Fossil SCM
Updated the nojail patch so it'll apply atop the new Dockerfile changes.
Commit
45e0475ca70a273e1b558ab4649807a020edab280f5fc3ec2f0ae01688839a9b
Parent
930a655a14e9b04…
1 file changed
+16
-26
+16
-26
| --- containers/Dockerfile-nojail.patch | ||
| +++ containers/Dockerfile-nojail.patch | ||
| @@ -1,55 +1,45 @@ | ||
| 1 | 1 | Index: Dockerfile |
| 2 | 2 | ================================================================== |
| 3 | 3 | --- Dockerfile |
| 4 | 4 | +++ Dockerfile |
| 5 | -@@ -61,13 +61,13 @@ | |
| 5 | +@@ -73,13 +73,13 @@ | |
| 6 | 6 | ## --------------------------------------------------------------------- |
| 7 | 7 | ## STAGE 2: Pare that back to the bare essentials. |
| 8 | 8 | ## --------------------------------------------------------------------- |
| 9 | 9 | |
| 10 | 10 | FROM scratch |
| 11 | 11 | -WORKDIR /jail |
| 12 | 12 | +WORKDIR / |
| 13 | 13 | ARG UID=499 |
| 14 | --ENV PATH "/bin:/jail/bin" | |
| 15 | -+ENV PATH "/bin" | |
| 14 | +-ENV PATH "/bin:/usr/bin:/jail/bin" | |
| 15 | ++ENV PATH "/bin:/usr/bin" | |
| 16 | 16 | |
| 17 | 17 | ### Lay BusyBox down as the first base layer. Coupled with the host's |
| 18 | 18 | ### kernel, this is the "OS." |
| 19 | 19 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 20 | - RUN [ "/bin/busybox", "--install", "/bin" ] | |
| 21 | -@@ -78,20 +78,17 @@ | |
| 22 | - RUN set -x \ | |
| 23 | - && echo 'root:x:0:0:SysAdmin:/:/bin/nologin' > /etc/passwd \ | |
| 24 | - && echo 'root:x:0:root' > /etc/group \ | |
| 25 | - && addgroup -S -g ${UID} fossil \ | |
| 26 | - && adduser -S -h `pwd` -g 'Fossil User' -G fossil -u ${UID} fossil \ | |
| 27 | -- && install -d -m 700 -o fossil -g fossil log museum \ | |
| 28 | -- && install -d -m 755 -o fossil -g fossil dev \ | |
| 29 | -- && mknod -m 666 dev/null c 1 3 \ | |
| 30 | -- && mknod -m 444 dev/urandom c 1 9 | |
| 31 | -+ && install -d -m 700 -o fossil -g fossil log museum | |
| 20 | + COPY --from=builder /etc/os-release /etc/ | |
| 21 | +@@ -101,13 +101,13 @@ | |
| 22 | + && mknod -m 666 dev/null c 1 3 \ | |
| 23 | + && mknod -m 444 dev/urandom c 1 9 | |
| 32 | 24 | |
| 33 | 25 | ### Do Fossil-specific things atop those base layers; this will change |
| 34 | 26 | ### as often as the Fossil build-from-source layer above. |
| 35 | - COPY --from=builder /tmp/fossil bin/ | |
| 27 | +-COPY --from=builder /tmp/fossil bin/ | |
| 28 | ++COPY --from=builder /tmp/fossil /usr/bin/ | |
| 36 | 29 | RUN set -x \ |
| 37 | -- && ln -s /jail/bin/fossil /bin/f \ | |
| 38 | -+ && ln -s /bin/fossil /bin/f \ | |
| 39 | - && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum \ | |
| 40 | - && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum \ | |
| 30 | +- && ln -s /jail/bin/fossil /usr/bin/f \ | |
| 31 | ++ && ln -s /usr/bin/fossil /usr/bin/f \ | |
| 32 | + && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /usr/bin/sha1sum \ | |
| 33 | + && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /usr/bin/sha3sum \ | |
| 41 | 34 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \ |
| 42 | - /bin/sqlite3 \ | |
| 43 | - && chmod +x /bin/sha?sum /bin/sqlite3 | |
| 44 | -@@ -100,12 +97,12 @@ | |
| 45 | - ## --------------------------------------------------------------------- | |
| 46 | - ## STAGE 3: Run! | |
| 35 | + /usr/bin/sqlite3 \ | |
| 36 | + && chmod +x /usr/bin/sha?sum /usr/bin/sqlite3 | |
| 37 | +@@ -118,10 +118,9 @@ | |
| 47 | 38 | ## --------------------------------------------------------------------- |
| 48 | 39 | |
| 49 | 40 | EXPOSE 8080/tcp |
| 50 | -+USER fossil | |
| 51 | 41 | CMD [ \ |
| 52 | 42 | "bin/fossil", "server", \ |
| 53 | 43 | - "--chroot", "/jail", \ |
| 54 | 44 | "--create", \ |
| 55 | 45 | "--jsmode", "bundled", \ |
| 56 | 46 |
| --- containers/Dockerfile-nojail.patch | |
| +++ containers/Dockerfile-nojail.patch | |
| @@ -1,55 +1,45 @@ | |
| 1 | Index: Dockerfile |
| 2 | ================================================================== |
| 3 | --- Dockerfile |
| 4 | +++ Dockerfile |
| 5 | @@ -61,13 +61,13 @@ |
| 6 | ## --------------------------------------------------------------------- |
