photoprism/scripts/dist/entrypoint.sh
Aaron Kollasch 7ab3669fdb Switch from gosu to setpriv
Preserves supplementary groups if `PHOTOPRISM_GID` is set.
Removes gosu installation as it is no longer needed.
2022-09-28 09:45:32 +02:00

122 lines
4.2 KiB
Bash
Executable File

#!/usr/bin/env bash
# regular expressions
re='^[0-9]+$'
# set env defaults
export PHOTOPRISM_ARCH=${PHOTOPRISM_ARCH:-arch}
export DOCKER_ENV=${DOCKER_ENV:-unknown}
export DOCKER_TAG=${DOCKER_TAG:-unknown}
export PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/scripts"
# detect environment
case $DOCKER_ENV in
prod)
export PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/scripts:/opt/photoprism/bin";
INIT_SCRIPT="/scripts/entrypoint-init.sh";
;;
develop)
export PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/go/bin:/go/bin:/usr/local/bin:/usr/bin:/bin:/scripts";
INIT_SCRIPT="/scripts/entrypoint-init.sh";
;;
*)
echo "entrypoint: unknown environment $DOCKER_ENV";
INIT_SCRIPT=""
;;
esac
# normalize user and group ID environment variables
if [[ -z ${PHOTOPRISM_UID} ]]; then
if [[ ${UID} =~ $re ]] && [[ ${UID} != "0" ]]; then
export PHOTOPRISM_UID=${UID}
elif [[ ${PUID} =~ $re ]] && [[ ${PUID} != "0" ]]; then
export PHOTOPRISM_UID=${PUID}
fi
if [[ -z ${PHOTOPRISM_GID} ]]; then
if [[ ${GID} =~ $re ]] && [[ ${GID} != "0" ]]; then
export PHOTOPRISM_GID=${GID}
elif [[ ${PGID} =~ $re ]] && [[ ${PGID} != "0" ]]; then
export PHOTOPRISM_GID=${PGID}
fi
fi
fi
# initialize container packages and permissions
if [[ ${INIT_SCRIPT} ]] && [[ -f "${INIT_SCRIPT}" ]]; then
if [[ $(/usr/bin/id -u) == "0" ]]; then
echo "started $DOCKER_TAG as root ($PHOTOPRISM_ARCH-$DOCKER_ENV)"
/bin/bash -c "${INIT_SCRIPT}"
else
echo "started $DOCKER_TAG as uid $(/usr/bin/id -u) ($PHOTOPRISM_ARCH-$DOCKER_ENV)"
/usr/bin/sudo -E "${INIT_SCRIPT}"
fi
else
echo "started $DOCKER_TAG as uid $(/usr/bin/id -u) without init script ($PHOTOPRISM_ARCH-$DOCKER_ENV)"
fi
# display documentation info and link
if [[ $DOCKER_ENV == "prod" ]]; then
echo "Problems? Our Troubleshooting Checklists help you quickly diagnose and solve them:";
echo "https://docs.photoprism.app/getting-started/troubleshooting/";
fi
# set explicit home directory
export HOME="/photoprism"
# check for alternate umask variable
if [[ -z ${PHOTOPRISM_UMASK} ]] && [[ ${UMASK} =~ $re ]] && [[ ${#UMASK} == 4 ]]; then
export PHOTOPRISM_UMASK=${UMASK}
fi
# set file-creation mode (umask)
if [[ ${PHOTOPRISM_UMASK} =~ $re ]] && [[ ${#PHOTOPRISM_UMASK} == 4 ]]; then
umask "${PHOTOPRISM_UMASK}"
else
umask 0002
fi
# display additional container info for troubleshooting
echo "file umask....: \"$(umask)\" ($(umask -S))"
echo "home directory: ${HOME}"
echo "assets path...: ${PHOTOPRISM_ASSETS_PATH:-default}"
echo "storage path..: ${PHOTOPRISM_STORAGE_PATH:-default}"
echo "config path...: ${PHOTOPRISM_CONFIG_PATH:-default}"
echo "cache path....: ${PHOTOPRISM_CACHE_PATH:-default}"
echo "backup path...: ${PHOTOPRISM_BACKUP_PATH:-default}"
echo "import path...: ${PHOTOPRISM_IMPORT_PATH:-default}"
echo "originals path: ${PHOTOPRISM_ORIGINALS_PATH:-default}"
# change to another user and group on request
if [[ ${INIT_SCRIPT} ]] && [[ $(/usr/bin/id -u) == "0" ]] && [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then
# check uid and gid env variables
if [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then
echo "switching to uid ${PHOTOPRISM_UID}:${PHOTOPRISM_GID}"
echo "${@}"
# run command as uid:gid
([[ ${DOCKER_ENV} != "prod" ]] || /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "${PHOTOPRISM_GID}" --init-groups --inh-caps -all "/scripts/audit.sh") \
&& /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "${PHOTOPRISM_GID}" --init-groups --inh-caps -all "$@" &
else
echo "switching to uid ${PHOTOPRISM_UID}"
echo "${@}"
# run command as uid
([[ ${DOCKER_ENV} != "prod" ]] || /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "$(/usr/bin/id -g "${PHOTOPRISM_UID}")" --init-groups --inh-caps -all "/scripts/audit.sh") \
&& /usr/bin/setpriv --reuid "${PHOTOPRISM_UID}" --regid "$(/usr/bin/id -g "${PHOTOPRISM_UID}")" --init-groups --inh-caps -all "$@" &
fi
else
echo "running as uid $(id -u)"
echo "${@}"
# run command
([[ ${DOCKER_ENV} != "prod" ]] || "/scripts/audit.sh") \
&& "$@" &
fi
PID=$!
trap "kill $PID" INT TERM
wait