From 49472728719e1a437e63d974b65f0a21865975db Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Tue, 17 Jan 2017 23:46:36 +0000
Subject: --allow-superuser

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 93cf72e0..cea1d5b6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -52,7 +52,7 @@ RUN apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
     cd ./app && \
     meteor npm install --save xss && \
     echo "Starting meteor build of the app...   \n" && \
-    meteor build --directory /opt/app_build && \
+    meteor build --directory --allow-superuser /opt/app_build && \
     cd /opt/app_build/bundle/programs/server/ && \
     npm install && \
     mv /opt/app_build/bundle /build && \
-- 
cgit v1.2.3-1-g7c22


From 14873f3b2848e1f7bef97b5e5bb355b05a0552a2 Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Tue, 17 Jan 2017 23:48:19 +0000
Subject: slight formatting

---
 Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cea1d5b6..e441b76d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,8 +11,9 @@ ARG SRC_PATH=./
 # Copy the app to the image
 COPY ${SRC_PATH} ./app
 
-# OS dependencies
-RUN apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
+RUN \
+    # OS dependencies
+    apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
     \
     # Download nodejs
     wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-${ARCHICTECTURE}.tar.gz && \
-- 
cgit v1.2.3-1-g7c22


From fd2d6efe4a38436899d3058c2d4bddebc9ee9c98 Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Tue, 17 Jan 2017 23:48:55 +0000
Subject: typo

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index e441b76d..77b29112 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ ENV BUILD_DEPS="wget curl bzip2 build-essential python git"
 ARG NODE_VERSION=v0.10.48
 ARG METEOR_RELEASE=1.3.5.1
 ARG NPM_VERSION=3.10.10
-ARG ARCHICTECTURE=linux-x64
+ARG ARCHITECTURE=linux-x64
 ARG SRC_PATH=./
 
 # Copy the app to the image
-- 
cgit v1.2.3-1-g7c22


From ca1641ff697baa44241f406ec9551c03b6856d62 Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Tue, 17 Jan 2017 23:52:36 +0000
Subject: architecture typo

---
 Dockerfile | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 77b29112..f77fd3d4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,11 +16,11 @@ RUN \
     apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
     \
     # Download nodejs
-    wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-${ARCHICTECTURE}.tar.gz && \
+    wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
     wget https://nodejs.org/dist/${NODE_VERSION}/SHASUMS256.txt.asc && \
     \
     # Verify nodejs authenticity
-    grep ${NODE_VERSION}-${ARCHICTECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \
+    grep ${NODE_VERSION}-${ARCHITECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E && \
@@ -32,9 +32,9 @@ RUN \
     gpg --verify SHASUMS256.txt.asc && \
     \
     # Install Node
-    tar xvzf node-${NODE_VERSION}-${ARCHICTECTURE}.tar.gz && \
-    rm node-${NODE_VERSION}-${ARCHICTECTURE}.tar.gz && \
-    mv node-${NODE_VERSION}-${ARCHICTECTURE} /opt/nodejs && \
+    tar xvzf node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
+    rm node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
+    mv node-${NODE_VERSION}-${ARCHITECTURE} /opt/nodejs && \
     ln -s /opt/nodejs/bin/node /usr/bin/node && \
     ln -s /opt/nodejs/bin/npm /usr/bin/npm && \
     \
-- 
cgit v1.2.3-1-g7c22


From edd69ac0f75b6ad1708fb62c64186cf3d310c928 Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Fri, 20 Jan 2017 00:35:34 +0000
Subject: Change user to wekan for building with meteor

---
 Dockerfile | 49 +++++++++++++++++++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 14 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f77fd3d4..702ab806 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,8 @@
 FROM debian:wheezy
 MAINTAINER wefork
 
-ENV BUILD_DEPS="wget curl bzip2 build-essential python git"
+ENV BUILD_DEPS="wget curl bzip2 build-essential python git ca-certificates"
+ENV GOSU_VERSION=1.10
 ARG NODE_VERSION=v0.10.48
 ARG METEOR_RELEASE=1.3.5.1
 ARG NPM_VERSION=3.10.10
@@ -9,11 +10,24 @@ ARG ARCHITECTURE=linux-x64
 ARG SRC_PATH=./
 
