diff --git a/Dockerfile b/Dockerfile index b49d298c..85db006c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,8 @@ ARG DOCKER_IMAGE_VERSION=unknown ARG JDK=9 ARG TMP_DIR=muwire-tmp +ENV APP_HOME=/muwire + # Define working directory. WORKDIR /$TMP_DIR @@ -18,16 +20,12 @@ RUN apk add --no-cache openjdk${JDK}-jdk openjdk${JDK}-jre # Build and untar in future distribution dir RUN ./gradlew --no-daemon clean assemble \ - && mkdir -p /muwire \ - # Extract to /muwire and ignore the first dir + && mkdir -p ${APP_HOME} \ + # Extract to ${APP_HOME and ignore the first dir # First dir in tar is the "MuWire-" - && tar -C /muwire --strip 1 -xvf gui/build/distributions/MuWire*.tar + && tar -C ${APP_HOME} --strip 1 -xvf gui/build/distributions/MuWire*.tar -WORKDIR /muwire - -# Give the app a home otherwise MuWire won't be able to do anything -# especially read configs -RUN usermod --home /muwire app +WORKDIR ${APP_HOME} # Cleanup RUN rm -rf ${TMP_DIR} /root/.gradle /root/.java @@ -53,7 +51,7 @@ ENV APP_NAME="MuWire" \ S6_KILL_GRACETIME=8000 # Define mountable directories. -VOLUME ["/muwire/.MuWire"] +VOLUME ["$APP_HOME/.MuWire"] VOLUME ["/output"] diff --git a/docker/rootfs/etc/cont-init.d/00-app-user-map.sh b/docker/rootfs/etc/cont-init.d/00-app-user-map.sh new file mode 100755 index 00000000..e11cc0ab --- /dev/null +++ b/docker/rootfs/etc/cont-init.d/00-app-user-map.sh @@ -0,0 +1,20 @@ +#!/usr/bin/with-contenv sh + +# +# Add the app user to the password and group databases. This is needed just to +# make sure that mapping between the user/group ID and its name is possible. +# + +set -e # Exit immediately if a command exits with a non-zero status. +set -u # Treat unset variables as an error. + +cp /defaults/passwd /etc/passwd +cp /defaults/group /etc/group +cp /defaults/shadow /etc/shadow +chown root:shadow /etc/shadow +chmod 640 /etc/shadow + +echo "$APP_USER:x:$USER_ID:$GROUP_ID::${APP_HOME:-/dev/null}:/sbin/nologin" >> /etc/passwd +echo "$APP_USER:x:$GROUP_ID:" >> /etc/group + +# vim:ft=sh:ts=4:sw=4:et:sts=4