From ba429fa7247873cdaa31ff763aeeed410c68e43c Mon Sep 17 00:00:00 2001
From: kevinf100 <12779728+kevinf100@users.noreply.github.com>
Date: Mon, 26 Aug 2024 22:34:46 -0400
Subject: [PATCH 1/3] Use Docker's chmod flag in copy and made playit no longer
 run as root.

---
 Dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4563a2cc..6dffe2e2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -36,11 +36,15 @@ RUN cargo build --release --all
 ########## RUNTIME CONTAINER ##########
 
 FROM alpine:3.18
+ARG PLAYIT_GUID=2000
+ARG PLAYIT_UUID=2000
 RUN apk add --no-cache ca-certificates
 
 COPY --from=build-env /src/playit-agent/target/release/playit-cli /usr/local/bin/playit
 RUN mkdir /playit
-COPY docker/entrypoint.sh /playit/entrypoint.sh
-RUN chmod +x /playit/entrypoint.sh
+COPY --chmod=1755 docker/entrypoint.sh /playit/
+
+RUN addgroup -g ${PLAYIT_GUID} playit && adduser -Sh /playit -u ${PLAYIT_UUID} -G playit playit
+USER playit
 
 ENTRYPOINT ["/playit/entrypoint.sh"]

From 3b2105500c417dfc11d7772c87bce7b1fde65ac1 Mon Sep 17 00:00:00 2001
From: kevinf100 <12779728+kevinf100@users.noreply.github.com>
Date: Mon, 26 Aug 2024 22:57:10 -0400
Subject: [PATCH 2/3] Do not set user home.

This will create a home in /home, but setting the home makes Linux change /playit owner to be playit. We want it to stay as root as you can freely mess with files in a folder you own, regardless of the permission of that file.
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 6dffe2e2..c6176eec 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -44,7 +44,7 @@ COPY --from=build-env /src/playit-agent/target/release/playit-cli /usr/local/bin
 RUN mkdir /playit
 COPY --chmod=1755 docker/entrypoint.sh /playit/
 
-RUN addgroup -g ${PLAYIT_GUID} playit && adduser -Sh /playit -u ${PLAYIT_UUID} -G playit playit
+RUN addgroup -g ${PLAYIT_GUID} playit && adduser -S -u ${PLAYIT_UUID} -G playit playit
 USER playit
 
 ENTRYPOINT ["/playit/entrypoint.sh"]

From 80ab05e9d51e2c0e18797e40fb4b54559327cc63 Mon Sep 17 00:00:00 2001
From: Kevinf100 <12779728+kevinf100@users.noreply.github.com>
Date: Thu, 12 Sep 2024 21:52:26 -0400
Subject: [PATCH 3/3] No more home for user and added SIGTERM handler.

---
 Dockerfile           |  2 +-
 docker/entrypoint.sh | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c6176eec..d431a61c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -44,7 +44,7 @@ COPY --from=build-env /src/playit-agent/target/release/playit-cli /usr/local/bin
 RUN mkdir /playit
 COPY --chmod=1755 docker/entrypoint.sh /playit/
 
-RUN addgroup -g ${PLAYIT_GUID} playit && adduser -S -u ${PLAYIT_UUID} -G playit playit
+RUN addgroup -g ${PLAYIT_GUID} playit && adduser -S --no-create-home -u ${PLAYIT_UUID} -G playit playit
 USER playit
 
 ENTRYPOINT ["/playit/entrypoint.sh"]
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index bafc159f..303859f6 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -10,4 +10,18 @@ if [ -z "${SECRET_KEY}" ]; then
   fi
 fi
 
-playit -s --secret "${SECRET_KEY}" --platform_docker start
+term_handler() {
+
+  echo "Shutting down Playit."
+  kill -SIGTERM $PlayitPID
+  wait $PlayitPID
+	exit
+}
+trap 'term_handler' SIGTERM
+
+
+playit -s --secret "${SECRET_KEY}" --platform_docker start &
+
+PlayitPID=$!
+
+wait $PlayitPID
\ No newline at end of file