From e89586b08fa4c3d623b67ba2b3a3876c56b5ca85 Mon Sep 17 00:00:00 2001
From: Bas Zoetekouw <bas.zoetekouw@surf.nl>
Date: Mon, 14 Apr 2025 21:52:17 +0200
Subject: [PATCH 1/3] add python3 basecontainer

---
 python3/bla | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100755 python3/bla

diff --git a/python3/bla b/python3/bla
new file mode 100755
index 0000000..9cd76f6
--- /dev/null
+++ b/python3/bla
@@ -0,0 +1,3 @@
+#!/bin/sh
+echo "hoi"
+exit 0

From d101946ee0d5de86d5ed391edbb5893a8b83ea55 Mon Sep 17 00:00:00 2001
From: Bas Zoetekouw <bas.zoetekouw@surf.nl>
Date: Tue, 18 Feb 2025 11:09:00 +0100
Subject: [PATCH 2/3] remove test file

---
 python3/bla | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100755 python3/bla

diff --git a/python3/bla b/python3/bla
deleted file mode 100755
index 9cd76f6..0000000
--- a/python3/bla
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-echo "hoi"
-exit 0

From c4bcd09cd0a5c467811763a2a4880e113084703d Mon Sep 17 00:00:00 2001
From: Bas Zoetekouw <bas.zoetekouw@surf.nl>
Date: Tue, 18 Feb 2025 15:41:47 +0100
Subject: [PATCH 3/3] Switch python container to standard Debian

---
 python3/Dockerfile        | 19 +++++++++++++++----
 python3/bin/entrypoint.sh |  4 ++--
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/python3/Dockerfile b/python3/Dockerfile
index 6301594..e2175ec 100644
--- a/python3/Dockerfile
+++ b/python3/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/python:3.11-slim-bookworm
+FROM docker.io/library/debian:bookworm-slim
 
 # Do an initial clean up and general upgrade of the distribution
 ENV DEBIAN_FRONTEND=noninteractive
@@ -8,13 +8,16 @@ RUN \
     apt-get -y install                                   \
         build-essential                                  \
         bzip2                                            \
+        ca-certificates                                  \
         curl                                             \
         clang                                            \
         default-libmysqlclient-dev                       \
         git                                              \
         libxmlsec1-dev                                   \
         pkgconf                                          \
+        python3                                          \
         python3-dev                                      \
+        python3-venv                                     \
         util-linux                                       \
         xz-utils                                         \
         && \
@@ -25,12 +28,20 @@ RUN \
 ARG RUNAS_UID
 ARG RUNAS_GID
 
+# install default venv
+RUN \
+    python3 -m venv /venv && \
+    /venv/bin/pip install --upgrade pip wheel setuptools
+
+ENV VIRTUAL_ENV="/venv"
+ENV PATH="/venv/bin:${PATH}"
+
+# Set the default workdir
+WORKDIR /venv
+
 # Copy the startup script
 RUN mkdir /container-init /container-init-post
 COPY --chmod=0755 ./bin/entrypoint.sh /entrypoint.sh
 
-# Set the default workdir
-WORKDIR /opt
-
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["python3"]
diff --git a/python3/bin/entrypoint.sh b/python3/bin/entrypoint.sh
index 89dc238..1fdee04 100755
--- a/python3/bin/entrypoint.sh
+++ b/python3/bin/entrypoint.sh
@@ -27,11 +27,11 @@ then
         echo "Switching to user $RUNAS_UID and group $RUNAS_GID"
         groupadd -g $RUNAS_GID openconext
         useradd -M -u $RUNAS_UID -g $RUNAS_GID openconext
-        PRIVDROP="setpriv --reuid=openconext --regid=openconext --reset-env --clear-groups"
+        PRIVDROP="runuser --user=openconext --group=openconext -- "
     else
         echo "Switching to user $RUNAS_UID"
         useradd -M -u $RUNAS_UID openconext
-        PRIVDROP="setpriv --reuid=openconext --reset-env --clear-groups"
+        PRIVDROP="runuser --user=openconext -- "
 fi
     echo "Dropping privileges to $($PRIVDROP id -u):$($PRIVDROP id -g)"