 # Copy the app to the image
-COPY ${SRC_PATH} ./app
+COPY ${SRC_PATH} /home/wekan/app
 
 RUN \
+    # Add non-root user wekan
+    useradd --user-group --system --home-dir /home/wekan wekan && \
+    \
     # OS dependencies
-    apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
+    apt-get update -y && apt-get install -y --no-install-recommends ${BUILD_DEPS} && \
+    \
+    # Gosu installation
+    GOSU_ARCHITECTURE="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \
+    wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCHITECTURE}" && \
+    wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCHITECTURE}.asc" && \
+    export GNUPGHOME="$(mktemp -d)" && \
+    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
+    rm -R "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+    chmod +x /usr/local/bin/gosu && \
     \
     # Download nodejs
     wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
@@ -21,6 +35,7 @@ RUN \
     \
     # Verify nodejs authenticity
     grep ${NODE_VERSION}-${ARCHITECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \
+    export GNUPGHOME="$(mktemp -d)" && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E && \
@@ -30,6 +45,7 @@ RUN \
     gpg --keyserver pool.sks-keyservers.net --recv-keys B9AE9905FFD7803F25714661B63B535A4C206CA9 && \
     gpg --refresh-keys pool.sks-keyservers.net && \
     gpg --verify SHASUMS256.txt.asc && \
+    rm -R "$GNUPGHOME" SHASUMS256.txt.asc && \
     \
     # Install Node
     tar xvzf node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
@@ -43,27 +59,32 @@ RUN \
     npm install -g node-gyp && \
     npm install -g fibers && \
     \
-    # Install meteor
+    # Change user to wekan and install meteor
+    cd /home/wekan/ && \
+    chown wekan:wekan --recursive /home/wekan && \
     curl https://install.meteor.com -o ./install_meteor.sh && \
     sed -i "s|RELEASE=.*|RELEASE=${METEOR_RELEASE}\"\"|g" ./install_meteor.sh && \
     echo "Starting meteor ${METEOR_RELEASE} installation...   \n" && \
-    sh ./install_meteor.sh && \
+    chown wekan:wekan ./install_meteor.sh && \
+    gosu wekan:wekan sh ./install_meteor.sh && \
     \
     # Build app
-    cd ./app && \
-    meteor npm install --save xss && \
-    echo "Starting meteor build of the app...   \n" && \
-    meteor build --directory --allow-superuser /opt/app_build && \
-    cd /opt/app_build/bundle/programs/server/ && \
-    npm install && \
-    mv /opt/app_build/bundle /build && \
+    cd /home/wekan/app && \
+    gosu wekan /home/wekan/.meteor/meteor npm install --save xss && \
+    gosu wekan /home/wekan/.meteor/meteor build --directory /home/wekan/app_build && \
+    cd /home/wekan/app_build/bundle/programs/server/ && \
+    gosu wekan npm install && \
+    mv /home/wekan/app_build/bundle /build && \
     cd /build && \
     \
     # Cleanup
     apt-get remove --purge -y ${BUILD_DEPS} && \
     apt-get autoremove -y && \
-    rm -R /var/lib/apt/lists/* /app /opt/app_build ~/.meteor && \
-    rm /install_meteor.sh
+    rm -R /var/lib/apt/lists/* && \
+    rm -R /home/wekan/.meteor && \
+    rm -R /home/wekan/app && \
+    rm -R /home/wekan/app_build && \
+    rm /home/wekan/install_meteor.sh
 
 ENV PORT=80
 
-- 
cgit v1.2.3-1-g7c22


From 00af9fc0e49b2cf790c8fd1fa856ae385666f7fc Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Tue, 17 Jan 2017 23:46:36 +0000
Subject: --allow-superuser

