diff --git a/Makefile b/Makefile index 69a355818..e48954ba2 100644 --- a/Makefile +++ b/Makefile @@ -98,7 +98,6 @@ install: rm -rf --preserve-root $(DESTDIR)/include (cd $(DESTDIR) && mkdir -p bin sbin lib assets config config/examples) ./scripts/build.sh prod "$(DESTDIR)/bin/$(BINARY_NAME)" - GOBIN="$(DESTDIR)/sbin" go install github.com/tianon/gosu@latest rsync -r -l --safe-links --exclude-from=assets/.buildignore --chmod=a+r,u+rw ./assets/ $(DESTDIR)/assets wget -O $(DESTDIR)/assets/static/img/wallpaper/welcome.jpg https://cdn.photoprism.app/wallpaper/welcome.jpg wget -O $(DESTDIR)/assets/static/img/preview.jpg https://cdn.photoprism.app/img/preview.jpg diff --git a/docker/photoprism/armv7/Dockerfile b/docker/photoprism/armv7/Dockerfile index da4e82568..0df10c9c3 100644 --- a/docker/photoprism/armv7/Dockerfile +++ b/docker/photoprism/armv7/Dockerfile @@ -101,7 +101,6 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ - mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu && \ apt-get update && apt-get -qq upgrade && apt-get -qq install --no-install-recommends \ libc6 ca-certificates sudo bash tzdata \ gpg zip unzip wget curl rsync make nano \ diff --git a/docker/photoprism/bookworm/Dockerfile b/docker/photoprism/bookworm/Dockerfile index 80d7bd848..2a1e6506a 100644 --- a/docker/photoprism/bookworm/Dockerfile +++ b/docker/photoprism/bookworm/Dockerfile @@ -104,7 +104,6 @@ EXPOSE 2342 # copy dist files COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism -RUN mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu # Declare container entrypoint script. ENTRYPOINT ["/scripts/entrypoint.sh"] diff --git a/docker/photoprism/bullseye/Dockerfile b/docker/photoprism/bullseye/Dockerfile index a8c0b1c75..8c32d1143 100644 --- a/docker/photoprism/bullseye/Dockerfile +++ b/docker/photoprism/bullseye/Dockerfile @@ -104,7 +104,6 @@ EXPOSE 2342 # copy dist files COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism -RUN mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu # Declare container entrypoint script. ENTRYPOINT ["/scripts/entrypoint.sh"] diff --git a/docker/photoprism/buster/Dockerfile b/docker/photoprism/buster/Dockerfile index 3b1fb54c2..1622386ec 100644 --- a/docker/photoprism/buster/Dockerfile +++ b/docker/photoprism/buster/Dockerfile @@ -102,7 +102,6 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ - mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu && \ apt-get update && apt-get -qq dist-upgrade && apt-get -qq install --no-install-recommends \ ca-certificates \ jq \ diff --git a/docker/photoprism/impish/Dockerfile b/docker/photoprism/impish/Dockerfile index 872f02b03..ac64f758f 100644 --- a/docker/photoprism/impish/Dockerfile +++ b/docker/photoprism/impish/Dockerfile @@ -101,7 +101,6 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ - mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu && \ apt-get update && apt-get -qq dist-upgrade && apt-get -qq install --no-install-recommends \ ca-certificates \ jq \ diff --git a/docker/photoprism/jammy/Dockerfile b/docker/photoprism/jammy/Dockerfile index f06d7ed27..ad11ab2bd 100644 --- a/docker/photoprism/jammy/Dockerfile +++ b/docker/photoprism/jammy/Dockerfile @@ -105,7 +105,6 @@ EXPOSE 2342 # Copy app files. COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism -RUN mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu # Declare container entrypoint script. ENTRYPOINT ["/scripts/entrypoint.sh"] diff --git a/scripts/dist/entrypoint.sh b/scripts/dist/entrypoint.sh index 6f2150457..18c392e6b 100755 --- a/scripts/dist/entrypoint.sh +++ b/scripts/dist/entrypoint.sh @@ -96,15 +96,15 @@ if [[ ${INIT_SCRIPT} ]] && [[ $(/usr/bin/id -u) == "0" ]] && [[ ${PHOTOPRISM_UID echo "${@}" # run command as uid:gid - ([[ ${DOCKER_ENV} != "prod" ]] || /usr/local/sbin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "/scripts/audit.sh") \ - && /usr/local/sbin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" & + ([[ ${DOCKER_ENV} != "prod" ]] || /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "${PHOTOPRISM_GID}" --init-groups --inh-caps -all "/scripts/audit.sh") \ + && /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "${PHOTOPRISM_GID}" --init-groups --inh-caps -all "$@" & else echo "switching to uid ${PHOTOPRISM_UID}" echo "${@}" # run command as uid - ([[ ${DOCKER_ENV} != "prod" ]] || /usr/local/sbin/gosu "${PHOTOPRISM_UID}" "/scripts/audit.sh") \ - && /usr/local/sbin/gosu "${PHOTOPRISM_UID}" "$@" & + ([[ ${DOCKER_ENV} != "prod" ]] || /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "$(/usr/bin/id -g "${PHOTOPRISM_UID}")" --init-groups --inh-caps -all "/scripts/audit.sh") \ + && /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "$(/usr/bin/id -g "${PHOTOPRISM_UID}")" --init-groups --inh-caps -all "$@" & fi else echo "running as uid $(id -u)" diff --git a/scripts/dist/install-go-tools.sh b/scripts/dist/install-go-tools.sh index 6edadee48..1ef792367 100755 --- a/scripts/dist/install-go-tools.sh +++ b/scripts/dist/install-go-tools.sh @@ -37,12 +37,6 @@ set -e mkdir -p "$GOPATH/src" -# Install gosu in "/usr/local/sbin". -echo "Installing gosu in /usr/local/sbin..." -GOBIN="/usr/local/sbin" go install github.com/tianon/gosu@latest -chown root:root /usr/local/sbin/gosu -chmod 755 /usr/local/sbin/gosu - # Install remaining tools in "/usr/local/bin". case $DESTARCH in arm | ARM | aarch | armv7l | armhf)