From b68b2644fe13664a4196bbb5bbba1a0759da4187 Mon Sep 17 00:00:00 2001 From: thespad Date: Fri, 14 Jun 2024 13:35:25 +0100 Subject: [PATCH 1/5] POC RO support hooks --- Dockerfile | 6 ++--- Dockerfile.aarch64 | 6 ++--- root/etc/s6-overlay/s6-rc.d/init-adduser/run | 25 +++++++++++++++----- 3 files changed, 25 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 322ecaf..d7160aa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -56,9 +56,9 @@ ARG LSIOWN_VERSION="v1" LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" LABEL maintainer="TheLamer" -ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods" -ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run" -ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown" +ADD --chmod=755 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods" +ADD --chmod=755 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run" +ADD --chmod=755 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown" # environment variables ENV PS1="$(whoami)@$(hostname):$(pwd)\\$ " \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 0137ce6..ded284d 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -56,9 +56,9 @@ ARG LSIOWN_VERSION="v1" LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" LABEL maintainer="TheLamer" -ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods" -ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run" -ADD --chmod=744 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown" +ADD --chmod=745 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods" +ADD --chmod=745 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run" +ADD --chmod=745 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown" # environment variables ENV PS1="$(whoami)@$(hostname):$(pwd)\\$ " \ diff --git a/root/etc/s6-overlay/s6-rc.d/init-adduser/run b/root/etc/s6-overlay/s6-rc.d/init-adduser/run index 687a920..df62d24 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-adduser/run +++ b/root/etc/s6-overlay/s6-rc.d/init-adduser/run @@ -4,10 +4,14 @@ PUID=${PUID:-911} PGID=${PGID:-911} -groupmod -o -g "$PGID" abc -usermod -o -u "$PUID" abc +if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; then + groupmod -o -g "$PGID" abc + usermod -o -u "$PUID" abc -cat /etc/s6-overlay/s6-rc.d/init-adduser/branding + cat /etc/s6-overlay/s6-rc.d/init-adduser/branding +else + cat /run/branding +fi if [[ -f /donate.txt ]]; then echo ' @@ -21,10 +25,17 @@ https://www.linuxserver.io/donate/ ─────────────────────────────────────── GID/UID ───────────────────────────────────────' +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then echo " User UID: $(id -u abc) User GID: $(id -g abc) ───────────────────────────────────────" +else +echo " +User UID: $(stat /run -c %u) +User GID: $(stat /run -c %g) +───────────────────────────────────────" +fi if [[ -f /build_version ]]; then cat /build_version echo ' @@ -32,6 +43,8 @@ if [[ -f /build_version ]]; then ' fi -lsiown abc:abc /app -lsiown abc:abc /config -lsiown abc:abc /defaults +if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; then + lsiown abc:abc /app + lsiown abc:abc /config + lsiown abc:abc /defaults +fi From 78ab9cc5110b99703db8adf8664f449521004a27 Mon Sep 17 00:00:00 2001 From: thespad Date: Fri, 14 Jun 2024 14:02:03 +0100 Subject: [PATCH 2/5] Don't touch built-in crontabs in RO mode --- root/etc/s6-overlay/s6-rc.d/init-crontab-config/run | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/root/etc/s6-overlay/s6-rc.d/init-crontab-config/run b/root/etc/s6-overlay/s6-rc.d/init-crontab-config/run index 3b51d5a..45a4e88 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-crontab-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-crontab-config/run @@ -2,9 +2,11 @@ # shellcheck shell=bash for cron_user in abc root; do - if [[ -f "/etc/crontabs/${cron_user}" ]]; then - lsiown "${cron_user}":"${cron_user}" "/etc/crontabs/${cron_user}" - crontab -u "${cron_user}" "/etc/crontabs/${cron_user}" + if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; then + if [[ -f "/etc/crontabs/${cron_user}" ]]; then + lsiown "${cron_user}":"${cron_user}" "/etc/crontabs/${cron_user}" + crontab -u "${cron_user}" "/etc/crontabs/${cron_user}" + fi fi if [[ -f "/defaults/crontabs/${cron_user}" ]]; then From 3567e2c461085653546f33a13cc1012629d1dcaf Mon Sep 17 00:00:00 2001 From: thespad Date: Fri, 14 Jun 2024 14:23:52 +0100 Subject: [PATCH 3/5] Use default branding file for 3rd party images --- root/etc/s6-overlay/s6-rc.d/init-adduser/run | 2 ++ 1 file changed, 2 insertions(+) diff --git a/root/etc/s6-overlay/s6-rc.d/init-adduser/run b/root/etc/s6-overlay/s6-rc.d/init-adduser/run index df62d24..9e0122b 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-adduser/run +++ b/root/etc/s6-overlay/s6-rc.d/init-adduser/run @@ -7,7 +7,9 @@ PGID=${PGID:-911} if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; then groupmod -o -g "$PGID" abc usermod -o -u "$PUID" abc +fi +if { [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; } || [[ ! ${LSIO_FIRST_PARTY} = "true" ]]; then cat /etc/s6-overlay/s6-rc.d/init-adduser/branding else cat /run/branding From 799cbde906dfe7dd0309fc4a7a5891f701e584ee Mon Sep 17 00:00:00 2001 From: thespad Date: Thu, 20 Jun 2024 13:51:22 +0100 Subject: [PATCH 4/5] Fix chmod --- Dockerfile.aarch64 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index ded284d..21375bc 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -56,9 +56,9 @@ ARG LSIOWN_VERSION="v1" LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" LABEL maintainer="TheLamer" -ADD --chmod=745 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods" -ADD --chmod=745 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run" -ADD --chmod=745 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown" +ADD --chmod=755 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.${MODS_VERSION}" "/docker-mods" +ADD --chmod=755 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.${PKG_INST_VERSION}" "/etc/s6-overlay/s6-rc.d/init-mods-package-install/run" +ADD --chmod=755 "https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.${LSIOWN_VERSION}" "/usr/bin/lsiown" # environment variables ENV PS1="$(whoami)@$(hostname):$(pwd)\\$ " \ From 0768ec9bfa4d280f7dd829df3dffe0ebf3cb4184 Mon Sep 17 00:00:00 2001 From: thespad Date: Wed, 26 Jun 2024 23:09:48 +0100 Subject: [PATCH 5/5] Linting --- Dockerfile | 2 +- Dockerfile.aarch64 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d7160aa..f7c07ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM alpine:3 as rootfs-stage +FROM alpine:3 AS rootfs-stage # environment ENV ROOTFS=/root-out diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 21375bc..c64265c 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM alpine:3 as rootfs-stage +FROM alpine:3 AS rootfs-stage # environment ENV ROOTFS=/root-out