector/Dockerfile +++ b/vector/Dockerfile @@ -15,7 +15,7 @@ ARG STACKABLE_USER_UID # See https://github.com/stackabletech/airflow-operator/blob/23.4.1/rust/operator-binary/src/airflow_db_controller.rs#L269 for an example # The Vector container waits for this file to appear and this waiting happens using `inotifywait` which comes from the `inotify-tools` package RUN < Date: Thu, 3 Apr 2025 12:07:56 +0200 Subject: [PATCH 16/21] Apply suggestions from code review Co-authored-by: Siegfried Weber --- nifi/Dockerfile | 12 ++++-------- shared/checks/check-permissions-ownership | 1 + 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 55f48ef6d..6017b2441 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -121,9 +121,9 @@ ln -s /stackable/stackable-bcrypt.jar /bin/stackable-bcrypt.jar ln -s /stackable/nifi-${PRODUCT} /stackable/nifi # fix missing permissions / ownership -chown -h ${STACKABLE_USER_UID}:0 /stackable/nifi -chmod -R g=u /stackable/python -chmod -R g=u /stackable/bin +chown --no-dereference ${STACKABLE_USER_UID}:0 /stackable/nifi +chmod --recursive g=u /stackable/python +chmod --recursive g=u /stackable/bin chmod g=u /stackable/nifi-2.2.0 EOF @@ -137,16 +137,12 @@ EOF # Check that permissions and ownership in /stackable are set correctly # This will fail and stop the build if any mismatches are found. RUN < " echo "$0 /stackable 1000 0" + exit 1 fi DIRECTORY=$1 From c64a2d41b51effb54923fa9087eaf0799a3a03ec Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 3 Apr 2025 12:14:57 +0200 Subject: [PATCH 17/21] consolidate bash commands --- nifi/Dockerfile | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 6017b2441..21da5d7ba 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -7,9 +7,11 @@ ARG PRODUCT ARG MAVEN_VERSION="3.9.8" ARG STACKABLE_USER_UID -RUN microdnf update && \ - microdnf clean all && \ - rm -rf /var/cache/yum +RUN < Date: Thu, 3 Apr 2025 12:15:56 +0200 Subject: [PATCH 18/21] fix if else --- nifi/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 21da5d7ba..b15c59743 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -20,7 +20,7 @@ EOF # [ERROR] Detected Maven Version: 3.6.3 is not in the allowed range [3.9.6,). # RUN < Date: Thu, 3 Apr 2025 13:06:04 +0200 Subject: [PATCH 19/21] move check-permissions-ownership.sh to stackable-base image /bin --- nifi/Dockerfile | 4 +--- ...k-permissions-ownership => check-permissions-ownership.sh} | 4 ++-- stackable-base/Dockerfile | 4 ++++ 3 files changed, 7 insertions(+), 5 deletions(-) rename shared/checks/{check-permissions-ownership => check-permissions-ownership.sh} (91%) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index b15c59743..722086197 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -100,7 +100,6 @@ COPY --chown=${STACKABLE_USER_UID}:0 --from=nifi-builder /stackable/stackable-bc COPY --chown=${STACKABLE_USER_UID}:0 nifi/stackable/bin /stackable/bin COPY --chown=${STACKABLE_USER_UID}:0 nifi/licenses /licenses COPY --chown=${STACKABLE_USER_UID}:0 nifi/python /stackable/python -COPY --chown=${STACKABLE_USER_UID}:0 shared/checks/check-permissions-ownership /tmp/check-permissions-ownership RUN < -# ./check-permissions-ownership /stackable ${STACKABLE_USER_UID} 0 +# ./check-permissions-ownership.sh +# ./check-permissions-ownership.sh /stackable ${STACKABLE_USER_UID} 0 # if [[ $# -ne 3 ]]; then diff --git a/stackable-base/Dockerfile b/stackable-base/Dockerfile index 6735fd52d..f38d5b614 100644 --- a/stackable-base/Dockerfile +++ b/stackable-base/Dockerfile @@ -204,6 +204,10 @@ COPY --from=config-utils --chown=${STACKABLE_USER_UID}:0 /config-utils/config-ut # Debug tool that logs generic system information. COPY --from=containerdebug --chown=${STACKABLE_USER_UID}:0 /containerdebug/target/release/containerdebug /stackable/containerdebug +# **check-permissions-ownership.sh** +# Bash script to check proper permissions and ownership requirements in the final Stackable images +COPY --chown=${STACKABLE_USER_UID}:0 shared/checks/check-permissions-ownership.sh /bin/check-permissions-ownership.sh + ENV PATH="${PATH}:/stackable" # These labels have mostly been superceded by the OpenContainer spec annotations below but it doesn't hurt to include them From 991bc0d077d549fe0018a55bc95a268a3d4836c8 Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 3 Apr 2025 13:07:30 +0200 Subject: [PATCH 20/21] adapted changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 94f13dfa9..1904596bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ All notable changes to this project will be documented in this file. ### Added - spark-connect-client: A new image for Spark connect tests and demos ([#1034]) +- nifi: check for correct permissions and ownerships in /stackable folder via + `check-permissions-ownership.sh` provided in stackable-base image ([#1027]). ### Changed From b1d3fdeb1883fd2cb95e34ecaa0cbf7aee6780fd Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Thu, 3 Apr 2025 15:31:15 +0200 Subject: [PATCH 21/21] Apply suggestions from code review Co-authored-by: Siegfried Weber --- nifi/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nifi/Dockerfile b/nifi/Dockerfile index 722086197..93daaa019 100644 --- a/nifi/Dockerfile +++ b/nifi/Dockerfile @@ -127,13 +127,13 @@ ln -s /stackable/nifi-${PRODUCT} /stackable/nifi chown --no-dereference ${STACKABLE_USER_UID}:0 /stackable/nifi chmod --recursive g=u /stackable/python chmod --recursive g=u /stackable/bin -chmod g=u /stackable/nifi-2.2.0 +chmod g=u /stackable/nifi-${PRODUCT} EOF # ---------------------------------------- # Checks # This section is to run final checks to ensure the created final images -# adere to several minimal requirements like: +# adhere to several minimal requirements like: # - check file permissions and ownerships # ----------------------------------------