From 787378bd75e13dbd6265fa09de4bfe50306bef1d Mon Sep 17 00:00:00 2001
From: Chevdor <chevdor@users.noreply.github.com>
Date: Mon, 4 Oct 2021 16:22:39 +0200
Subject: [PATCH] Update docker/substrate_builder.Dockerfile

Co-authored-by: Denis Pisarev <denis.pisarev@parity.io>
---
 docker/substrate_builder.Dockerfile | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/docker/substrate_builder.Dockerfile b/docker/substrate_builder.Dockerfile
index f374c1c54eca9..d0812c1a80c40 100644
--- a/docker/substrate_builder.Dockerfile
+++ b/docker/substrate_builder.Dockerfile
@@ -15,23 +15,21 @@ LABEL description="Multistage Docker image for Substrate: a platform for web3" \
 	io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/docker/substrate_builder.Dockerfile" \
 	io.parity.image.documentation="https://github.com/paritytech/polkadot/"
 
-RUN useradd -m -u 1000 -U -s /bin/sh -d /substrate substrate && \
-	mkdir -p /data /substrate/.local/share/substrate && \
-	chown -R substrate:substrate /data && \
-	ln -s /data /substrate/.local/share/substrate
-
 COPY --from=builder /substrate/target/release/substrate /usr/local/bin
 COPY --from=builder /substrate/target/release/subkey /usr/local/bin
 COPY --from=builder /substrate/target/release/node-template /usr/local/bin
 COPY --from=builder /substrate/target/release/chain-spec-builder /usr/local/bin
 
+RUN useradd -m -u 1000 -U -s /bin/sh -d /substrate substrate && \
+	mkdir -p /data /substrate/.local/share/substrate && \
+	chown -R substrate:substrate /data && \
+	ln -s /data /substrate/.local/share/substrate && \
+# unclutter and minimize the attack surface
+	rm -rf /usr/bin /usr/sbin && \
 # Sanity checks
-RUN ldd /usr/local/bin/substrate && \
+	ldd /usr/local/bin/substrate && \
 	/usr/local/bin/substrate --version
 
-# Remove whatever not required
-RUN rm -rf /usr/bin /usr/sbin
-
 USER substrate
 EXPOSE 30333 9933 9944 9615
 VOLUME ["/data"]