FIX: only chown /data/packages in entrypoint
@stephen-dexda pointed out in #341 that our update in #330 changed the `chown` operation to apply to the entire `/data` directory, rather than just `/data/packages`. For anyone who was previously relying on a workflow like mounting a read-only secrets directory into `/data` to host authentication information, this broke their workflow. This fix sets `entrypoint.sh` to only `chown` `/data/packages`, which should ensure that the permissions issues resolved by #330 (e.g. #309) remain fixed, while also fixing the issue in #341.
This commit is contained in:
parent
b208103951
commit
75ec4e95c0
|
@ -51,6 +51,9 @@ COPY --from=builder_dependencies /install /usr/local
|
|||
COPY --from=builder_gosu /usr/local/bin/gosu /usr/local/bin/gosu
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
|
||||
# Use a consistent user and group ID so that linux users
|
||||
# can create a corresponding system user and set permissions
|
||||
# if desired.
|
||||
RUN addgroup -S -g 9898 pypiserver \
|
||||
&& adduser -S -u 9898 -G pypiserver pypiserver \
|
||||
&& mkdir -p /data/packages \
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
#!/bin/ash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
chown -R pypiserver:pypiserver /data
|
||||
# chown the VOLUME mount set in the dockerfile
|
||||
# If you're using an alternative directory for packages,
|
||||
# you'll need to ensure that pypiserver has read and
|
||||
# write access to that directory
|
||||
chown -R pypiserver:pypiserver /data/packages
|
||||
|
||||
if [ "$@" = "" ]; then
|
||||
# default CMD
|
||||
# No arguments were provided, use the default.
|
||||
echo "Set default option '/data/packages'"
|
||||
set -- " /data/packages"
|
||||
else
|
||||
#
|
||||
# Use whatever was provided
|
||||
echo "Using custom CMD: $@"
|
||||
fi
|
||||
exec gosu pypiserver pypi-server -p "$PORT" $@
|
||||
|
|
Loading…
Reference in New Issue