| 7 | ## STAGE 2: Pare that back to the bare essentials. |
| 8 | ## --------------------------------------------------------------------- |
| 9 | |
| 10 | FROM scratch |
| 11 | -WORKDIR /jail |
| 12 | +WORKDIR / |
| 13 | ARG UID=499 |
| 14 | -ENV PATH "/bin:/jail/bin" |
| 15 | +ENV PATH "/bin" |
| 16 | |
| 17 | ### Lay BusyBox down as the first base layer. Coupled with the host's |
| 18 | ### kernel, this is the "OS." |
| 19 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 20 | RUN [ "/bin/busybox", "--install", "/bin" ] |
| 21 | @@ -78,20 +78,17 @@ |
| 22 | RUN set -x \ |
| 23 | && echo 'root:x:0:0:SysAdmin:/:/bin/nologin' > /etc/passwd \ |
| 24 | && echo 'root:x:0:root' > /etc/group \ |
| 25 | && addgroup -S -g ${UID} fossil \ |
| 26 | && adduser -S -h `pwd` -g 'Fossil User' -G fossil -u ${UID} fossil \ |
| 27 | - && install -d -m 700 -o fossil -g fossil log museum \ |
| 28 | - && install -d -m 755 -o fossil -g fossil dev \ |
| 29 | - && mknod -m 666 dev/null c 1 3 \ |
| 30 | - && mknod -m 444 dev/urandom c 1 9 |
| 31 | + && install -d -m 700 -o fossil -g fossil log museum |
| 32 | |
| 33 | ### Do Fossil-specific things atop those base layers; this will change |
| 34 | ### as often as the Fossil build-from-source layer above. |
| 35 | COPY --from=builder /tmp/fossil bin/ |
| 36 | RUN set -x \ |
| 37 | - && ln -s /jail/bin/fossil /bin/f \ |
| 38 | + && ln -s /bin/fossil /bin/f \ |
| 39 | && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum \ |
| 40 | && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum \ |
| 41 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \ |
| 42 | /bin/sqlite3 \ |
| 43 | && chmod +x /bin/sha?sum /bin/sqlite3 |
| 44 | @@ -100,12 +97,12 @@ |
| 45 | ## --------------------------------------------------------------------- |
| 46 | ## STAGE 3: Run! |
| 47 | ## --------------------------------------------------------------------- |
| 48 | |
| 49 | EXPOSE 8080/tcp |
| 50 | +USER fossil |
| 51 | CMD [ \ |
| 52 | "bin/fossil", "server", \ |
| 53 | - "--chroot", "/jail", \ |
| 54 | "--create", \ |
| 55 | "--jsmode", "bundled", \ |
| 56 |
| --- containers/Dockerfile-nojail.patch | |
| +++ containers/Dockerfile-nojail.patch | |
| @@ -1,55 +1,45 @@ | |
| 1 | Index: Dockerfile |
| 2 | ================================================================== |
| 3 | --- Dockerfile |
| 4 | +++ Dockerfile |
| 5 | @@ -73,13 +73,13 @@ |
| 6 | ## --------------------------------------------------------------------- |
| 7 | ## STAGE 2: Pare that back to the bare essentials. |
| 8 | ## --------------------------------------------------------------------- |
| 9 | |
| 10 | FROM scratch |
| 11 | -WORKDIR /jail |
| 12 | +WORKDIR / |
| 13 | ARG UID=499 |
| 14 | -ENV PATH "/bin:/usr/bin:/jail/bin" |
| 15 | +ENV PATH "/bin:/usr/bin" |
| 16 | |
| 17 | ### Lay BusyBox down as the first base layer. Coupled with the host's |
| 18 | ### kernel, this is the "OS." |
| 19 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 20 | COPY --from=builder /etc/os-release /etc/ |
| 21 | @@ -101,13 +101,13 @@ |
| 22 | && mknod -m 666 dev/null c 1 3 \ |
| 23 | && mknod -m 444 dev/urandom c 1 9 |
| 24 | |
| 25 | ### Do Fossil-specific things atop those base layers; this will change |
| 26 | ### as often as the Fossil build-from-source layer above. |
| 27 | -COPY --from=builder /tmp/fossil bin/ |
| 28 | +COPY --from=builder /tmp/fossil /usr/bin/ |
| 29 | RUN set -x \ |
| 30 | - && ln -s /jail/bin/fossil /usr/bin/f \ |
| 31 | + && ln -s /usr/bin/fossil /usr/bin/f \ |
| 32 | && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /usr/bin/sha1sum \ |
| 33 | && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /usr/bin/sha3sum \ |
| 34 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \ |
| 35 | /usr/bin/sqlite3 \ |
| 36 | && chmod +x /usr/bin/sha?sum /usr/bin/sqlite3 |
| 37 | @@ -118,10 +118,9 @@ |
| 38 | ## --------------------------------------------------------------------- |
| 39 | |
| 40 | EXPOSE 8080/tcp |
| 41 | CMD [ \ |
| 42 | "bin/fossil", "server", \ |
| 43 | - "--chroot", "/jail", \ |
| 44 | "--create", \ |
| 45 | "--jsmode", "bundled", \ |
| 46 |