From 99f32c10efa2f73c59ec888293cb3b77bef0c90d Mon Sep 17 00:00:00 2001 From: Luis Garcia Date: Wed, 24 Jul 2024 01:48:19 -0600 Subject: [PATCH] Add support for PGID and PUID --- Dockerfile.alpine | 46 +++++++++++++++++++++++++++++++++++++--------- Dockerfile.slim | 19 +++++++++---------- entrypoint.sh | 28 ++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 19 deletions(-) create mode 100644 entrypoint.sh diff --git a/Dockerfile.alpine b/Dockerfile.alpine index afa5d6e..61c9daa 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,5 +1,9 @@ FROM python:3.11-alpine +ENV PUID=1000 +ENV PGID=1000 +ENV GOSU_VERSION 1.17 + ENV DRYRUN 'True' ENV DEBUG 'True' ENV DEBUG_LEVEL 'INFO' @@ -33,21 +37,45 @@ ENV BLACKLIST_USERS '' ENV WHITELIST_USERS '' -RUN apk add --no-cache tini && \ - addgroup --system jellyplex_user && \ - adduser --system --no-create-home jellyplex_user --ingroup jellyplex_user && \ - mkdir -p /app && \ - chown -R jellyplex_user:jellyplex_user /app +RUN apk add --no-cache tini + +# Install gosu +RUN set -eux; \ + \ + apk add --no-cache --virtual .gosu-deps \ + ca-certificates \ + dpkg \ + gnupg \ + ; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ +# clean up fetch dependencies + apk del --no-network .gosu-deps; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu --version; \ + gosu nobody true WORKDIR /app -COPY --chown=jellyplex_user:jellyplex_user ./requirements.txt ./ +COPY ./requirements.txt ./ RUN pip install --no-cache-dir -r requirements.txt -COPY --chown=jellyplex_user:jellyplex_user . . +COPY . . -USER jellyplex_user +RUN chmod +x *.sh -ENTRYPOINT ["/sbin/tini", "--"] +ENTRYPOINT ["tini", "--", "/app/entrypoint.sh"] CMD ["python", "-u", "main.py"] diff --git a/Dockerfile.slim b/Dockerfile.slim index b15d237..8d9e418 100644 --- a/Dockerfile.slim +++ b/Dockerfile.slim @@ -1,5 +1,8 @@ FROM python:3.11-slim +ENV PUID=1000 +ENV PGID=1000 + ENV DRYRUN 'True' ENV DEBUG 'True' ENV DEBUG_LEVEL 'INFO' @@ -34,23 +37,19 @@ ENV WHITELIST_USERS '' RUN apt-get update && \ - apt-get install tini --yes --no-install-recommends && \ + apt-get install tini gosu --yes --no-install-recommends && \ apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - addgroup --system jellyplex_user && \ - adduser --system --no-create-home jellyplex_user --ingroup jellyplex_user && \ - mkdir -p /app && \ - chown -R jellyplex_user:jellyplex_user /app + rm -rf /var/lib/apt/lists/* WORKDIR /app -COPY --chown=jellyplex_user:jellyplex_user ./requirements.txt ./ +COPY ./requirements.txt ./ RUN pip install --no-cache-dir -r requirements.txt -COPY --chown=jellyplex_user:jellyplex_user . . +COPY . . -USER jellyplex_user +RUN chmod +x *.sh -ENTRYPOINT ["/bin/tini", "--"] +ENTRYPOINT ["/bin/tini", "--", "/app/entrypoint.sh"] CMD ["python", "-u", "main.py"] diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..4fad465 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env sh + +set -e + +# Create group and user based on environment variables +if [ ! "$(getent group "$PGID")" ]; then + # If groupadd exists, use it + if command -v groupadd > /dev/null; then + groupadd -g "$PGID" jellyplex_group + else + addgroup -g "$PGID" jellyplex_group + fi +fi + +if [ ! "$(getent passwd "$PUID")" ]; then + # If useradd exists, use it + if command -v useradd > /dev/null; then + useradd --no-create-home -u "$PUID" -g "$PGID" jellyplex_user + else + adduser -D -H -u "$PUID" -G jellyplex_group jellyplex_user + fi +fi + +# Adjust ownership of the application directory +chown -R "$PUID:$PGID" /app + +# Run the application as the created user +exec gosu "$PUID:$PGID" "$@"