Improve docker setup

- add .dockerignore to minimize build context
- add runtime ldap and sasl libraries
- add entrypoint script to allow initialization as root and drop
  privileges for gvaldap.sh
- add importlib-metadata dependency required by celery

.dockerignore

@@ -0,0 +1,11 @@
+**/*.pyc
+**/.coverage
+.env
+.git
+.gitignore
+.vagrant
+Vagrantfile
+change-vmdebootstrap-default-dhcp.sh
+coverage-report
+docs
+salt

Dockerfile

@@ -41,6 +41,8 @@ RUN apt-get update \
        ca-certificates \
        dumb-init \
        gettext \
+       libldap-2.4-2 \
+       libsasl2-2 \
        python3 \
        python3-pip \
        python3-wheel \
@@ -59,10 +61,8 @@ RUN addgroup --gid $GVAGID $GVAAPP ; \
 
 COPY --chown=$GVAAPP:$GVAAPP --from=builder /srv/$GVAAPP/.venv /srv/$GVAAPP/.venv
 
-USER $GVAAPP
+VOLUME /srv/$GVAAPP/$GVAAPP
 
-VOLUME /srv/$GVAAPP
+COPY ${GVAAPP}.sh entrypoint.sh /srv/
 
-COPY ${GVAAPP}.sh /srv/
+ENTRYPOINT ["dumb-init", "/srv/entrypoint.sh"]
-
-ENTRYPOINT ["dumb-init", "/srv/${GVAAPP}.sh"]

entrypoint.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+su -c /srv/gvaldap.sh gvaldap

poetry.lock

@@ -550,14 +550,14 @@ files = [
 
 [[package]]
 name = "importlib-metadata"
-version = "6.0.0"
+version = "4.13.0"
 description = "Read metadata from Python packages"
 category = "main"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "importlib_metadata-6.0.0-py3-none-any.whl", hash = "sha256:7efb448ec9a5e313a57655d35aa54cd3e01b7e1fbcf72dce1bf06119420f5bad"},
+    {file = "importlib_metadata-4.13.0-py3-none-any.whl", hash = "sha256:8a8a81bcf996e74fee46f0d16bd3eaa382a7eb20fd82445c3ad11f4090334116"},
-    {file = "importlib_metadata-6.0.0.tar.gz", hash = "sha256:e354bedeb60efa6affdcc8ae121b73544a7aa74156d047311948f6d711cd378d"},
+    {file = "importlib_metadata-4.13.0.tar.gz", hash = "sha256:dd0173e8f150d6815e098fd354f6414b0f079af4644ddfe90c71e2fc6174346d"},
 ]
 
 [package.dependencies]
@@ -565,7 +565,7 @@ typing-extensions = {version = ">=3.6.4", markers = "python_version < \"3.8\""}
 zipp = ">=0.5"
 
 [package.extras]
-docs = ["furo", "jaraco.packaging (>=9)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-lint"]
+docs = ["furo", "jaraco.packaging (>=9)", "jaraco.tidelift (>=1.4)", "rst.linker (>=1.9)", "sphinx (>=3.5)"]
 perf = ["ipython"]
 testing = ["flake8 (<5)", "flufl.flake8", "importlib-resources (>=1.3)", "packaging", "pyfakefs", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=1.3)", "pytest-flake8", "pytest-mypy (>=0.9.1)", "pytest-perf (>=0.9.2)"]
 
@@ -1123,4 +1123,4 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools"
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.7"
-content-hash = "5a55874d1239c94e2a260e1e5c3fb6ff6ec2c617b48e255628e90805426bfb73"
+content-hash = "d3292d9d4193b3f870b8b973863f302a69e7efe3ca5dbe96c02a2676d87cb337"

pyproject.toml

@@ -16,6 +16,7 @@ django-model-utils = "^4.3.1"
 redis = "^4.5.1"
 passlib = "^1.7.4"
 django-debug-toolbar = "^3.8.1"
+importlib-metadata = "<5"
 
 [[tool.poetry.source]]
 name = "gnuviech"