From a3328553c956355080e3c37530d7537ea198507a Mon Sep 17 00:00:00 2001 From: Lexie Malina Date: Sun, 24 Nov 2024 13:53:11 -0600 Subject: [PATCH] BellSoft Dockerfile, rootless by default. Default user and group id is now 977 as 999 was taken. !!**This may cause permissions issues in existing installations**. These issues can be fixed by either: - mounting the volume with another container as a root user and changing ownership of `/app/data` (including their contents) to 977:977 - `chmod -R 977:977 /var/lib/docker/volumes/${VOLUME_NAME_OR_HASH}` of the volume from the host's volume directory. - `chmod -R 777 /app/data` (don't do this) Dockerfile and entrypoint.sh was changed to run NO application code as a privileged user. When the container is running there is no code executed in a privileged context, as anything requiring privileges is run during build time. Proposed Solution to dzikoysk/reposilite#2288 --- Dockerfile | 56 +++++++++++++++++++++++++++++++++++++-------------- entrypoint.sh | 46 +++++++++++------------------------------- 2 files changed, 53 insertions(+), 49 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6da75680b..ae6af9635 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,20 @@ +# syntax=docker.io/docker/dockerfile:1.7-labs + # Build stage -FROM openjdk:21-slim AS build -COPY . /home/reposilite-build +FROM bellsoft/liberica-runtime-container:jdk-21-cds-musl AS build +COPY --exclude=entrypoint.sh . /home/reposilite-build WORKDIR /home/reposilite-build -RUN \ - rm -rf reposilite-frontend/node_modules -RUN \ - apt-get update; apt-get install -y curl -RUN \ - export GRADLE_OPTS="-Djdk.lang.Process.launchMechanism=vfork" && \ - chmod +x gradlew && \ - bash gradlew :reposilite-backend:shadowJar --no-daemon --stacktrace + +# Get build dependencies seperately so they can cache +RUN <