From 73a5fbc5eeb9a33e80e17eb3d09ab3a081626797 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Thu, 19 Nov 2020 15:46:50 +0100 Subject: [PATCH 1/7] non root user in docker entry --- Dockerfile | 18 +++++++++++++++++- docker-entrypoint.sh | 11 +++++++++++ dockercmd | 2 -- 3 files changed, 28 insertions(+), 3 deletions(-) create mode 100755 docker-entrypoint.sh diff --git a/Dockerfile b/Dockerfile index 150c6eaf..7c6a038c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,15 @@ FROM python:3.8-buster RUN set -e \ && apt-get update \ && apt-get install -y --no-install-recommends sqlite3 \ + && apt-get update && apt-get install -y gosu \ && apt-get clean && rm -rf /var/lib/apt/lists/* +ARG UNAME=liquid +ARG UID=666 +ARG GID=666 +RUN groupadd -g $GID -o $UNAME +RUN useradd -m -u $UID -g $GID -o -s /bin/bash $UNAME + RUN mkdir -p /app WORKDIR /app @@ -15,10 +22,19 @@ RUN set -e \ ADD liquidcore ./liquidcore ADD manage.py dockercmd ./ +ADD docker-entrypoint.sh ./ ENV PYTHONUNBUFFERED 1 + +ENV DATA_DIR "/app/var" +ENV USER_NAME $UNAME +ENV UID $UID +ENV GID $GID + VOLUME /app/var RUN SECRET_KEY=x ./manage.py collectstatic -CMD ./dockercmd +ENTRYPOINT ["/app/docker-entrypoint.sh"] + +CMD /app/dockercmd diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 00000000..3dd3e791 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/bash -ex + +if [[ ! -d "$DATA_DIR" ]]; then + exit 1 +fi + +./manage.py initialize + +chown -R $UID:$GID $DATA_DIR + +exec gosu $USER_NAME "$@" diff --git a/dockercmd b/dockercmd index dc798aba..4cc795cd 100755 --- a/dockercmd +++ b/dockercmd @@ -1,5 +1,3 @@ #!/bin/bash -ex -./manage.py initialize -# exec ./manage.py runserver 0.0.0.0:8000 exec waitress-serve --port 8000 liquidcore.site.wsgi:application From 6b80109441cbb404e251fdec12964fb12096c971 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Thu, 26 Nov 2020 10:28:42 +0100 Subject: [PATCH 2/7] requested changes --- Dockerfile | 4 ++-- docker-entrypoint.sh | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7c6a038c..48b02447 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ RUN set -e \ && apt-get update && apt-get install -y gosu \ && apt-get clean && rm -rf /var/lib/apt/lists/* -ARG UNAME=liquid +ARG USER_NAME=liquid ARG UID=666 ARG GID=666 RUN groupadd -g $GID -o $UNAME @@ -27,7 +27,7 @@ ADD docker-entrypoint.sh ./ ENV PYTHONUNBUFFERED 1 ENV DATA_DIR "/app/var" -ENV USER_NAME $UNAME +ENV USER_NAME $USER_NAME ENV UID $UID ENV GID $GID diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 3dd3e791..3f2aa640 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,11 +1,9 @@ #!/bin/bash -ex -if [[ ! -d "$DATA_DIR" ]]; then - exit 1 -fi - ./manage.py initialize chown -R $UID:$GID $DATA_DIR +exec gosu $USER_NAME ./manage.py migrate + exec gosu $USER_NAME "$@" From c0433bb18b2de09cedaa6ddffa12f67fdb3a2227 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Thu, 26 Nov 2020 10:32:09 +0100 Subject: [PATCH 3/7] requested changes --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 48b02447..d5df280c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,8 @@ RUN set -e \ ARG USER_NAME=liquid ARG UID=666 ARG GID=666 -RUN groupadd -g $GID -o $UNAME -RUN useradd -m -u $UID -g $GID -o -s /bin/bash $UNAME +RUN groupadd -g $GID -o $USER_NAME +RUN useradd -m -u $UID -g $GID -o -s /bin/bash $USER_NAME RUN mkdir -p /app WORKDIR /app From a901c2583f675d199311a3e9f960d810a97d3f20 Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Thu, 26 Nov 2020 15:50:06 +0100 Subject: [PATCH 4/7] requested changes --- Dockerfile | 2 +- docker-entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d5df280c..0618243f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM python:3.8-buster RUN set -e \ && apt-get update \ && apt-get install -y --no-install-recommends sqlite3 \ - && apt-get update && apt-get install -y gosu \ + && apt-get install -y gosu \ && apt-get clean && rm -rf /var/lib/apt/lists/* ARG USER_NAME=liquid diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 3f2aa640..52ea4b12 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -4,6 +4,6 @@ chown -R $UID:$GID $DATA_DIR -exec gosu $USER_NAME ./manage.py migrate +exec gosu $USER_NAME ./manage.py migrate . exec gosu $USER_NAME "$@" From c6846a2e7246e2d3c3487dcab9c9d99ab2d4ac9d Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Thu, 26 Nov 2020 15:58:51 +0100 Subject: [PATCH 5/7] migrate to initialize --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 52ea4b12..eb3f247a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -4,6 +4,6 @@ chown -R $UID:$GID $DATA_DIR -exec gosu $USER_NAME ./manage.py migrate . +exec gosu $USER_NAME ./manage.py initialize exec gosu $USER_NAME "$@" From 66fcad63e8dd424a5f820398ca395f3bf4e69e0e Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Thu, 26 Nov 2020 16:07:04 +0100 Subject: [PATCH 6/7] requested changes --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index eb3f247a..5b2eaa8d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -4,6 +4,6 @@ chown -R $UID:$GID $DATA_DIR -exec gosu $USER_NAME ./manage.py initialize +gosu $USER_NAME ./manage.py migrate . exec gosu $USER_NAME "$@" From a41270971693e963dba55c9b06f9f510090494ec Mon Sep 17 00:00:00 2001 From: Morten Stehr Date: Thu, 26 Nov 2020 16:13:24 +0100 Subject: [PATCH 7/7] requested changes --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 5b2eaa8d..e7515698 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -4,6 +4,6 @@ chown -R $UID:$GID $DATA_DIR -gosu $USER_NAME ./manage.py migrate . +gosu $USER_NAME ./manage.py migrate exec gosu $USER_NAME "$@"