luisgulo/photoprism
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Switch from gosu to setpriv

Browse source 
Preserves supplementary groups if `PHOTOPRISM_GID` is set.
Removes gosu installation as it is no longer needed.
This commit is contained in:
Aaron Kollasch 2022-09-22 04:04:49 -04:00 committed by Michael Mayer
parent f5a8c5a45d
commit 7ab3669fdb
9 changed files with 4 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Makefile
View file

@ -98,7 +98,6 @@ install:
rm -rf --preserve-root $(DESTDIR)/include rm -rf --preserve-root $(DESTDIR)/include
(cd $(DESTDIR) && mkdir -p bin sbin lib assets config config/examples) (cd $(DESTDIR) && mkdir -p bin sbin lib assets config config/examples)
./scripts/build.sh prod "$(DESTDIR)/bin/$(BINARY_NAME)" ./scripts/build.sh prod "$(DESTDIR)/bin/$(BINARY_NAME)"
GOBIN="$(DESTDIR)/sbin" go install github.com/tianon/gosu@latest
rsync -r -l --safe-links --exclude-from=assets/.buildignore --chmod=a+r,u+rw ./assets/ $(DESTDIR)/assets rsync -r -l --safe-links --exclude-from=assets/.buildignore --chmod=a+r,u+rw ./assets/ $(DESTDIR)/assets
wget -O $(DESTDIR)/assets/static/img/wallpaper/welcome.jpg https://cdn.photoprism.app/wallpaper/welcome.jpg wget -O $(DESTDIR)/assets/static/img/wallpaper/welcome.jpg https://cdn.photoprism.app/wallpaper/welcome.jpg
wget -O $(DESTDIR)/assets/static/img/preview.jpg https://cdn.photoprism.app/img/preview.jpg wget -O $(DESTDIR)/assets/static/img/preview.jpg https://cdn.photoprism.app/img/preview.jpg

1
docker/photoprism/armv7/Dockerfile
View file

@ -101,7 +101,6 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu && \
apt-get update && apt-get -qq upgrade && apt-get -qq install --no-install-recommends \ apt-get update && apt-get -qq upgrade && apt-get -qq install --no-install-recommends \
libc6 ca-certificates sudo bash tzdata \ libc6 ca-certificates sudo bash tzdata \
gpg zip unzip wget curl rsync make nano \ gpg zip unzip wget curl rsync make nano \

1
docker/photoprism/bookworm/Dockerfile
View file

@ -104,7 +104,6 @@ EXPOSE 2342
# copy dist files # copy dist files
COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism
RUN mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu
# Declare container entrypoint script. # Declare container entrypoint script.
ENTRYPOINT ["/scripts/entrypoint.sh"] ENTRYPOINT ["/scripts/entrypoint.sh"]

1
docker/photoprism/bullseye/Dockerfile
View file

@ -104,7 +104,6 @@ EXPOSE 2342
# copy dist files # copy dist files
COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism
RUN mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu
# Declare container entrypoint script. # Declare container entrypoint script.
ENTRYPOINT ["/scripts/entrypoint.sh"] ENTRYPOINT ["/scripts/entrypoint.sh"]

1
docker/photoprism/buster/Dockerfile
View file

@ -102,7 +102,6 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu && \
apt-get update && apt-get -qq dist-upgrade && apt-get -qq install --no-install-recommends \ apt-get update && apt-get -qq dist-upgrade && apt-get -qq install --no-install-recommends \
ca-certificates \ ca-certificates \
jq \ jq \

1
docker/photoprism/impish/Dockerfile
View file

@ -101,7 +101,6 @@ RUN echo 'APT::Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \ echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/80suggests && \
echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \ echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/80forceyes && \
echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \ echo 'APT::Get::Fix-Missing "true";' > /etc/apt/apt.conf.d/80fixmissing && \
mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu && \
apt-get update && apt-get -qq dist-upgrade && apt-get -qq install --no-install-recommends \ apt-get update && apt-get -qq dist-upgrade && apt-get -qq install --no-install-recommends \
ca-certificates \ ca-certificates \
jq \ jq \

1
docker/photoprism/jammy/Dockerfile
View file

@ -105,7 +105,6 @@ EXPOSE 2342
# Copy app files. # Copy app files.
COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism COPY --from=build --chown=root:root --chmod=755 /opt/photoprism/ /opt/photoprism
RUN mv /opt/photoprism/sbin/gosu /usr/local/sbin/gosu
# Declare container entrypoint script. # Declare container entrypoint script.
ENTRYPOINT ["/scripts/entrypoint.sh"] ENTRYPOINT ["/scripts/entrypoint.sh"]

8
scripts/dist/entrypoint.sh vendored
View file

@ -96,15 +96,15 @@ if [[ ${INIT_SCRIPT} ]] && [[ $(/usr/bin/id -u) == "0" ]] && [[ ${PHOTOPRISM_UID
echo "${@}" echo "${@}"
# run command as uid:gid # run command as uid:gid
([[ ${DOCKER_ENV} != "prod" ]] || /usr/local/sbin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "/scripts/audit.sh") \ ([[ ${DOCKER_ENV} != "prod" ]] || /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "${PHOTOPRISM_GID}" --init-groups --inh-caps -all "/scripts/audit.sh") \
&& /usr/local/sbin/gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" & && /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "${PHOTOPRISM_GID}" --init-groups --inh-caps -all "$@" &
else else
echo "switching to uid ${PHOTOPRISM_UID}" echo "switching to uid ${PHOTOPRISM_UID}"
echo "${@}" echo "${@}"
# run command as uid # run command as uid
([[ ${DOCKER_ENV} != "prod" ]] || /usr/local/sbin/gosu "${PHOTOPRISM_UID}" "/scripts/audit.sh") \ ([[ ${DOCKER_ENV} != "prod" ]] || /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "$(/usr/bin/id -g "${PHOTOPRISM_UID}")" --init-groups --inh-caps -all "/scripts/audit.sh") \
&& /usr/local/sbin/gosu "${PHOTOPRISM_UID}" "$@" & && /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "$(/usr/bin/id -g "${PHOTOPRISM_UID}")" --init-groups --inh-caps -all "$@" &
fi fi
else else
echo "running as uid $(id -u)" echo "running as uid $(id -u)"

6
scripts/dist/install-go-tools.sh vendored
View file

@ -37,12 +37,6 @@ set -e
mkdir -p "$GOPATH/src" mkdir -p "$GOPATH/src"
# Install gosu in "/usr/local/sbin".
echo "Installing gosu in /usr/local/sbin..."
GOBIN="/usr/local/sbin" go install github.com/tianon/gosu@latest
chown root:root /usr/local/sbin/gosu
chmod 755 /usr/local/sbin/gosu
# Install remaining tools in "/usr/local/bin". # Install remaining tools in "/usr/local/bin".
case $DESTARCH in case $DESTARCH in
arm | ARM | aarch | armv7l | armhf) arm | ARM | aarch | armv7l | armhf)