From 141582499fd0625d7ae5a0e7c227c7ea763e8ab0 Mon Sep 17 00:00:00 2001 From: casjay Date: Sat, 29 Nov 2025 12:36:45 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=97=83=EF=B8=8F=20Fixed=20the=20entrypoin?= =?UTF-8?q?t=20scripts=20=F0=9F=97=83=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rootfs/usr/local/bin/entrypoint.sh rootfs/usr/local/etc/docker/functions/entrypoint.sh --- rootfs/usr/local/bin/entrypoint.sh | 44 +++--- .../local/etc/docker/functions/entrypoint.sh | 131 +++++------------- 2 files changed, 58 insertions(+), 117 deletions(-) diff --git a/rootfs/usr/local/bin/entrypoint.sh b/rootfs/usr/local/bin/entrypoint.sh index fcdcef8..9ea46cf 100755 --- a/rootfs/usr/local/bin/entrypoint.sh +++ b/rootfs/usr/local/bin/entrypoint.sh @@ -1,13 +1,13 @@ #!/usr/bin/env bash # shellcheck shell=bash # - - - - - - - - - - - - - - - - - - - - - - - - - -##@Version : 202511291204-git +##@Version : 202511290736-git # @@Author : Jason Hempstead # @@Contact : jason@casjaysdev.pro # @@License : WTFPL # @@ReadME : entrypoint.sh --help # @@Copyright : Copyright: (c) 2025 Jason Hempstead, Casjays Developments -# @@Created : Saturday, Nov 29, 2025 12:04 EST +# @@Created : Saturday, Nov 29, 2025 07:36 EST # @@File : entrypoint.sh # @@Description : Entrypoint file for gitea # @@Changelog : New script @@ -84,8 +84,8 @@ SERVICE_UID="${SERVICE_UID:-0}" # set the user id SERVICE_GID="${SERVICE_GID:-0}" # set the group id # - - - - - - - - - - - - - - - - - - - - - - - - - # User and group in which the service switches to - IE: nginx,apache,mysql,postgres -#SERVICE_USER="${SERVICE_USER:-gitea}" # execute command as another user -#SERVICE_GROUP="${SERVICE_GROUP:-gitea}" # Set the service group +SERVICE_USER="${SERVICE_USER:-gitea}" # execute command as another user +SERVICE_GROUP="${SERVICE_GROUP:-gitea}" # Set the service group # - - - - - - - - - - - - - - - - - - - - - - - - - # Secondary ports SERVER_PORTS="" # specifiy other ports @@ -371,6 +371,11 @@ else rm -f /run/__start_init_scripts.pid /run/init.d/*.pid /run/*.pid 2>/dev/null || true fi # - - - - - - - - - - - - - - - - - - - - - - - - - +if [ ! -f "/run/__start_init_scripts.pid" ]; then + START_SERVICES="yes" + touch /run/__start_init_scripts.pid +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - [ "$ENTRYPOINT_MESSAGE" = "yes" ] && __printf_space "40" "The containers ip address is:" "$CONTAINER_IP4_ADDRESS" # - - - - - - - - - - - - - - - - - - - - - - - - - # Show configured listing processes @@ -396,23 +401,26 @@ __run_message # Just start services START_SERVICES="${START_SERVICES:-SYSTEM_INIT}" # - - - - - - - - - - - - - - - - - - - - - - - - - -# Determine if we should start services based on command -# Only skip service start for the 'init' command -SKIP_SERVICE_START="no" -[ "$1" = "init" ] && SKIP_SERVICE_START="yes" && CONTAINER_INIT="yes" -[ "$2" = "init" ] && SKIP_SERVICE_START="yes" && CONTAINER_INIT="yes" +# Never start services for these options +[ "$1" = "cron" ] && START_SERVICES="no" +[ "$1" = "tail" ] && START_SERVICES="no" +[ "$1" = "logs" ] && START_SERVICES="no" +[ "$1" = "cron" ] && START_SERVICES="no" +[ "$1" = "backup" ] && START_SERVICES="no" +[ "$1" = "healthcheck" ] && START_SERVICES="no" +[ "$1" = "init" ] && START_SERVICES="no" && CONTAINER_INIT="yes" +[ "$2" = "init" ] && START_SERVICES="no" && CONTAINER_INIT="yes" +echo "$1" | grep -qE '^(sh|bash)$|/*/(sh|bash)$' && START_SERVICES="no" # - - - - - - - - - - - - - - - - - - - - - - - - - -# Start all services if no pidfile and not skipping +# Start all services if no pidfile if [ "$START_SERVICES" = "yes" ] || [ -z "$1" ]; then - if [ "$SKIP_SERVICE_START" = "no" ]; then - [ "$1" = "start" ] && shift 1 - [ "$1" = "all" ] && shift 1 - rm -Rf "/run"/*/*pid 2>/dev/null || true - echo "$$" >"$ENTRYPOINT_PID_FILE" - __start_init_scripts "/usr/local/etc/docker/init.d" - CONTAINER_INIT="${CONTAINER_INIT:-no}" - fi + [ "$1" = "start" ] && shift 1 + [ "$1" = "all" ] && shift 1 + rm -Rf "/run"/*/*pid 2>/dev/null || true + echo "$$" >"$ENTRYPOINT_PID_FILE" + __start_init_scripts "/usr/local/etc/docker/init.d" START_SERVICES="no" + CONTAINER_INIT="${CONTAINER_INIT:-no}" fi export START_SERVICES CONTAINER_INIT ENTRYPOINT_PID_FILE # - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/rootfs/usr/local/etc/docker/functions/entrypoint.sh b/rootfs/usr/local/etc/docker/functions/entrypoint.sh index 4a2f6c5..983c0ce 100644 --- a/rootfs/usr/local/etc/docker/functions/entrypoint.sh +++ b/rootfs/usr/local/etc/docker/functions/entrypoint.sh @@ -628,8 +628,6 @@ __set_user_group_id() { # - - - - - - - - - - - - - - - - - - - - - - - - - __create_service_user() { local exitStatus=0 - local max_attempts=100 - local attempt=0 local create_user="${1:-$SERVICE_USER}" local create_group="${2:-${SERVICE_GROUP:-$create_user}}" local create_home_dir="${3:-$WORK_DIR}" @@ -637,118 +635,55 @@ __create_service_user() { local create_gid="${5:-${SERVICE_GID:-$USER_GID}}" local random_id="$(__generate_random_uids)" local create_home_dir="${create_home_dir:-/home/$create_user}" - local log_file="/data/logs/init.txt" - # Ensure log directory exists - [ -d "$(dirname "$log_file")" ] || mkdir -p "$(dirname "$log_file")" 2>/dev/null - # Validate that we have at least a user or group to create - if [ -z "$create_user" ] && [ -z "$create_group" ]; then - echo "Error: No user or group specified to create" >&2 - return 1 - fi - # Validate user/group name format (alphanumeric, underscore, hyphen; must start with letter or underscore) - if [ -n "$create_user" ] && ! echo "$create_user" | grep -qE '^[a-z_][a-z0-9_-]*$'; then - echo "Error: Invalid username format '$create_user' - must start with letter/underscore, contain only lowercase alphanumeric, underscore, or hyphen" >&2 - return 1 - fi - if [ -n "$create_group" ] && ! echo "$create_group" | grep -qE '^[a-z_][a-z0-9_-]*$'; then - echo "Error: Invalid group name format '$create_group' - must start with letter/underscore, contain only lowercase alphanumeric, underscore, or hyphen" >&2 - return 1 - fi - # Check if user and group already exist - if grep -shq "^$create_user:" "/etc/passwd" && grep -shq "^$create_group:" "/etc/group"; then - return 0 - fi - # Root user/group - nothing to create + grep -shq "^$create_user:" "/etc/passwd" && grep -shq "^$create_group:" "/etc/group" && return if [ "$create_user" = "root" ] && [ "$create_group" = "root" ]; then return 0 fi - # Override with RUNAS_USER if specified and not root - if [ -n "$RUNAS_USER" ] && [ "$RUNAS_USER" != "root" ]; then + if [ "$RUNAS_USER" != "root" ] && [ "$RUNAS_USER" != "" ]; then