FIX: only chown /data/packages in entrypoint

@stephen-dexda pointed out in #341 that our update in #330 changed the `chown` operation to apply to the entire `/data` directory, rather than just `/data/packages`. For anyone who was previously relying on a workflow like mounting a read-only secrets directory into `/data` to host authentication information, this broke their workflow. This fix sets `entrypoint.sh` to only `chown` `/data/packages`, which should ensure that the permissions issues resolved by #330 (e.g. #309) remain fixed, while also fixing the issue in #341.
2020-10-05 20:13:16 -05:00 · 2020-10-05 20:13:16 -05:00 · 75ec4e95c0
parent b208103951
commit 75ec4e95c0
2 changed files with 11 additions and 4 deletions
--- a/3
+++ b/3
@ -51,6 +51,9 @@ COPY --from=builder_dependencies /install /usr/local
 COPY --from=builder_gosu /usr/local/bin/gosu /usr/local/bin/gosu
 COPY entrypoint.sh /entrypoint.sh

+# Use a consistent user and group ID so that linux users
+# can create a corresponding system user and set permissions
+# if desired.
 RUN addgroup -S -g 9898 pypiserver \
    && adduser -S -u 9898 -G pypiserver pypiserver \
    && mkdir -p /data/packages \
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,15 +1,19 @@
-#!/bin/ash
+#!/usr/bin/env bash

 set -euo pipefail

-chown -R pypiserver:pypiserver /data
+# chown the VOLUME mount set in the dockerfile
+# If you're using an alternative directory for packages,
+# you'll need to ensure that pypiserver has read and
+# write access to that directory
+chown -R pypiserver:pypiserver /data/packages

 if [ "$@" = "" ]; then
-    # default CMD
+    # No arguments were provided, use the default.
    echo "Set default option '/data/packages'"
    set -- " /data/packages"
 else
-    # 
+    # Use whatever was provided
    echo "Using custom CMD: $@"
 fi
 exec gosu pypiserver pypi-server -p "$PORT" $@