diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-02-20 17:25:01 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-20 17:25:01 +0100 |
commit | be9bab171dc2b1fe43bc742decb71f64541ca347 (patch) | |
tree | 32019e1126c55f5a3172c271ba945320f34bcb17 | |
parent | 712488127380dbdd5bde2783d98f0e9793f4d97b (diff) |
Set Docker permissions during the build process (#6514)
* Set Docker permissions during the build process * Remove docker_entrypoint.sh and use COPY with chown
-rw-r--r-- | Dockerfile | 16 | ||||
-rw-r--r-- | docker_entrypoint.sh | 14 |
2 files changed, 9 insertions, 21 deletions
diff --git a/Dockerfile b/Dockerfile index 765df58c2..628941dda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,10 @@ FROM ruby:2.5.0-alpine3.7 LABEL maintainer="https://github.com/tootsuite/mastodon" \ description="A GNU Social-compatible microblogging server" -ENV UID=991 GID=991 \ - RAILS_SERVE_STATIC_FILES=true \ +ARG UID=991 +ARG GID=991 + +ENV RAILS_SERVE_STATIC_FILES=true \ RAILS_ENV=production NODE_ENV=production ARG YARN_VERSION=1.3.2 @@ -68,12 +70,12 @@ RUN bundle config build.nokogiri --with-iconv-lib=/usr/local/lib --with-iconv-in && yarn --pure-lockfile \ && yarn cache clean -COPY . /mastodon - -COPY docker_entrypoint.sh /usr/local/bin/run +RUN addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon -RUN chmod +x /usr/local/bin/run +COPY --chown=${UID}:${GID} . /mastodon VOLUME /mastodon/public/system /mastodon/public/assets /mastodon/public/packs -ENTRYPOINT ["/usr/local/bin/run"] +USER mastodon + +ENTRYPOINT ["/sbin/tini", "--"] diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh deleted file mode 100644 index e92959c8e..000000000 --- a/docker_entrypoint.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -### 1. Adds local user (UID and GID are provided from environment variables). -### 2. Updates permissions, except for ./public/system (should be chown on previous installations). -### 3. Executes the command as that user. - -echo "Creating mastodon user (UID : ${UID} and GID : ${GID})..." -addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon - -echo "Updating permissions..." -find /mastodon -path /mastodon/public/system -prune -o -not -user mastodon -not -group mastodon -print0 | xargs -0 chown -f mastodon:mastodon - -echo "Executing process..." -exec su-exec mastodon:mastodon /sbin/tini -- "$@" |