Set Docker permissions during the build process (#6514)
* Set Docker permissions during the build process * Remove docker_entrypoint.sh and use COPY with chown
This commit is contained in:
parent
7124881273
commit
be9bab171d
16
Dockerfile
16
Dockerfile
@ -3,8 +3,10 @@ FROM ruby:2.5.0-alpine3.7
|
||||
LABEL maintainer="https://github.com/tootsuite/mastodon" \
|
||||
description="A GNU Social-compatible microblogging server"
|
||||
|
||||
ENV UID=991 GID=991 \
|
||||
RAILS_SERVE_STATIC_FILES=true \
|
||||
ARG UID=991
|
||||
ARG GID=991
|
||||
|
||||
ENV RAILS_SERVE_STATIC_FILES=true \
|
||||
RAILS_ENV=production NODE_ENV=production
|
||||
|
||||
ARG YARN_VERSION=1.3.2
|
||||
@ -68,12 +70,12 @@ RUN bundle config build.nokogiri --with-iconv-lib=/usr/local/lib --with-iconv-in
|
||||
&& yarn --pure-lockfile \
|
||||
&& yarn cache clean
|
||||
|
||||
COPY . /mastodon
|
||||
RUN addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon
|
||||
|
||||
COPY docker_entrypoint.sh /usr/local/bin/run
|
||||
|
||||
RUN chmod +x /usr/local/bin/run
|
||||
COPY --chown=${UID}:${GID} . /mastodon
|
||||
|
||||
VOLUME /mastodon/public/system /mastodon/public/assets /mastodon/public/packs
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/run"]
|
||||
USER mastodon
|
||||
|
||||
ENTRYPOINT ["/sbin/tini", "--"]
|
||||
|
@ -1,14 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
### 1. Adds local user (UID and GID are provided from environment variables).
|
||||
### 2. Updates permissions, except for ./public/system (should be chown on previous installations).
|
||||
### 3. Executes the command as that user.
|
||||
|
||||
echo "Creating mastodon user (UID : ${UID} and GID : ${GID})..."
|
||||
addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon
|
||||
|
||||
echo "Updating permissions..."
|
||||
find /mastodon -path /mastodon/public/system -prune -o -not -user mastodon -not -group mastodon -print0 | xargs -0 chown -f mastodon:mastodon
|
||||
|
||||
echo "Executing process..."
|
||||
exec su-exec mastodon:mastodon /sbin/tini -- "$@"
|
Loading…
Reference in New Issue
Block a user