"latest" branch does not support Arbitrary uid feature

[deviarchscs]

The "latest" branch of this project does not work on a secured cluster when the container is launched with an arbitrary uid. This is typically the case on an Openshift cluster. It seems you forgot to add a piece of code that handled this feature on your latest branch. Your "master" branch does well integrate this feature

You need to add the "add_uid" function inside the "startup.py" file and call it at the very beginning of the main function: The end of the startup.py file should read:

def add_uid():
    logging.info("Adding uid to /etc/passwd")
    with open('/etc/passwd','a') as passwd_file:
        passwd_file.write('mendix:x:{uid}:{gid}:mendix user:/opt/mendix/build:/sbin/nologin\n'.format(uid=os.getuid(),gid=os.getgid()))

if __name__ == '__main__':
    logging.info(get_welcome_header())
    add_uid()
    export_db_endpoint()
    export_vcap_variables()
    export_industrial_edge_config_variable()
    export_k8s_instance()
    check_logfilter()
    
    export_encoded_cacertificates()
    call_buildpack_startup()

[zlogic]

@deviarchscs, that code is no longer necessary, since /etc/passwd is automatically patched by OpenShift 4: https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids

By default, OpenShift 4.x appends the effective UID into /etc/passwd of the Container during the creation of the Pod.

• Note: This was a manual step when deploying applications to OCP 3.x, that required the UID to exist in the passwd file of the Container.

Using OpenShift's built-in features prevents apps from modifying /etc/passwd and potentially causing a security issue.

[zlogic]

Have you tried the https://github.com/mendix/docker-mendix-buildpack/pull/181 feature branch?

[zlogic]

@deviarchscs , did you have a chance to try the feature branch to see if it fixes your problem?