From d73a289a05d0b3dfb8e64207e96d668ba788c09e Mon Sep 17 00:00:00 2001 From: perfectra1n Date: Wed, 21 May 2025 15:40:21 -0700 Subject: [PATCH] feat(docker): move from inline script to entrypoint --- apps/server/Dockerfile.alpine.rootless | 26 ++++++------------------ apps/server/Dockerfile.rootless | 28 ++++++-------------------- apps/server/rootless-entrypoint.sh | 26 ++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 42 deletions(-) create mode 100755 apps/server/rootless-entrypoint.sh diff --git a/apps/server/Dockerfile.alpine.rootless b/apps/server/Dockerfile.alpine.rootless index ebafbabff..11946e78b 100644 --- a/apps/server/Dockerfile.alpine.rootless +++ b/apps/server/Dockerfile.alpine.rootless @@ -41,25 +41,11 @@ ENV TRILIUM_DATA_DIR=/home/${USER}/trilium-data # Use dumb-init as entrypoint to handle signals properly ENTRYPOINT ["/usr/bin/dumb-init", "--"] -# This script will handle UID/GID checks and start the app -CMD [ "sh", "-c", "\ -if [ \"${TRILIUM_UID}\" != \"$(id -u)\" ] || [ \"${TRILIUM_GID}\" != \"$(id -g)\" ]; then \ - echo \"Detected UID:GID mismatch\"; \ - if [ \"${TRILIUM_GID}\" != \"$(id -g)\" ]; then \ - echo \"ERROR: Cannot change GID at runtime in rootless mode.\"; \ - echo \" Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead.\"; \ - exit 1; \ - fi; \ - if [ \"${TRILIUM_UID}\" != \"$(id -u)\" ]; then \ - echo \"ERROR: Cannot change UID at runtime in rootless mode.\"; \ - echo \" Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead.\"; \ - exit 1; \ - fi; \ -fi; \ -# Make sure data directory has correct permissions \ -mkdir -p \"${TRILIUM_DATA_DIR}\"; \ -# Start the app \ -exec node ./main \ -" ] +# Copy the entrypoint script +COPY rootless-entrypoint.sh /home/${USER}/app/ +RUN chmod +x /home/${USER}/app/rootless-entrypoint.sh + +# Use the entrypoint script +CMD ["/home/${USER}/app/rootless-entrypoint.sh"] HEALTHCHECK --start-period=10s CMD node /home/${USER}/app/docker_healthcheck.js diff --git a/apps/server/Dockerfile.rootless b/apps/server/Dockerfile.rootless index 40f8cda23..950ccee46 100644 --- a/apps/server/Dockerfile.rootless +++ b/apps/server/Dockerfile.rootless @@ -40,27 +40,11 @@ ENV TRILIUM_UID=${UID} ENV TRILIUM_GID=${GID} ENV TRILIUM_DATA_DIR=/home/${USER}/trilium-data -# This script will handle UID/GID remapping if needed and then start the app -CMD [ "sh", "-c", "\ -if [ \"${TRILIUM_UID}\" != \"$(id -u)\" ] || [ \"${TRILIUM_GID}\" != \"$(id -g)\" ]; then \ - echo \"Remapping user ${USER} to UID:GID ${TRILIUM_UID}:${TRILIUM_GID}\"; \ - # Use 'id -u' and 'id -g' to get current UID and GID \ - if [ \"${TRILIUM_GID}\" != \"$(id -g)\" ]; then \ - # Need root to modify user/group, but we can't use sudo, so we need to exit \ - echo \"ERROR: Cannot change GID at runtime in rootless mode.\"; \ - echo \" Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead.\"; \ - exit 1; \ - fi; \ - if [ \"${TRILIUM_UID}\" != \"$(id -u)\" ]; then \ - echo \"ERROR: Cannot change UID at runtime in rootless mode.\"; \ - echo \" Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead.\"; \ - exit 1; \ - fi; \ -fi; \ -# Make sure data directory has correct permissions \ -mkdir -p \"${TRILIUM_DATA_DIR}\"; \ -# Start the app \ -exec node ./main \ -" ] +# Copy the entrypoint script +COPY rootless-entrypoint.sh /home/${USER}/app/ +RUN chmod +x /home/${USER}/app/rootless-entrypoint.sh + +# Use the entrypoint script +CMD ["/home/${USER}/app/rootless-entrypoint.sh"] HEALTHCHECK --start-period=10s CMD node /home/${USER}/app/docker_healthcheck.js diff --git a/apps/server/rootless-entrypoint.sh b/apps/server/rootless-entrypoint.sh new file mode 100755 index 000000000..0828cf24f --- /dev/null +++ b/apps/server/rootless-entrypoint.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# Rootless entrypoint script for Trilium Notes +# Works with both Debian and Alpine-based images + +# Check if runtime UID/GID match the expected values +if [ "${TRILIUM_UID}" != "$(id -u)" ] || [ "${TRILIUM_GID}" != "$(id -g)" ]; then + echo "Detected UID:GID mismatch (current: $(id -u):$(id -g), expected: ${TRILIUM_UID}:${TRILIUM_GID})" + # Check GID mismatch + if [ "${TRILIUM_GID}" != "$(id -g)" ]; then + echo "ERROR: Cannot change GID at runtime in rootless mode." + echo " Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead." + exit 1 + fi + # Check UID mismatch + if [ "${TRILIUM_UID}" != "$(id -u)" ]; then + echo "ERROR: Cannot change UID at runtime in rootless mode." + echo " Please use docker run with --user ${TRILIUM_UID}:${TRILIUM_GID} instead." + exit 1 + fi +fi + +# Make sure data directory has correct permissions +mkdir -p "${TRILIUM_DATA_DIR}" + +# Start the app +exec node ./main