create_user="$RUNAS_USER" create_group="$RUNAS_USER" create_uid="${create_uid:-1000}" create_gid="${create_gid:-1000}" fi - # Get existing UID/GID or use provided values - create_uid="$(__get_uid "$create_user" 2>/dev/null || echo "$create_uid")" - create_gid="$(__get_gid "$create_user" 2>/dev/null || echo "$create_gid")" - # Ensure we have valid non-root UID/GID - if [ -z "$create_uid" ] || [ "$create_uid" = "0" ]; then - create_uid="$random_id" - fi - if [ -z "$create_gid" ] || [ "$create_gid" = "0" ]; then - create_gid="$random_id" - fi - # Validate UID/GID are numeric and within valid range - if ! echo "$create_uid" | grep -qE '^[0-9]+$' || [ "$create_uid" -lt 1 ] || [ "$create_uid" -gt 65534 ]; then - echo "Error: Invalid UID '$create_uid' - must be a number between 1 and 65534" >&2 - return 1 - fi - if ! echo "$create_gid" | grep -qE '^[0-9]+$' || [ "$create_gid" -lt 1 ] || [ "$create_gid" -gt 65534 ]; then - echo "Error: Invalid GID '$create_gid' - must be a number between 1 and 65534" >&2 - return 1 - fi - # Find available UID/GID if current ones are taken (with loop protection) - while __check_for_uid "$create_uid" || __check_for_guid "$create_gid"; do - attempt=$((attempt + 1)) - if [ $attempt -ge $max_attempts ]; then - echo "Error: Could not find available UID/GID after $max_attempts attempts" >&2 - return 1 + create_uid="$(__get_uid "$create_user" || echo "$create_uid")" + create_gid="$(__get_gid "$create_user" || echo "$create_gid")" + [ -n "$create_uid" ] && [ "$create_uid" != "0" ] || create_uid="$random_id" + [ -n "$create_gid" ] && [ "$create_gid" != "0" ] || create_gid="$random_id" + while :; do + if __check_for_uid "$create_uid" && __check_for_guid "$create_gid"; then + create_uid=$(($random_id + 1)) + create_gid="$create_uid" + else + break fi - random_id=$((random_id + 1)) - create_uid="$random_id" - create_gid="$random_id" done - # Create group if needed if [ -n "$create_group" ] && ! __check_for_group "$create_group"; then - echo "Creating system group '$create_group' with GID $create_gid" - if ! groupadd --force --system -g "$create_gid" "$create_group" 2>&1 | tee -a "$log_file"; then - echo "Error: Failed to create group '$create_group'" >&2 - exitStatus=$((exitStatus + 1)) - elif ! grep -shq "^$create_group:" "/etc/group"; then - echo "Error: Group '$create_group' not found in /etc/group after creation" >&2 - exitStatus=$((exitStatus + 1)) - fi + echo "creating system group $create_group" + groupadd --force --system -g $create_gid $create_group 2>/dev/stderr | tee -a "/data/logs/init.txt" >/dev/null + grep -shq "$create_group" "/etc/group" || exitStatus=$((exitStatus + 1)) fi - # Create user if needed (only if group creation succeeded) - if [ $exitStatus -eq 0 ] && [ -n "$create_user" ] && ! __check_for_user "$create_user"; then - echo "Creating system user '$create_user' with UID $create_uid" - if ! useradd --system --uid "$create_uid" --gid "$create_group" --comment "Account for $create_user" --home-dir "$create_home_dir" --shell /bin/false "$create_user" 2>&1 | tee -a "$log_file"; then - echo "Error: Failed to create user '$create_user'" >&2 - exitStatus=$((exitStatus + 1)) - elif ! grep -shq "^$create_user:" "/etc/passwd"; then - echo "Error: User '$create_user' not found in /etc/passwd after creation" >&2 - exitStatus=$((exitStatus + 1)) - fi + if [ -n "$create_user" ] && ! __check_for_user "$create_user"; then + echo "creating system user $create_user" + useradd --system --uid $create_uid --gid $create_group --comment "Account for $create_user" --home-dir "$create_home_dir" --shell /bin/false $create_user 2>/dev/stderr | tee -a "/data/logs/init.txt" >/dev/null + grep -shq "$create_user" "/etc/passwd" || exitStatus=$((exitStatus + 1)) fi - # Setup user environment if creation succeeded if [ $exitStatus -eq 0 ] && [ -n "$create_group" ] && [ -n "$create_user" ]; then export WORK_DIR="${create_home_dir:-}" if [ -n "$WORK_DIR" ]; then - if [ ! -d "$WORK_DIR" ]; then - if ! mkdir -p "$WORK_DIR" 2>/dev/null; then - echo "Warning: Failed to create home directory '$WORK_DIR'" >&2 - fi - fi - if [ -d "/etc/.skel" ] && [ -d "$WORK_DIR" ]; then - cp -Rf /etc/.skel/. "$WORK_DIR/" 2>/dev/null || echo "Warning: Failed to copy skeleton files to '$WORK_DIR'" >&2 - fi + [ -d "$WORK_DIR" ] || mkdir -p "$WORK_DIR" + [ -d "/etc/.skel" ] && cp -Rf /etc/.skel/. "$WORK_DIR/" fi - # Setup sudo access - if [ -d "/etc/sudoers.d" ]; then - if [ ! -f "/etc/sudoers.d/$create_user" ]; then - echo "$create_user ALL=(ALL) NOPASSWD: ALL" >"/etc/sudoers.d/$create_user" 2>/dev/null || echo "Warning: Failed to create sudoers file for '$create_user'" >&2 - chmod 0440 "/etc/sudoers.d/$create_user" 2>/dev/null - fi - elif [ -f "/etc/sudoers" ] && ! grep -qs "^$create_user " "/etc/sudoers"; then - echo "$create_user ALL=(ALL) NOPASSWD: ALL" >>"/etc/sudoers" 2>/dev/null || echo "Warning: Failed to add '$create_user' to sudoers" >&2 + if [ -d "/etc/sudoers.d" ] && [ ! -f "/etc/sudoers.d/$create_user" ]; then + echo "$create_user ALL=(ALL) NOPASSWD: ALL" >"/etc/sudoers.d/$create_user" + elif [ -f "/etc/sudoers" ] && ! grep -qs "$create_user" "/etc/sudoers"; then + echo "$create_user ALL=(ALL) NOPASSWD: ALL" >"/etc/sudoers" fi + exitStatus=0 SERVICE_UID="$create_uid" SERVICE_GID="$create_gid" SERVICE_USER="$create_user" SERVICE_GROUP="$create_group" else - echo "Warning: Falling back to root user due to creation errors" >&2 SERVICE_UID=0 SERVICE_GID=0 SERVICE_USER=root @@ -1332,26 +1267,24 @@ __check_service() { } # - - - - - - - - - - - - - - - - - - - - - - - - - __switch_to_user() { - # Use SERVICE_USER if set, otherwise fall back to RUNAS_USER - local switch_user="${SERVICE_USER:-$RUNAS_USER}" - if [ "$switch_user" = "root" ]; then + if [ "$RUNAS_USER" = "root" ]; then su_exec="" su_cmd() { eval "$@" || return 1; } elif [ "$(builtin type -P gosu)" ]; then - su_exec="gosu $switch_user" + su_exec="gosu $RUNAS_USER" su_cmd() { $su_exec "$@" || return 1; } elif [ "$(builtin type -P runuser)" ]; then - su_exec="runuser -u $switch_user" + su_exec="runuser -u $RUNAS_USER" su_cmd() { $su_exec "$@" || return 1; } elif [ "$(builtin type -P sudo)" ]; then - su_exec="sudo -u $switch_user" + su_exec="sudo -u $RUNAS_USER" su_cmd() { $su_exec "$@" || return 1; } elif [ "$(builtin type -P su)" ]; then - su_exec="su -s /bin/sh - $switch_user" + su_exec="su -s /bin/sh - $RUNAS_USER" su_cmd() { $su_exec -c "$@" || return 1; } else su_exec="" - su_cmd() { echo "Can not switch to $switch_user: attempting to run as root" && eval "$@" || return 1; } + su_cmd() { echo "Can not switch to $RUNAS_USER: attempting to run as root" && eval "$@" || return 1; } fi export su_exec }