From 176c0e16c1ee2ab015e7cee5769ac23359808be3 Mon Sep 17 00:00:00 2001 From: Roscoe Rubin-Rottenberg Date: Mon, 21 Apr 2025 17:41:58 -0400 Subject: [PATCH 1/3] correct permissions --- docker/Dockerfile | 10 ++++++++-- docker/docker-compose.yml | 5 ++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index f7c7604..181e12a 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,6 +2,8 @@ FROM docker.io/golang:1.24-alpine3.21 AS build ENV CGO_ENABLED=1 +USER root + RUN apk add --no-cache gcc musl-dev WORKDIR /usr/src/app @@ -34,7 +36,7 @@ RUN apk add --no-cache shadow s6-overlay execline openssh git && \ adduser --disabled-password git && \ # We need to set password anyway since otherwise ssh won't work head -c 32 /dev/random | base64 | tr -dc 'a-zA-Z0-9' | passwd git --stdin && \ - mkdir /app && mkdir /home/git/repositories + mkdir -p /app && mkdir -p /home/git/repositories COPY --from=build /usr/local/bin/knotserver /usr/local/bin COPY --from=build /usr/local/bin/keyfetch /usr/local/libexec/tangled-keyfetch @@ -44,7 +46,11 @@ COPY docker/rootfs/ . RUN chown root:root /usr/local/libexec/tangled-keyfetch && \ chmod 755 /usr/local/libexec/tangled-keyfetch && \ chown git:git /home/git/repoguard && \ - chown git:git /app && chown git:git /home/git/repositories + chown -R git:git /app && chmod -R 755 /app && \ + chown -R git:git /home/git/repositories + +# Create an empty database file with correct permissions +RUN touch /app/knotserver.db && chown git:git /app/knotserver.db && chmod 644 /app/knotserver.db EXPOSE 22 EXPOSE 5555 diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 04a5793..93d92ec 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -11,7 +11,10 @@ services: volumes: - "./keys:/etc/ssh/keys" - "./repositories:/home/git/repositories" - - "./server:/app" + - db_data:/app ports: - "5555:5555" - "2222:22" + +volumes: + db_data: -- 2.43.0 From 3fea1df9c583c3fff70517a79aac905bbcc676d4 Mon Sep 17 00:00:00 2001 From: Roscoe Rubin-Rottenberg Date: Mon, 21 Apr 2025 19:58:48 -0400 Subject: [PATCH 2/3] permissions for git repos --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 181e12a..b68a53c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -47,7 +47,7 @@ RUN chown root:root /usr/local/libexec/tangled-keyfetch && \ chmod 755 /usr/local/libexec/tangled-keyfetch && \ chown git:git /home/git/repoguard && \ chown -R git:git /app && chmod -R 755 /app && \ - chown -R git:git /home/git/repositories + chown -R git:git /home/git/repositories && chmod -R 775 /home/git/repositories # Create an empty database file with correct permissions RUN touch /app/knotserver.db && chown git:git /app/knotserver.db && chmod 644 /app/knotserver.db -- 2.43.0 From 3df97244c9ad622444dc373cc997e07d8258a837 Mon Sep 17 00:00:00 2001 From: Roscoe Rubin-Rottenberg Date: Tue, 22 Apr 2025 11:56:31 -0400 Subject: [PATCH 3/3] all of the volumes --- docker/docker-compose.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 93d92ec..d983e75 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -9,8 +9,8 @@ services: KNOT_SERVER_DB_PATH: "/app/knotserver.db" KNOT_REPO_SCAN_PATH: "/home/git/repositories" volumes: - - "./keys:/etc/ssh/keys" - - "./repositories:/home/git/repositories" + - keys:/etc/ssh/keys + - repositories:/home/git/repositories - db_data:/app ports: - "5555:5555" @@ -18,3 +18,5 @@ services: volumes: db_data: + repositories: + keys: -- 2.43.0