CVE fix | Remove user_setup script

[liranmauda]

Explain the changes

Remove user_setup script

Fixes:

https://issues.redhat.com/browse/DFBUGS-2839

Summary by CodeRabbit

• Chores
  • Simplified container build by removing a redundant runtime user-setup step.
  • Reduced startup complexity and potential permission side effects related to self-modifying system entries.
  • No changes to application behavior, interfaces, or commands; runtime behavior remains unchanged.

[coderabbitai]

Walkthrough

Removed the build-time step that copied and ran build/bin/user_setup from build/Dockerfile and deleted the build/bin/user_setup script; other Dockerfile instructions (operator copy, USER, ENTRYPOINT/CMD) remain unchanged.

Changes

Cohort / File(s)	Summary
Dockerfile modification build/Dockerfile	Removed the build-time COPY of build/bin/* to /usr/local/bin and the RUN /usr/local/bin/user_setup invocation; retained COPY of operator binary, USER, ENTRYPOINT, and CMD.
Deleted runtime setup script build/bin/user_setup	File removed; previously created HOME, adjusted ownership and permissions (including /etc/passwd), enabled shell tracing, and self-removed at the end of execution.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Docker Build
  participant Img as Image
  participant Ctr as Container Runtime

  rect rgba(230,240,255,0.5)
  note over Dev,Img: Build-time (updated)
  Dev->>Img: COPY operator binary (`${NOOBAA_BIN_PATH}` → `${OPERATOR}`)
  note over Dev,Img: Previously also copied `build/bin/user_setup` and ran it (removed)
  Dev->>Img: Set USER, ENTRYPOINT, CMD
  end

  rect rgba(240,255,240,0.5)
  note over Img,Ctr: Runtime
  Ctr->>Img: Start container with ENTRYPOINT/CMD as configured
  note over Img: No build-added `user_setup` adjustments to HOME or `/etc/passwd`
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The PR description states "Remove user_setup script" and links to a Red Hat issue but does not follow the repository's required template. It is missing the "### Testing Instructions" section and the checklist items (Doc added/updated, Tests added), and the heading "### Fixes:" differs from the template's "### Issues: Fixed #xxx" format. Because required template sections and verification steps are absent, the description is incomplete and fails the template check.	Please update the PR description to match the repository template exactly: expand "### Explain the changes" with a brief rationale and implementation notes, change the issue line to "### Issues: Fixed #xxx" or include the numeric issue reference, and add a "### Testing Instructions" section with concrete verification steps and expected results. Also mark the checklist items to indicate whether documentation or tests were added or are not applicable, and include any CVE identifier or security advisory links for auditability. After these additions the description should be re-reviewed for completeness before merging.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "CVE fix
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a340258 and 517a771.

📒 Files selected for processing (2)

• build/Dockerfile (0 hunks)
• build/bin/user_setup (0 hunks)

💤 Files with no reviewable changes (2)

• build/bin/user_setup
• build/Dockerfile

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (13)

• GitHub Check: run-cli-tests
• GitHub Check: run-kms-kmip-test
• GitHub Check: run-kms-tls-sa-test
• GitHub Check: run-kms-dev-test
• GitHub Check: run-core-config-map-tests
• GitHub Check: golangci-lint
• GitHub Check: run-azure-vault-test
• GitHub Check: cnpg-deployment-test
• GitHub Check: run-admission-test
• GitHub Check: run-operator-tests
• GitHub Check: run-hac-test
• GitHub Check: run-kms-key-rotate-test
• GitHub Check: run-kms-tls-token-test

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}