From d78cc31f72e6b4f7947dfafffe0e1b961c9302ff Mon Sep 17 00:00:00 2001 From: Michael Mayer Date: Wed, 2 Mar 2022 10:30:07 +0100 Subject: [PATCH] Docker: Fix entrypoint-init.sh script for non-root users #1337 #2076 --- docker/develop/armv7/Dockerfile | 2 +- docker/develop/bullseye-slim/Dockerfile | 2 +- docker/develop/bullseye/Dockerfile | 2 +- docker/develop/buster/Dockerfile | 2 +- docker/develop/impish/Dockerfile | 2 +- docker/photoprism/armv7/Dockerfile | 2 +- docker/photoprism/buster/Dockerfile | 2 +- docker/photoprism/impish/Dockerfile | 2 +- scripts/dist/Makefile | 15 +++++++++------ scripts/dist/entrypoint-init.sh | 8 +++----- 10 files changed, 20 insertions(+), 19 deletions(-) diff --git a/docker/develop/armv7/Dockerfile b/docker/develop/armv7/Dockerfile index 42cbf49d6..c4e05beb3 100644 --- a/docker/develop/armv7/Dockerfile +++ b/docker/develop/armv7/Dockerfile @@ -110,7 +110,7 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest; \ cp /go/bin/gosu /bin/gosu && \ echo "alias ll='ls -alh'" > /photoprism/.bash_aliases && \ echo "alias ll='ls -alh'" > /root/.bash_aliases && \ - echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/all && \ + echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \ cp /root/.local/bin/heif-convert.sh /usr/local/bin/heif-convert && \ cp /root/.local/bin/entrypoint.sh /entrypoint.sh && \ chmod -R a+rwX /go diff --git a/docker/develop/bullseye-slim/Dockerfile b/docker/develop/bullseye-slim/Dockerfile index 836eda304..da4bd40bf 100644 --- a/docker/develop/bullseye-slim/Dockerfile +++ b/docker/develop/bullseye-slim/Dockerfile @@ -64,7 +64,7 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \ /photoprism/storage/config \ /photoprism/storage/cache \ && \ - echo "ALL ALL=(ALL) NOPASSWD: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \ + echo "ALL ALL=(ALL) NOPASSWD:SETENV: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \ cleanup.sh # define default directory and user diff --git a/docker/develop/bullseye/Dockerfile b/docker/develop/bullseye/Dockerfile index 964a66717..d9ae1ac61 100644 --- a/docker/develop/bullseye/Dockerfile +++ b/docker/develop/bullseye/Dockerfile @@ -121,7 +121,7 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \ cp /go/bin/gosu /bin/gosu && \ echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \ - echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/all && \ + echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \ cp /root/.local/bin/heif-convert.sh /usr/local/bin/heif-convert && \ cp /root/.local/bin/entrypoint.sh /entrypoint.sh && \ chmod -R a+rwX /go diff --git a/docker/develop/buster/Dockerfile b/docker/develop/buster/Dockerfile index 9bad0775c..0c4ad0ff0 100644 --- a/docker/develop/buster/Dockerfile +++ b/docker/develop/buster/Dockerfile @@ -120,7 +120,7 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \ cp /go/bin/gosu /bin/gosu && \ echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \ - echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/all && \ + echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \ cp /root/.local/bin/heif-convert.sh /usr/local/bin/heif-convert && \ cp /root/.local/bin/entrypoint.sh /entrypoint.sh && \ chmod -R a+rwX /go diff --git a/docker/develop/impish/Dockerfile b/docker/develop/impish/Dockerfile index 2b68e7c94..373c6ae8a 100644 --- a/docker/develop/impish/Dockerfile +++ b/docker/develop/impish/Dockerfile @@ -121,7 +121,7 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \ cp /go/bin/gosu /bin/gosu && \ echo "alias go=richgo ll='ls -alh'" > /photoprism/.bash_aliases && \ echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \ - echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/all && \ + echo "ALL ALL=(ALL) NOPASSWD:SETENV: ALL" >> /etc/sudoers.d/all && \ cp /root/.local/bin/heif-convert.sh /usr/local/bin/heif-convert && \ cp /root/.local/bin/entrypoint.sh /entrypoint.sh && \ chmod -R a+rwX /go diff --git a/docker/photoprism/armv7/Dockerfile b/docker/photoprism/armv7/Dockerfile index b8145e86c..1b2e49b33 100644 --- a/docker/photoprism/armv7/Dockerfile +++ b/docker/photoprism/armv7/Dockerfile @@ -123,7 +123,7 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \ /photoprism/storage/config \ /photoprism/storage/cache \ && \ - echo "ALL ALL=(ALL) NOPASSWD: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \ + echo "ALL ALL=(ALL) NOPASSWD:SETENV: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \ cp /opt/photoprism/scripts/entrypoint.sh /entrypoint.sh && \ cleanup.sh diff --git a/docker/photoprism/buster/Dockerfile b/docker/photoprism/buster/Dockerfile index ffd8bf577..25df82d92 100644 --- a/docker/photoprism/buster/Dockerfile +++ b/docker/photoprism/buster/Dockerfile @@ -124,7 +124,7 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \ /photoprism/storage/config \ /photoprism/storage/cache \ && \ - echo "ALL ALL=(ALL) NOPASSWD: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \ + echo "ALL ALL=(ALL) NOPASSWD:SETENV: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \ cp /opt/photoprism/scripts/entrypoint.sh /entrypoint.sh && \ cleanup.sh diff --git a/docker/photoprism/impish/Dockerfile b/docker/photoprism/impish/Dockerfile index dd3d7b022..576d3f664 100644 --- a/docker/photoprism/impish/Dockerfile +++ b/docker/photoprism/impish/Dockerfile @@ -123,7 +123,7 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \ /photoprism/storage/config \ /photoprism/storage/cache \ && \ - echo "ALL ALL=(ALL) NOPASSWD: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \ + echo "ALL ALL=(ALL) NOPASSWD:SETENV: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \ cp /opt/photoprism/scripts/entrypoint.sh /entrypoint.sh && \ cleanup.sh diff --git a/scripts/dist/Makefile b/scripts/dist/Makefile index 24162be4f..9c4161e64 100644 --- a/scripts/dist/Makefile +++ b/scripts/dist/Makefile @@ -16,13 +16,16 @@ clean: apt-get -y autoremove apt-get -y autoclean rm -rf /var/lib/apt/lists/* +nano: + apt-get update + apt-get -qq install nano gpu: - install-gpu.sh + ./install-gpu.sh tensorflow: - install-tensorflow.sh auto + ./install-tensorflow.sh auto davfs: - install-davfs.sh + ./install-davfs.sh -.PHONY: update apt-upgrade clean apt-cleanup gpu tensorflow davfs install-davfs \ - tensorflow-amd64-cpu tensorflow-amd64-avx tensorflow-amd64-avx2 install-davfs \ - intel-graphics install-intel-graphics; +.PHONY: update apt-upgrade clean apt-cleanup nano gpu tensorflow davfs \ + tensorflow-amd64-cpu tensorflow-amd64-avx tensorflow-amd64-avx2 \ + intel-graphics install-intel-graphics install-davfs; diff --git a/scripts/dist/entrypoint-init.sh b/scripts/dist/entrypoint-init.sh index dc04f4c60..d73536f2a 100755 --- a/scripts/dist/entrypoint-init.sh +++ b/scripts/dist/entrypoint-init.sh @@ -14,13 +14,13 @@ re='^[0-9]+$' # detect environment case $DOCKER_ENV in prod) - INIT_MAKEFILE="/opt/photoprism/scripts/Makefile" + INIT_SCRIPTS="/opt/photoprism/scripts" CHOWN_DIRS=("${PHOTOPRISM_HOME}" "${PHOTOPRISM_DIST}") CHMOD_DIRS=("${PHOTOPRISM_DIST}") ;; develop) - INIT_MAKEFILE="/go/src/github.com/photoprism/photoprism/scripts/dist/Makefile" + INIT_SCRIPTS="/go/src/github.com/photoprism/photoprism/scripts/dist" CHOWN_DIRS=("/go /photoprism" "/opt/photoprism" "/tmp/photoprism") CHMOD_DIRS=("/photoprism" "/opt/photoprism" "/tmp/photoprism") ;; @@ -65,11 +65,9 @@ INIT_LOCK="/root/.init-lock" # execute targets via make if [[ ! -e ${INIT_LOCK} ]]; then - - for INIT_TARGET in $PHOTOPRISM_INIT; do echo "init $INIT_TARGET..." - make -f "$INIT_MAKEFILE" "$INIT_TARGET}" + make -C "$INIT_SCRIPTS" "$INIT_TARGET" done echo 1 >${INIT_LOCK}