From 91c3750911d6f3deb23ea268be8162e9644ba542 Mon Sep 17 00:00:00 2001
From: Finn Herzfeld <finn@finn.io>
Date: Mon, 3 Dec 2018 09:34:46 -0800
Subject: [PATCH] Run container as non root

---
 .gitlab-ci.yml           | 2 +-
 signal-server.Dockerfile | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3e51516..13bfde0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,4 +12,4 @@ build:signal-server:
     - docker push ${CI_REGISTRY_IMAGE}/signal-server:${CI_COMMIT_SHA:0:8}
     - docker push ${CI_REGISTRY_IMAGE}/signal-server:${CI_COMMIT_REF_SLUG}
     - docker push ${CI_REGISTRY_IMAGE}/signal-server:${VERSION}
-    - echo "docker pull ${CI_REGISTRY_IMAGE}/signal-server:${CI_COMMIT_SHA:0:8}"
+    - echo "docker pull ${CI_REGISTRY_IMAGE}/signal-server:${VERSION}"
diff --git a/signal-server.Dockerfile b/signal-server.Dockerfile
index 42eed8a..0210698 100644
--- a/signal-server.Dockerfile
+++ b/signal-server.Dockerfile
@@ -10,4 +10,5 @@ RUN apt-get update && apt-get install -y openjdk-8-jre-headless
 COPY --from=build /usr/local/src/Signal-Server/target/TextSecureServer-2.02.jar /usr/share/TextSecureServer.jar
 RUN useradd signal
 RUN chown -R signal /usr/share/TextSecureServer.jar
+USER signal
 ENTRYPOINT ["java", "-jar", "/usr/share/TextSecureServer.jar"]