Use dedicated users to run services

Dockerfile

@@ -4,7 +4,6 @@ ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
 ARG http_proxy=
 ARG https_proxy=
-
 ARG FDROIDSERVER_VERSION=1.0.10
 
 RUN apk add --no-cache \
@@ -20,6 +19,8 @@ RUN pip3 install --upgrade pip
 
 RUN pip3 install fdroidserver==${FDROIDSERVER_VERSION}
 
+RUN apk del build-base
+
 COPY supervisor.ini /etc/supervisor.d/supervisor.ini
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 RUN chmod +x /docker-entrypoint.sh
@@ -29,8 +30,8 @@ WORKDIR /fdroid
 
 COPY config.py /fdroid/config.py.tmpl
 
-COPY fdroid-update.sh /fdroid-update.sh
-RUN chmod +x /fdroid-update.sh
+COPY fdroid-update.sh /fdroid/fdroid-update.sh
+RUN chmod +x /fdroid/fdroid-update.sh
 
 COPY fdroid-icon.png /fdroid/fdroid-icon.png
 
@@ -38,11 +39,17 @@ VOLUME /fdroid/repo
 VOLUME /fdroid/metadata
 VOLUME /fdroid/keystore
 
-EXPOSE 22
-EXPOSE 80
+EXPOSE 2222
+EXPOSE 8080
 
 ENV FDROID_ARCHIVE_OLDER=3
 ENV FDROID_REPO_ICON=fdroid-icon.png
 ENV FDROID_ARCHIVE_ICON=fdroid-icon.png
 
+RUN sed -i "s/^#HostKey.*$/HostKey \/fdroid\/ssh_host_rsa_key/" /etc/ssh/sshd_config
+RUN sed -i "s/^#Port.*$/Port 2222/" /etc/ssh/sshd_config
+
+RUN addgroup -S fdroid && adduser -D -h /fdroid -s /bin/bash -G fdroid fdroid
+RUN chown -R fdroid: /fdroid
+
 CMD /docker-entrypoint.sh