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 93cf72e0..cea1d5b6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -52,7 +52,7 @@ RUN apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
     cd ./app && \
     meteor npm install --save xss && \
     echo "Starting meteor build of the app...   \n" && \
-    meteor build --directory /opt/app_build && \
+    meteor build --directory --allow-superuser /opt/app_build && \
     cd /opt/app_build/bundle/programs/server/ && \
     npm install && \
     mv /opt/app_build/bundle /build && \
-- 
cgit v1.2.3-1-g7c22


From b88b710f097d378f47ac89fc111d6d7d8a5f0ab2 Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Tue, 17 Jan 2017 23:48:19 +0000
Subject: slight formatting

---
 Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cea1d5b6..e441b76d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,8 +11,9 @@ ARG SRC_PATH=./
 # Copy the app to the image
 COPY ${SRC_PATH} ./app
 
-# OS dependencies
-RUN apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
+RUN \
+    # OS dependencies
+    apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
     \
     # Download nodejs
     wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-${ARCHICTECTURE}.tar.gz && \
-- 
cgit v1.2.3-1-g7c22


From 8efcc5e6c2f3d33c0254537b6bde928985d7173f Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Tue, 17 Jan 2017 23:48:55 +0000
Subject: typo

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index e441b76d..77b29112 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ ENV BUILD_DEPS="wget curl bzip2 build-essential python git"
 ARG NODE_VERSION=v0.10.48
 ARG METEOR_RELEASE=1.3.5.1
 ARG NPM_VERSION=3.10.10
-ARG ARCHICTECTURE=linux-x64
+ARG ARCHITECTURE=linux-x64
 ARG SRC_PATH=./
 
 # Copy the app to the image
-- 
cgit v1.2.3-1-g7c22


From 5ff23de8f522296012d841fa8e2ceef5a89662c0 Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Tue, 17 Jan 2017 23:52:36 +0000
Subject: architecture typo

---
 Dockerfile | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 77b29112..f77fd3d4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,11 +16,11 @@ RUN \
     apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
     \
     # Download nodejs
-    wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-${ARCHICTECTURE}.tar.gz && \
+    wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
     wget https://nodejs.org/dist/${NODE_VERSION}/SHASUMS256.txt.asc && \
     \
     # Verify nodejs authenticity
-    grep ${NODE_VERSION}-${ARCHICTECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \
+    grep ${NODE_VERSION}-${ARCHITECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E && \
@@ -32,9 +32,9 @@ RUN \
     gpg --verify SHASUMS256.txt.asc && \
     \
     # Install Node
-    tar xvzf node-${NODE_VERSION}-${ARCHICTECTURE}.tar.gz && \
-    rm node-${NODE_VERSION}-${ARCHICTECTURE}.tar.gz && \
-    mv node-${NODE_VERSION}-${ARCHICTECTURE} /opt/nodejs && \
+    tar xvzf node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
+    rm node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
+    mv node-${NODE_VERSION}-${ARCHITECTURE} /opt/nodejs && \
     ln -s /opt/nodejs/bin/node /usr/bin/node && \
     ln -s /opt/nodejs/bin/npm /usr/bin/npm && \
     \
-- 
cgit v1.2.3-1-g7c22


From e9efc9205d1d7791eeb56de768fd422ce3374ca1 Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Fri, 20 Jan 2017 00:35:34 +0000
Subject: Change user to wekan for building with meteor

---
 Dockerfile | 49 +++++++++++++++++++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 14 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f77fd3d4..702ab806 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,8 @@
 FROM debian:wheezy
 MAINTAINER wefork
 
-ENV BUILD_DEPS="wget curl bzip2 build-essential python git"
+ENV BUILD_DEPS="wget curl bzip2 build-essential python git ca-certificates"
+ENV GOSU_VERSION=1.10
 ARG NODE_VERSION=v0.10.48
 ARG METEOR_RELEASE=1.3.5.1
 ARG NPM_VERSION=3.10.10
@@ -9,11 +10,24 @@ ARG ARCHITECTURE=linux-x64
 ARG SRC_PATH=./
 
 # Copy the app to the image
-COPY ${SRC_PATH} ./app
+COPY ${SRC_PATH} /home/wekan/app
 
 RUN \
+    # Add non-root user wekan
+    useradd --user-group --system --home-dir /home/wekan wekan && \
+    \
     # OS dependencies
-    apt-get update -y && apt-get install -y ${BUILD_DEPS} && \
+    apt-get update -y && apt-get install -y --no-install-recommends ${BUILD_DEPS} && \
+    \
+    # Gosu installation
+    GOSU_ARCHITECTURE="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \
+    wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCHITECTURE}" && \
+    wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCHITECTURE}.asc" && \
+    export GNUPGHOME="$(mktemp -d)" && \
+    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
+    rm -R "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+    chmod +x /usr/local/bin/gosu && \
     \
     # Download nodejs
     wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
@@ -21,6 +35,7 @@ RUN \
     \
     # Verify nodejs authenticity
     grep ${NODE_VERSION}-${ARCHITECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \
+    export GNUPGHOME="$(mktemp -d)" && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 && \
     gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E && \
@@ -30,6 +45,7 @@ RUN \
     gpg --keyserver pool.sks-keyservers.net --recv-keys B9AE9905FFD7803F25714661B63B535A4C206CA9 && \
     gpg --refresh-keys pool.sks-keyservers.net && \
     gpg --verify SHASUMS256.txt.asc && \
+    rm -R "$GNUPGHOME" SHASUMS256.txt.asc && \
     \
     # Install Node
     tar xvzf node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
@@ -43,27 +59,32 @@ RUN \
     npm install -g node-gyp && \
     npm install -g fibers && \
     \
-    # Install meteor
+    # Change user to wekan and install meteor
+    cd /home/wekan/ && \
+    chown wekan:wekan --recursive /home/wekan && \
     curl https://install.meteor.com -o ./install_meteor.sh && \
     sed -i "s|RELEASE=.*|RELEASE=${METEOR_RELEASE}\"\"|g" ./install_meteor.sh && \
     echo "Starting meteor ${METEOR_RELEASE} installation...   \n" && \
-    sh ./install_meteor.sh && \
+    chown wekan:wekan ./install_meteor.sh && \
+    gosu wekan:wekan sh ./install_meteor.sh && \
     \
     # Build app
-    cd ./app && \
-    meteor npm install --save xss && \
-    echo "Starting meteor build of the app...   \n" && \
-    meteor build --directory --allow-superuser /opt/app_build && \
-    cd /opt/app_build/bundle/programs/server/ && \
-    npm install && \
-    mv /opt/app_build/bundle /build && \
+    cd /home/wekan/app && \
+    gosu wekan /home/wekan/.meteor/meteor npm install --save xss && \
+    gosu wekan /home/wekan/.meteor/meteor build --directory /home/wekan/app_build && \
+    cd /home/wekan/app_build/bundle/programs/server/ && \
+    gosu wekan npm install && \
+    mv /home/wekan/app_build/bundle /build && \
     cd /build && \
     \
     # Cleanup
     apt-get remove --purge -y ${BUILD_DEPS} && \
     apt-get autoremove -y && \
-    rm -R /var/lib/apt/lists/* /app /opt/app_build ~/.meteor && \
-    rm /install_meteor.sh
+    rm -R /var/lib/apt/lists/* && \
+    rm -R /home/wekan/.meteor && \
+    rm -R /home/wekan/app && \
+    rm -R /home/wekan/app_build && \
+    rm /home/wekan/install_meteor.sh
 
 ENV PORT=80
 
-- 
cgit v1.2.3-1-g7c22


From 8ba08988ee8d11a544adcaa161637b48fd33c171 Mon Sep 17 00:00:00 2001
From: Stephen Moloney <stephenmoloney@live.com>
Date: Fri, 20 Jan 2017 10:54:32 +0000
Subject: remove cd /build

---
 Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 702ab806..9e2b3a2e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -75,7 +75,6 @@ RUN \
     cd /home/wekan/app_build/bundle/programs/server/ && \
     gosu wekan npm install && \
     mv /home/wekan/app_build/bundle /build && \
-    cd /build && \
     \
     # Cleanup
     apt-get remove --purge -y ${BUILD_DEPS} && \
-- 
cgit v1.2.3-1-g7c22