add /tmp directory to scratch image

Author: umputun

Makefile

@@ -13,9 +13,9 @@ build_go_multi:
 	docker buildx build --platform linux/amd64,linux/arm64 --pull -t umputun/baseimage:buildgo-latest -t ghcr.io/umputun/baseimage/buildgo:latest build.go -f build.go/Dockerfile
 
 build_scratch:
-	docker build --pull -t umputun/baseimage:scratch-latest -t ghcr.io/umputun/baseimage/scratch:latest build.go -f base.scratch/Dockerfile
+	docker build --pull -t umputun/baseimage:scratch-latest -t ghcr.io/umputun/baseimage/scratch:latest base.scratch -f base.scratch/Dockerfile
 
 build_scratch_multi:
-	docker buildx build --platform linux/amd64,linux/arm64 --pull -t umputun/baseimage:scratch-latest -t ghcr.io/umputun/baseimage/scratch:latest build.go -f base.scratch/Dockerfile
+	docker buildx build --platform linux/amd64,linux/arm64 --pull -t umputun/baseimage:scratch-latest -t ghcr.io/umputun/baseimage/scratch:latest base.scratch -f base.scratch/Dockerfile
 
 .PHONY: all

README.md

@@ -104,6 +104,7 @@ Image `ghcr.io/umputun/baseimage/scratch:latest` (or `umputun/baseimage:scratch-
 - zoneinfo to allow change the timezone of the running application using the `TZ` environment variable
 - SSL certificates (ca-certificates)
 - `/etc/passwd` and `/etc/groups` with `app` user and group added (UID:1001, GID:1001)
+- `/tmp` directory with sticky bit permissions (1777), writable by any user
 - `/nop` program to wait forever and do nothing
 
 Container sets user to `app` and working directory to `/srv`, no entrypoint set. In order to change time zone `TZ` env can be used.

base.scratch/Dockerfile

@@ -21,6 +21,7 @@ COPY --from=prep /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=prep /etc/passwd /etc/passwd
 COPY --from=prep /etc/group /etc/group
 COPY --from=prep /tmp/nop /nop
+ADD tmp.tar /
 
 USER app
 WORKDIR /srv