Docker: Make sure /sbin/gosu exists and has the right permissions #2120
see https://github.com/photoprism/photoprism/discussions/2120
This commit is contained in:
parent
ba644948f9
commit
0ee686ffb1
10 changed files with 30 additions and 16 deletions
4
Makefile
4
Makefile
|
@ -77,10 +77,10 @@ install:
|
||||||
mkdir --mode=$(INSTALL_MODE) -p $(DESTDIR)
|
mkdir --mode=$(INSTALL_MODE) -p $(DESTDIR)
|
||||||
env TMPDIR="$(BUILD_PATH)" ./scripts/dist/install-tensorflow.sh $(DESTDIR)
|
env TMPDIR="$(BUILD_PATH)" ./scripts/dist/install-tensorflow.sh $(DESTDIR)
|
||||||
rm -rf --preserve-root $(DESTDIR)/include
|
rm -rf --preserve-root $(DESTDIR)/include
|
||||||
(cd $(DESTDIR) && mkdir -p bin lib assets config config/examples)
|
(cd $(DESTDIR) && mkdir -p bin sbin lib assets config config/examples)
|
||||||
./scripts/build.sh prod "$(DESTDIR)/bin/$(BINARY_NAME)"
|
./scripts/build.sh prod "$(DESTDIR)/bin/$(BINARY_NAME)"
|
||||||
[ -f "$(GOBIN)/gosu" ] || go install github.com/tianon/gosu@latest
|
[ -f "$(GOBIN)/gosu" ] || go install github.com/tianon/gosu@latest
|
||||||
cp $(GOBIN)/gosu $(DESTDIR)/bin/gosu
|
cp $(GOBIN)/gosu $(DESTDIR)/sbin/gosu
|
||||||
[ ! -f "$(GOBIN)/exif-read-tool" ] || cp $(GOBIN)/exif-read-tool $(DESTDIR)/bin/exif-read-tool
|
[ ! -f "$(GOBIN)/exif-read-tool" ] || cp $(GOBIN)/exif-read-tool $(DESTDIR)/bin/exif-read-tool
|
||||||
rsync -r -l --safe-links --exclude-from=assets/.buildignore --chmod=a+r,u+rw ./assets/ $(DESTDIR)/assets
|
rsync -r -l --safe-links --exclude-from=assets/.buildignore --chmod=a+r,u+rw ./assets/ $(DESTDIR)/assets
|
||||||
cp scripts/dist/heif-convert.sh $(DESTDIR)/bin/heif-convert
|
cp scripts/dist/heif-convert.sh $(DESTDIR)/bin/heif-convert
|
||||||
|
|
|
@ -110,7 +110,9 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
|
||||||
|
|
||||||
# install Go tools
|
# install Go tools
|
||||||
RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest; \
|
RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest; \
|
||||||
cp /go/bin/gosu /bin/gosu && \
|
cp /go/bin/gosu /sbin/gosu && \
|
||||||
|
chown root:root /sbin/gosu && \
|
||||||
|
chmod 755 /sbin/gosu && \
|
||||||
echo "alias ll='ls -alh'" > /photoprism/.bash_aliases && \
|
echo "alias ll='ls -alh'" > /photoprism/.bash_aliases && \
|
||||||
echo "alias ll='ls -alh'" > /root/.bash_aliases && \
|
echo "alias ll='ls -alh'" > /root/.bash_aliases && \
|
||||||
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \
|
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \
|
||||||
|
|
|
@ -121,7 +121,9 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
|
||||||
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
|
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
|
||||||
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
|
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
|
||||||
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
|
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
|
||||||
cp /go/bin/gosu /bin/gosu && \
|
cp /go/bin/gosu /sbin/gosu && \
|
||||||
|
chown root:root /sbin/gosu && \
|
||||||
|
chmod 755 /sbin/gosu && \
|
||||||
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
|
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
|
||||||
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
|
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
|
||||||
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \
|
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \
|
||||||
|
|
|
@ -120,7 +120,9 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
|
||||||
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
|
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
|
||||||
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
|
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
|
||||||
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
|
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
|
||||||
cp /go/bin/gosu /bin/gosu && \
|
cp /go/bin/gosu /sbin/gosu && \
|
||||||
|
chown root:root /sbin/gosu && \
|
||||||
|
chmod 755 /sbin/gosu && \
|
||||||
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
|
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
|
||||||
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
|
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
|
||||||
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \
|
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \
|
||||||
|
|
|
@ -121,7 +121,9 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
|
||||||
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
|
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
|
||||||
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
|
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
|
||||||
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
|
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
|
||||||
cp /go/bin/gosu /bin/gosu && \
|
cp /go/bin/gosu /sbin/gosu && \
|
||||||
|
chown root:root /sbin/gosu && \
|
||||||
|
chmod 755 /sbin/gosu && \
|
||||||
