Securize Dockerfile (#506)

3 files changed, 8 insertions, 4 deletions

diff --git a/Dockerfile b/Dockerfile
index 408d3992..178c883f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM lukemathwalker/cargo-chef:latest-rust-1.59 AS chef
+FROM lukemathwalker/cargo-chef:latest-rust-1.63 AS chef
 WORKDIR app
 
 FROM chef AS planner
@@ -16,9 +16,13 @@ RUN cargo chef cook --release --recipe-path recipe.json
 COPY . .
 RUN cargo build --release --bin atuin
 
-FROM debian:bullseye-20211011-slim AS runtime
+FROM debian:bullseye-20220801-slim AS runtime
+
+RUN useradd -c 'atuin user' atuin && mkdir /config && chown atuin:atuin /config
 WORKDIR app
 
+USER atuin
+
 ENV TZ=Etc/UTC
 ENV RUST_LOG=atuin::api=info
 ENV ATUIN_CONFIG_DIR=/config
diff --git a/atuin-client/src/history.rs b/atuin-client/src/history.rs
index 59519143..9a26c95d 100644
--- a/atuin-client/src/history.rs
+++ b/atuin-client/src/history.rs
@@ -6,7 +6,7 @@ use serde::{Deserialize, Serialize};
 use atuin_common::utils::uuid_v4;
 
 // Any new fields MUST be Optional<>!
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, sqlx::FromRow)]
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, sqlx::FromRow)]
 pub struct History {
     pub id: String,
     pub timestamp: chrono::DateTime<Utc>,
diff --git a/atuin-client/src/settings.rs b/atuin-client/src/settings.rs
index 863a5b9b..d8720574 100644
--- a/atuin-client/src/settings.rs
+++ b/atuin-client/src/settings.rs
@@ -24,7 +24,7 @@ pub enum SearchMode {
     Fuzzy,
 }
 
-#[derive(Clone, Debug, Deserialize, Copy, PartialEq)]
+#[derive(Clone, Debug, Deserialize, Copy, PartialEq, Eq)]
 pub enum FilterMode {
     #[serde(rename = "global")]
     Global,