From abc3e7144012709e5a827d4955f41ef7eb1e7c64 Mon Sep 17 00:00:00 2001
From: Adam Outler <adamoutler@gmail.com>
Date: Mon, 17 Nov 2025 20:45:52 +0000
Subject: [PATCH] Remove redundant chown; read only version.

---
 .devcontainer/Dockerfile | 10 ++++++++--
 Dockerfile               |  7 +++----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 135c8b55..66b9fa98 100755
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -140,7 +140,7 @@ RUN install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 ${READ_WRITE_FO
     -exec chmod 750 {} \;"
 
 # Copy version information into the image
-COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .VERSION ${NETALERTX_APP}/.VERSION
+COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .[V]ERSION ${NETALERTX_APP}/.VERSION
 
 # Copy the virtualenv from the builder stage
 COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
@@ -150,7 +150,13 @@ COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
 # This is done after the copy of the venv to ensure the venv is in place
 # although it may be quicker to do it before the copy, it keeps the image
 # layers smaller to do it after.
-RUN apk add libcap && \
+RUN if [ -f .VERSION ]; then \
+        cp .VERSION ${NETALERTX_APP}/.VERSION; \
+    else \
+        echo "DEVELOPMENT $(cd /app && git rev-parse --short HEAD 2>/dev/null || echo '00000000')" > ${NETALERTX_APP}/.VERSION; \
+    fi && \
+    chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${NETALERTX_APP}/.VERSION && \
+    apk add libcap && \
     setcap cap_net_raw+ep /bin/busybox && \
     setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \
     setcap cap_net_raw,cap_net_admin+eip /usr/bin/arp-scan && \
diff --git a/Dockerfile b/Dockerfile
index bce82c48..b080a86e 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -148,12 +148,11 @@ COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
 # although it may be quicker to do it before the copy, it keeps the image
 # layers smaller to do it after.
 RUN if [ -f .VERSION ]; then \
-    cp .VERSION ${NETALERTX_APP}/.VERSION && \
-    chown ${NETALERTX_USER}:${NETALERTX_GROUP} ${NETALERTX_APP}/.VERSION; \
+        cp .VERSION ${NETALERTX_APP}/.VERSION; \
     else \
-    echo "DEVELOPMENT $(cd /app && git rev-parse --short HEAD 2>/dev/null || echo '00000000')" > ${NETALERTX_APP}/.VERSION && \
-    chown ${NETALERTX_USER}:${NETALERTX_GROUP} ${NETALERTX_APP}/.VERSION; \
+        echo "DEVELOPMENT $(cd /app && git rev-parse --short HEAD 2>/dev/null || echo '00000000')" > ${NETALERTX_APP}/.VERSION; \
     fi && \
+    chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${NETALERTX_APP}/.VERSION && \
     apk add libcap && \
     setcap cap_net_raw+ep /bin/busybox && \
     setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \