You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
edit: removed the permissions bit, I got muddled on that front
I ran the onelinesetup script on my development machine (m1 macos sonoma, docker running via colima) and only spotted after the fact that id_rsa was mounted into the magento app automatically.
To my mind, it's quite unexpected for a docker compose project to be making this sort of change (without explicit choice!). Yes, docker is not a perfect sandbox, and one should only run trusted containers -- but sharing a private key file means increasing the level of trust one must have for the magento app, all its php + js dependencies, any additions made in this repo, and so on.
Looking back at previous issues, it looks like the motivation is that folks fairly frequently? raised issues like this one about needing to clone private repos inside the app container.
If the goal is to maximise developer-experience & minimise related issues on the repo, one compromise option could potentially be something like -- revert to a commented-out line in compose.yaml, but to call attention to that line in the onelinesetup script e.g. by directly printing some guidance to the console, or even presenting an explicit yes/no choice to the user and un-commenting if approved.
What do you think?
Steps To Reproduce
Run the onelinesetup script curl -s https://raw.githubusercontent.com/markshust/docker-magento/master/lib/onelinesetup | bash -s -- magento.test 2.4.6-p3 community
Expected Result
~/.ssh/id_rsa would not be shared with the app container by default
Actual Result
~/.ssh/id_rsa is shared with the app image.
The text was updated successfully, but these errors were encountered:
Description
edit: removed the permissions bit, I got muddled on that front
I ran the onelinesetup script on my development machine (m1 macos sonoma, docker running via
colima
) and only spotted after the fact thatid_rsa
was mounted into the magento app automatically.To my mind, it's quite unexpected for a docker compose project to be making this sort of change (without explicit choice!). Yes, docker is not a perfect sandbox, and one should only run trusted containers -- but sharing a private key file means increasing the level of trust one must have for the magento app, all its php + js dependencies, any additions made in this repo, and so on.
Looking back at previous issues, it looks like the motivation is that folks fairly frequently? raised issues like this one about needing to clone private repos inside the app container.
If the goal is to maximise developer-experience & minimise related issues on the repo, one compromise option could potentially be something like -- revert to a commented-out line in
compose.yaml
, but to call attention to that line in the onelinesetup script e.g. by directly printing some guidance to the console, or even presenting an explicit yes/no choice to the user and un-commenting if approved.What do you think?
Steps To Reproduce
Run the onelinesetup script
curl -s https://raw.githubusercontent.com/markshust/docker-magento/master/lib/onelinesetup | bash -s -- magento.test 2.4.6-p3 community
Expected Result
~/.ssh/id_rsa
would not be shared with theapp
container by defaultActual Result
~/.ssh/id_rsa
is shared with the app image.The text was updated successfully, but these errors were encountered: