Set Docker permissions during the build process (#6514)
* Set Docker permissions during the build process * Remove docker_entrypoint.sh and use COPY with chown
This commit is contained in:
		
							
								
								
									
										16
									
								
								Dockerfile
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								Dockerfile
									
									
									
									
									
								
							| @@ -3,8 +3,10 @@ FROM ruby:2.5.0-alpine3.7 | ||||
| LABEL maintainer="https://github.com/tootsuite/mastodon" \ | ||||
|       description="A GNU Social-compatible microblogging server" | ||||
|  | ||||
| ENV UID=991 GID=991 \ | ||||
|     RAILS_SERVE_STATIC_FILES=true \ | ||||
| ARG UID=991 | ||||
| ARG GID=991 | ||||
|  | ||||
| ENV RAILS_SERVE_STATIC_FILES=true \ | ||||
|     RAILS_ENV=production NODE_ENV=production | ||||
|  | ||||
| ARG YARN_VERSION=1.3.2 | ||||
| @@ -68,12 +70,12 @@ RUN bundle config build.nokogiri --with-iconv-lib=/usr/local/lib --with-iconv-in | ||||
|  && yarn --pure-lockfile \ | ||||
|  && yarn cache clean | ||||
|  | ||||
| COPY . /mastodon | ||||
| RUN addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon | ||||
|  | ||||
| COPY docker_entrypoint.sh /usr/local/bin/run | ||||
|  | ||||
| RUN chmod +x /usr/local/bin/run | ||||
| COPY --chown=${UID}:${GID} . /mastodon | ||||
|  | ||||
| VOLUME /mastodon/public/system /mastodon/public/assets /mastodon/public/packs | ||||
|  | ||||
| ENTRYPOINT ["/usr/local/bin/run"] | ||||
| USER mastodon | ||||
|  | ||||
| ENTRYPOINT ["/sbin/tini", "--"] | ||||
|   | ||||
| @@ -1,14 +0,0 @@ | ||||
| #!/bin/sh | ||||
|  | ||||
| ### 1. Adds local user (UID and GID are provided from environment variables). | ||||
| ### 2. Updates permissions, except for ./public/system (should be chown on previous installations). | ||||
| ### 3. Executes the command as that user. | ||||
|  | ||||
| echo "Creating mastodon user (UID : ${UID} and GID : ${GID})..." | ||||
| addgroup -g ${GID} mastodon && adduser -h /mastodon -s /bin/sh -D -G mastodon -u ${UID} mastodon | ||||
|  | ||||
| echo "Updating permissions..." | ||||
| find /mastodon -path /mastodon/public/system -prune -o -not -user mastodon -not -group mastodon -print0 | xargs -0 chown -f mastodon:mastodon | ||||
|  | ||||
| echo "Executing process..." | ||||
| exec su-exec mastodon:mastodon /sbin/tini -- "$@" | ||||
		Reference in New Issue
	
	Block a user