Docker: Make sure /sbin/gosu exists and has the right permissions #2120

see https://github.com/photoprism/photoprism/discussions/2120
This commit is contained in:
Michael Mayer 2022-03-17 17:02:38 +01:00
parent ba644948f9
commit 0ee686ffb1
10 changed files with 30 additions and 16 deletions

View file

@ -77,10 +77,10 @@ install:
mkdir --mode=$(INSTALL_MODE) -p $(DESTDIR) mkdir --mode=$(INSTALL_MODE) -p $(DESTDIR)
env TMPDIR="$(BUILD_PATH)" ./scripts/dist/install-tensorflow.sh $(DESTDIR) env TMPDIR="$(BUILD_PATH)" ./scripts/dist/install-tensorflow.sh $(DESTDIR)
rm -rf --preserve-root $(DESTDIR)/include rm -rf --preserve-root $(DESTDIR)/include
(cd $(DESTDIR) && mkdir -p bin lib assets config config/examples) (cd $(DESTDIR) && mkdir -p bin sbin lib assets config config/examples)
./scripts/build.sh prod "$(DESTDIR)/bin/$(BINARY_NAME)" ./scripts/build.sh prod "$(DESTDIR)/bin/$(BINARY_NAME)"
[ -f "$(GOBIN)/gosu" ] || go install github.com/tianon/gosu@latest [ -f "$(GOBIN)/gosu" ] || go install github.com/tianon/gosu@latest
cp $(GOBIN)/gosu $(DESTDIR)/bin/gosu cp $(GOBIN)/gosu $(DESTDIR)/sbin/gosu
[ ! -f "$(GOBIN)/exif-read-tool" ] || cp $(GOBIN)/exif-read-tool $(DESTDIR)/bin/exif-read-tool [ ! -f "$(GOBIN)/exif-read-tool" ] || cp $(GOBIN)/exif-read-tool $(DESTDIR)/bin/exif-read-tool
rsync -r -l --safe-links --exclude-from=assets/.buildignore --chmod=a+r,u+rw ./assets/ $(DESTDIR)/assets rsync -r -l --safe-links --exclude-from=assets/.buildignore --chmod=a+r,u+rw ./assets/ $(DESTDIR)/assets
cp scripts/dist/heif-convert.sh $(DESTDIR)/bin/heif-convert cp scripts/dist/heif-convert.sh $(DESTDIR)/bin/heif-convert

View file

@ -110,7 +110,9 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
# install Go tools # install Go tools
RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest; \ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest; \
cp /go/bin/gosu /bin/gosu && \ cp /go/bin/gosu /sbin/gosu && \
chown root:root /sbin/gosu && \
chmod 755 /sbin/gosu && \
echo "alias ll='ls -alh'" > /photoprism/.bash_aliases && \ echo "alias ll='ls -alh'" > /photoprism/.bash_aliases && \
echo "alias ll='ls -alh'" > /root/.bash_aliases && \ echo "alias ll='ls -alh'" > /root/.bash_aliases && \
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \ echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \

View file

@ -121,7 +121,9 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \ /usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \ /usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \ /usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
cp /go/bin/gosu /bin/gosu && \ cp /go/bin/gosu /sbin/gosu && \
chown root:root /sbin/gosu && \
chmod 755 /sbin/gosu && \
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \ echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \

View file

@ -120,7 +120,9 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \ /usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \ /usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \ /usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
cp /go/bin/gosu /bin/gosu && \ cp /go/bin/gosu /sbin/gosu && \
chown root:root /sbin/gosu && \
chmod 755 /sbin/gosu && \
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \ echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \

View file

@ -121,7 +121,9 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
/usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \ /usr/local/go/bin/go install github.com/kyoh86/richgo@latest && \
/usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \ /usr/local/go/bin/go install github.com/psampaz/go-mod-outdated@latest && \
/usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \ /usr/local/go/bin/go install github.com/dsoprea/go-exif/v3/command/exif-read-tool@latest; \
cp /go/bin/gosu /bin/gosu && \ cp /go/bin/gosu /sbin/gosu && \
chown root:root /sbin/gosu && \
chmod 755 /sbin/gosu && \
echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \
echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \ echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \

View file

@ -85,8 +85,9 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
cp /opt/photoprism/bin/gosu /bin/gosu && \ mv /opt/photoprism/sbin/gosu /sbin/gosu && \
chown root:root /bin/gosu && \ chown root:root /sbin/gosu && \
chmod 755 /sbin/gosu && \
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \ groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \ useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
chmod 777 /photoprism && \ chmod 777 /photoprism && \

View file

@ -90,6 +90,9 @@ EXPOSE 2342
# copy dist files # copy dist files
COPY --from=build /opt/photoprism/ /opt/photoprism COPY --from=build /opt/photoprism/ /opt/photoprism
RUN mv /opt/photoprism/sbin/gosu /sbin/gosu && \
chown root:root /sbin/gosu && \
chmod 755 /sbin/gosu
# set container entrypoint script # set container entrypoint script
ENTRYPOINT ["/scripts/entrypoint.sh"] ENTRYPOINT ["/scripts/entrypoint.sh"]

View file

@ -85,8 +85,9 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
cp /opt/photoprism/bin/gosu /bin/gosu && \ mv /opt/photoprism/sbin/gosu /sbin/gosu && \
chown root:root /bin/gosu && \ chown root:root /sbin/gosu && \
chmod 755 /sbin/gosu && \
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \ groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \ useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
chmod 777 /photoprism && \ chmod 777 /photoprism && \

View file

@ -84,8 +84,9 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
cp /opt/photoprism/bin/gosu /bin/gosu && \ mv /opt/photoprism/sbin/gosu /sbin/gosu && \
chown root:root /bin/gosu && \ chown root:root /sbin/gosu && \
chmod 755 /sbin/gosu && \
groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \ groupadd -f -r -g 44 video && groupadd -f -r -g 109 render && groupadd -f -g 1000 photoprism && \
useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \ useradd -m -g 1000 -u 1000 -d /photoprism -G video,render photoprism && \
chmod 777 /photoprism && \ chmod 777 /photoprism && \

View file

@ -95,15 +95,15 @@ if [[ ${INIT_SCRIPT} ]] && [[ $(/usr/bin/id -u) == "0" ]] && [[ ${PHOTOPRISM_UID
echo "${@}" echo "${@}"
# run command as uid:gid # run command as uid:gid
([[ ${DOCKER_ENV} != "prod" ]] || /bin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "/scripts/audit.sh") \ ([[ ${DOCKER_ENV} != "prod" ]] || /sbin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "/scripts/audit.sh") \
&& /bin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" & && /sbin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
else else
echo "switching to uid ${PHOTOPRISM_UID}" echo "switching to uid ${PHOTOPRISM_UID}"
echo "${@}" echo "${@}"
# run command as uid # run command as uid
([[ ${DOCKER_ENV} != "prod" ]] || /bin/gosu "${PHOTOPRISM_UID}" "/scripts/audit.sh") \ ([[ ${DOCKER_ENV} != "prod" ]] || /sbin/gosu "${PHOTOPRISM_UID}" "/scripts/audit.sh") \
&& /bin/gosu "${PHOTOPRISM_UID}" "$@" & && /sbin/gosu "${PHOTOPRISM_UID}" "$@" &
fi fi
else else
echo "running as uid $(id -u)" echo "running as uid $(id -u)"