From 8ed35ddac182cd86fc597a128c2c4248a7976154 Mon Sep 17 00:00:00 2001
From: Jeff Schroeder <jeffschroeder@computer.org>
Date: Tue, 6 Dec 2022 11:35:16 -0500
Subject: [PATCH] docker: update node build to not copy executables (#2075)

Refs: #2073

Since the stuff under /bin might not have the right libraries to run,
don't copy it. This is not a general purpose operating system image
and is meant to be minimal.
---
 Dockerfile.node | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Dockerfile.node b/Dockerfile.node
index c1d87c7cd..d3a1dc185 100644
--- a/Dockerfile.node
+++ b/Dockerfile.node
@@ -31,10 +31,12 @@ FROM scratch as export
 
 # guardiand can't (easily) be statically linked due to the C dependencies, so we
 # have to copy all the dynamic libraries
-COPY --from=build /bin/* /bin/
 COPY --from=build /lib/* /lib/
 COPY --from=build /lib64/* /lib64/
 
+# Copy the shells as entrypoints, but no utilities are necessary
+COPY --from=build /bin/bash /bin/dash /bin/sh /bin/
+
 # finally copy the guardian executable
 COPY --from=build /guardiand .