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
|
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
|
||||||
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
|
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
|
||||||
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \
|
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \
|
||||||
|
|
|
@ -85,8 +85,9 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
|
||||||
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
|
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
|
||||||
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
|
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
|
||||||
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
|
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
|
||||||
cp /opt/photoprism/bin/gosu /bin/gosu && \
|
mv /opt/photoprism/sbin/gosu /sbin/gosu && \
|
||||||
chown root:root /bin/gosu && \
|
chown root:root /sbin/gosu && \
|
||||||
|
chmod 755 /sbin/gosu && \
|
||||||
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
|
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
|
||||||
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
|
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
|
||||||
chmod 777 /photoprism && \
|
chmod 777 /photoprism && \
|
||||||
|
|
|
@ -90,6 +90,9 @@ EXPOSE 2342
|
||||||
|
|
||||||
# copy dist files
|
# copy dist files
|
||||||
COPY --from=build /opt/photoprism/ /opt/photoprism
|
COPY --from=build /opt/photoprism/ /opt/photoprism
|
||||||
|
RUN mv /opt/photoprism/sbin/gosu /sbin/gosu && \
|
||||||
|
chown root:root /sbin/gosu && \
|
||||||
|
chmod 755 /sbin/gosu
|
||||||
|
|
||||||
# set container entrypoint script
|
# set container entrypoint script
|
||||||
ENTRYPOINT ["/scripts/entrypoint.sh"]
|
ENTRYPOINT ["/scripts/entrypoint.sh"]
|
||||||
|
|
|
@ -85,8 +85,9 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
|
||||||
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
|
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
|
||||||
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
|
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
|
||||||
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
|
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
|
||||||
cp /opt/photoprism/bin/gosu /bin/gosu && \
|
mv /opt/photoprism/sbin/gosu /sbin/gosu && \
|
||||||
chown root:root /bin/gosu && \
|
chown root:root /sbin/gosu && \
|
||||||
|
chmod 755 /sbin/gosu && \
|
||||||
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
|
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
|
||||||
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
|
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
|
||||||
chmod 777 /photoprism && \
|
chmod 777 /photoprism && \
|
||||||
|
|
|
@ -84,8 +84,9 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
|
||||||
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
|
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
|
||||||
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
|
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
|
||||||
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
|
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
|
||||||
cp /opt/photoprism/bin/gosu /bin/gosu && \
|
mv /opt/photoprism/sbin/gosu /sbin/gosu && \
|
||||||
chown root:root /bin/gosu && \
|
chown root:root /sbin/gosu && \
|
||||||
|
chmod 755 /sbin/gosu && \
|
||||||
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
|
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
|
||||||
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
|
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
|
||||||
chmod 777 /photoprism && \
|
chmod 777 /photoprism && \
|
||||||
|
|
8
scripts/dist/entrypoint.sh
vendored
8
scripts/dist/entrypoint.sh
vendored
|
@ -95,15 +95,15 @@ if [[ ${INIT_SCRIPT} ]] && [[ $(/usr/bin/id -u) == "0" ]] && [[ ${PHOTOPRISM_UID
|
||||||
echo "${@}"
|
echo "${@}"
|
||||||
|
|
||||||
# run command as uid:gid
|
# run command as uid:gid
|
||||||
([[ ${DOCKER_ENV} != "prod" ]] || /bin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "/scripts/audit.sh") \
|
([[ ${DOCKER_ENV} != "prod" ]] || /sbin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "/scripts/audit.sh") \
|
||||||
&& /bin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
|
&& /sbin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
|
||||||
else
|
else
|
||||||
echo "switching to uid ${PHOTOPRISM_UID}"
|
echo "switching to uid ${PHOTOPRISM_UID}"
|
||||||
echo "${@}"
|
echo "${@}"
|
||||||
|
|
||||||
# run command as uid
|
# run command as uid
|
||||||
([[ ${DOCKER_ENV} != "prod" ]] || /bin/gosu "${PHOTOPRISM_UID}" "/scripts/audit.sh") \
|
([[ ${DOCKER_ENV} != "prod" ]] || /sbin/gosu "${PHOTOPRISM_UID}" "/scripts/audit.sh") \
|
||||||
&& /bin/gosu "${PHOTOPRISM_UID}" "$@" &
|
&& /sbin/gosu "${PHOTOPRISM_UID}" "$@" &
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "running as uid $(id -u)"
|
echo "running as uid $(id -u)"
|
||||||
|
|
Loading…
Reference in a new issue