diff --git a/distroless/private/group.bzl b/distroless/private/group.bzl index 28f2dfd..81e3b8c 100644 --- a/distroless/private/group.bzl +++ b/distroless/private/group.bzl @@ -5,6 +5,13 @@ load("@aspect_bazel_lib//lib:tar.bzl", "tar") load("@aspect_bazel_lib//lib:utils.bzl", "propagate_common_rule_attributes") load("@bazel_skylib//rules:write_file.bzl", "write_file") +def _get_attr(o, k, d): + if k in o: + return o[k] + if hasattr(o, k): + return getattr(o, k) + return d + def group(name, groups, **kwargs): """ Create a group file from array of dicts. @@ -23,12 +30,12 @@ def group(name, groups, **kwargs): # See https://www.ibm.com/docs/en/aix/7.2?topic=files-etcgroup-file#group_security__a3179518__title__1 ":".join([ entry["name"], - "!", # not used. Group administrators are provided instead of group passwords. + _get_attr(entry, "password", "!"), # not used. Group administrators are provided instead of group passwords. str(entry["gid"]), ",".join(entry["users"]), ]) for entry in groups - ], + ] + [""], out = "%s.content" % name, **common_kwargs ) diff --git a/distroless/private/os_release.bzl b/distroless/private/os_release.bzl index 03fe86c..9d2490c 100644 --- a/distroless/private/os_release.bzl +++ b/distroless/private/os_release.bzl @@ -25,7 +25,7 @@ def os_release(name, content, path = "/usr/lib/os-release", **kwargs): content = [ "{}={}".format(key, value) for (key, value) in content.items() - ], + ] + [""], out = "%s.content" % name, **common_kwargs ) diff --git a/distroless/private/passwd.bzl b/distroless/private/passwd.bzl index 967e944..4535b67 100644 --- a/distroless/private/passwd.bzl +++ b/distroless/private/passwd.bzl @@ -40,7 +40,7 @@ def passwd(name, passwds, mode = "644", **kwargs): entry["shell"], ]) for entry in passwds - ], + ] + [""], out = "%s.content" % name, **common_kwargs ) diff --git a/examples/flatten/BUILD.bazel b/examples/flatten/BUILD.bazel index bb5e931..f522124 100644 --- a/examples/flatten/BUILD.bazel +++ b/examples/flatten/BUILD.bazel @@ -52,7 +52,7 @@ assert_tar_listing( actual = "flatten", expected = """\ #mtree -./etc/passwd nlink=0 time=0.0 mode=644 gid=0 uid=0 type=file size=33 cksum=3891093834 sha1digest=94f013494b98f8ed618ce2e670d405f818ec3915 +./etc/passwd nlink=0 time=0.0 mode=644 gid=0 uid=0 type=file size=34 cksum=3470383902 sha1digest=240bc4b96dc5e13ffcc715bda7aaa9665fc1069c ./examples time=1672560000.0 mode=755 gid=0 uid=0 type=dir ./examples/flatten time=1672560000.0 mode=755 gid=0 uid=0 type=dir ./examples/flatten/dir time=1672560000.0 mode=755 gid=0 uid=0 type=dir diff --git a/examples/group/BUILD.bazel b/examples/group/BUILD.bazel index 09bb4f1..565f5c8 100644 --- a/examples/group/BUILD.bazel +++ b/examples/group/BUILD.bazel @@ -14,6 +14,15 @@ group( "cjf", ], ), + dict( + name = "nonroot", + gid = 4656, + password = "x", + users = [ + "shadow", + "cjf", + ], + ), ], ) @@ -28,6 +37,6 @@ assert_tar_listing( actual = "group", expected = """\ #mtree -./etc/group nlink=0 time=0.0 mode=644 gid=0 uid=0 type=file size=19 cksum=290415485 sha1digest=20c70f96d7939eb77c7f07bb8c0f200d89ce33b0 +./etc/group nlink=0 time=0.0 mode=644 gid=0 uid=0 type=file size=46 cksum=1308212548 sha1digest=73eab1fb5cf810c5811e9594a9180bee97011ed1 """, ) diff --git a/examples/group/group.expected.txt b/examples/group/group.expected.txt index 5757472..20e2e3c 100644 --- a/examples/group/group.expected.txt +++ b/examples/group/group.expected.txt @@ -1 +1,2 @@ -root:!:0:shadow,cjf \ No newline at end of file +root:!:0:shadow,cjf +nonroot:x:4656:shadow,cjf diff --git a/examples/os_release/BUILD.bazel b/examples/os_release/BUILD.bazel index 41119f4..0042a34 100644 --- a/examples/os_release/BUILD.bazel +++ b/examples/os_release/BUILD.bazel @@ -21,7 +21,7 @@ assert_tar_listing( actual = "os_release", expected = """\ #mtree -./usr/lib/os-release nlink=0 time=0.0 mode=755 gid=0 uid=0 type=file size=47 cksum=1353493935 sha1digest=ae180d07c7e29e34e1e74ee7c49f371c8cf006d5 +./usr/lib/os-release nlink=0 time=0.0 mode=755 gid=0 uid=0 type=file size=48 cksum=107085711 sha1digest=956eb93b9476f9fc8f93cb450adc4f716d158500 """, ) @@ -40,6 +40,6 @@ assert_tar_listing( actual = "os_release_alternative_path", expected = """\ #mtree -./etc/os-release nlink=0 time=0.0 mode=755 gid=0 uid=0 type=file size=66 cksum=187595121 sha1digest=7db059bd2ee4a8606f310fa84fb29f56f151b218 +./etc/os-release nlink=0 time=0.0 mode=755 gid=0 uid=0 type=file size=67 cksum=1175356314 sha1digest=ebdde6fdd9cf9876b4b592772d85817b4b482327 """, ) diff --git a/examples/os_release/content.expected.txt b/examples/os_release/content.expected.txt index 965b016..1c0c7bb 100644 --- a/examples/os_release/content.expected.txt +++ b/examples/os_release/content.expected.txt @@ -1,2 +1,2 @@ PRETTY_NAME=Distroless -VERSION=Debian GNU/Linux \ No newline at end of file +VERSION=Debian GNU/Linux diff --git a/examples/passwd/BUILD.bazel b/examples/passwd/BUILD.bazel index 5560105..905f4dd 100644 --- a/examples/passwd/BUILD.bazel +++ b/examples/passwd/BUILD.bazel @@ -27,6 +27,6 @@ assert_tar_listing( actual = "passwd", expected = """\ #mtree -./etc/passwd nlink=0 time=0.0 mode=644 gid=0 uid=0 type=file size=35 cksum=2298809208 sha1digest=31ad675c1210fd0413dd9b2441aaaf13c18d1547 +./etc/passwd nlink=0 time=0.0 mode=644 gid=0 uid=0 type=file size=36 cksum=216816702 sha1digest=a158dcecfd75d6502cdb1086eb5b0756d08fc423 """, ) diff --git a/examples/passwd/passwd.expected.txt b/examples/passwd/passwd.expected.txt index 7b99591..63be6eb 100644 --- a/examples/passwd/passwd.expected.txt +++ b/examples/passwd/passwd.expected.txt @@ -1 +1 @@ -root:!:0:0:root:/root:/usr/bin/bash \ No newline at end of file +root:!:0:0:root:/root:/usr/bin/bash