Spaces:
Running
Running
Fix Dockerfile for HF Spaces: run as uid 1000, copy hf CLI to /usr/local/bin
Browse filesHF Spaces runs containers as uid 1000, not root. The hf CLI was only
accessible at /root/.local/bin/. Now copies it to /usr/local/bin/ and
creates a proper non-root user.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Dockerfile +6 -2
Dockerfile
CHANGED
|
@@ -2,11 +2,11 @@ FROM python:3.12-slim
|
|
| 2 |
|
| 3 |
WORKDIR /app
|
| 4 |
|
| 5 |
-
# Install Rust hf CLI for bucket sync
|
| 6 |
RUN apt-get update && apt-get install -y curl && \
|
| 7 |
curl -LsSf https://hf.co/cli/install.sh | bash && \
|
|
|
|
| 8 |
apt-get clean && rm -rf /var/lib/apt/lists/*
|
| 9 |
-
ENV PATH="/root/.local/bin:$PATH"
|
| 10 |
|
| 11 |
# Install dependencies
|
| 12 |
COPY pyproject.toml .
|
|
@@ -17,6 +17,10 @@ COPY backend/ backend/
|
|
| 17 |
COPY frontend/ frontend/
|
| 18 |
COPY settings.json .
|
| 19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 20 |
# HF Spaces uses port 7860
|
| 21 |
EXPOSE 7860
|
| 22 |
|
|
|
|
| 2 |
|
| 3 |
WORKDIR /app
|
| 4 |
|
| 5 |
+
# Install Rust hf CLI for bucket sync (to /usr/local/bin so it's accessible to all users)
|
| 6 |
RUN apt-get update && apt-get install -y curl && \
|
| 7 |
curl -LsSf https://hf.co/cli/install.sh | bash && \
|
| 8 |
+
cp /root/.local/bin/hf /usr/local/bin/hf && \
|
| 9 |
apt-get clean && rm -rf /var/lib/apt/lists/*
|
|
|
|
| 10 |
|
| 11 |
# Install dependencies
|
| 12 |
COPY pyproject.toml .
|
|
|
|
| 17 |
COPY frontend/ frontend/
|
| 18 |
COPY settings.json .
|
| 19 |
|
| 20 |
+
# HF Spaces runs as uid 1000
|
| 21 |
+
RUN useradd -m -u 1000 user && chown -R user:user /app
|
| 22 |
+
USER user
|
| 23 |
+
|
| 24 |
# HF Spaces uses port 7860
|
| 25 |
EXPOSE 7860
|
| 26 |
|