Update Dockerfile

Dockerfile

@@ -2,7 +2,8 @@ FROM nvidia/cuda:11.3.1-base-ubuntu20.04
 ENV DEBIAN_FRONTEND=noninteractive \
 	TZ=Europe/Paris
 
-# Use a single RUN command to reduce image layers and improve build speed
+# Remove any third-party apt sources to avoid issues with expiring keys.
+# Install some basic utilities
 RUN rm -f /etc/apt/sources.list.d/*.list && \
     apt-get update && apt-get install -y --no-install-recommends \
     curl \
@@ -24,46 +25,42 @@ RUN rm -f /etc/apt/sources.list.d/*.list && \
     nano \
     bzip2 \
     libx11-6 \
+    python3-pip \
     build-essential \
     libsndfile-dev \
     software-properties-common \
-    python3-pip  # Install pip for Python package management\
-    python3-bottle # Install the missing bottle library\
  && rm -rf /var/lib/apt/lists/*
 
 RUN add-apt-repository ppa:flexiondotorg/nvtop && \
-    apt-get update && \  # Update again after adding the PPA
     apt-get upgrade -y && \
-    apt-get install -y --no-install-recommends nvtop && \
-    rm -rf /var/lib/apt/lists/*
+    apt-get install -y --no-install-recommends nvtop
 
-
-RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
-    apt-get update && \ # Update after adding node.js source
+RUN curl -sL https://deb.nodesource.com/setup_14.x  | bash - && \
     apt-get install -y nodejs && \
-    npm install -g configurable-http-proxy && \
-    rm -rf /var/lib/apt/lists/*
+    npm install -g configurable-http-proxy
 
 # Create a working directory
 WORKDIR /app
 
 # Create a non-root user and switch to it
-RUN useradd --create-home --shell /bin/bash user  # Use useradd which is preferred
+RUN adduser --disabled-password --gecos '' --shell /bin/bash user \
+ && chown -R user:user /app
 RUN echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-user
 USER user
 
-# All users can use /home/user as their home directory (already set by useradd --create-home)
+# All users can use /home/user as their home directory
 ENV HOME=/home/user
-RUN mkdir $HOME/.cache $HOME/.config && chmod -R 777 $HOME  # $HOME is already defined
+RUN mkdir $HOME/.cache $HOME/.config \
+ && chmod -R 777 $HOME
 
 # Set up the Conda environment
 ENV CONDA_AUTO_UPDATE_CONDA=false \
     PATH=$HOME/miniconda/bin:$PATH
-RUN curl -sLo ~/miniconda.sh https://repo.continuum.io/miniconda/Miniconda3-py39_4.10.3-Linux-x86_64.sh && \
-    chmod +x ~/miniconda.sh && \
-    ~/miniconda.sh -b -p ~/miniconda && \
-    rm ~/miniconda.sh && \
-    conda clean -ya
+RUN curl -sLo ~/miniconda.sh https://repo.continuum.io/miniconda/Miniconda3-py39_4.10.3-Linux-x86_64.sh \
+ && chmod +x ~/miniconda.sh \
+ && ~/miniconda.sh -b -p ~/miniconda \
+ && rm ~/miniconda.sh \
+ && conda clean -ya
 
 WORKDIR $HOME/app
 
@@ -74,15 +71,17 @@ WORKDIR $HOME/app
 USER root
 
 # User Debian packages
-COPY packages.txt /root/ # Copy before using it in RUN
-RUN apt-get update && \
-    xargs -r -a /root/packages.txt apt-get install -y --no-install-recommends && \
-    rm -rf /var/lib/apt/lists/*
+## Security warning : Potential user code executed as root (build time)
+RUN --mount=target=/root/packages.txt,source=packages.txt \
+    apt-get update && \
+    xargs -r -a /root/packages.txt apt-get install -y --no-install-recommends \
+    && rm -rf /var/lib/apt/lists/*
 
-COPY on_startup.sh /root/  # Copy before using
-RUN chmod +x /root/on_startup.sh && /root/on_startup.sh
+RUN --mount=target=/root/on_startup.sh,source=on_startup.sh,readwrite \
+	bash /root/on_startup.sh
 
 RUN mkdir /data && chown user:user /data
+RUN pip install bottle
 
 #######################################
 # End root user section
@@ -91,8 +90,8 @@ RUN mkdir /data && chown user:user /data
 USER user
 
 # Python packages
-COPY --chown=user:user . $HOME/app
-
+# Copy the current directory contents into the container at $HOME/app setting the owner to the user
+COPY --chown=user . $HOME/app
 
 ENV PYTHONUNBUFFERED=1 \
 	GRADIO_ALLOW_FLAGGING=never \