Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Install script should not tamper with SSH private key file permissions or share to app container #1046

Open
draaglom opened this issue Jan 17, 2024 · 0 comments

Comments

@draaglom
Copy link

draaglom commented Jan 17, 2024

Description

edit: removed the permissions bit, I got muddled on that front

I ran the onelinesetup script on my development machine (m1 macos sonoma, docker running via colima) and only spotted after the fact that id_rsa was mounted into the magento app automatically.

To my mind, it's quite unexpected for a docker compose project to be making this sort of change (without explicit choice!). Yes, docker is not a perfect sandbox, and one should only run trusted containers -- but sharing a private key file means increasing the level of trust one must have for the magento app, all its php + js dependencies, any additions made in this repo, and so on.

Looking back at previous issues, it looks like the motivation is that folks fairly frequently? raised issues like this one about needing to clone private repos inside the app container.

If the goal is to maximise developer-experience & minimise related issues on the repo, one compromise option could potentially be something like -- revert to a commented-out line in compose.yaml, but to call attention to that line in the onelinesetup script e.g. by directly printing some guidance to the console, or even presenting an explicit yes/no choice to the user and un-commenting if approved.

What do you think?

Steps To Reproduce

Run the onelinesetup script
curl -s https://raw.githubusercontent.com/markshust/docker-magento/master/lib/onelinesetup | bash -s -- magento.test 2.4.6-p3 community

Expected Result

  • ~/.ssh/id_rsa would not be shared with the app container by default

Actual Result

  • ~/.ssh/id_rsa is shared with the app image.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant