mirror of
https://github.com/BetterCorp/BetterFrame.git
synced 2026-05-26 20:16:35 +00:00
fix(nodered): entrypoint runs as root to fix stale /data state, drops to node-red via su-exec
Previous deploy left /data/settings.js as a DIRECTORY (Docker auto-mkdir from a failed bind mount earlier). cp from non-root user then failed 'Permission denied' writing inside it. Entrypoint now: - Detects + rm -rf the stale directory - Seeds /data/settings.js from /usr/src/bf-settings.js - Chowns /data to node-red - exec su-exec node-red:node-red to drop privileges before npm start
This commit is contained in:
Mitchell R
parent
7baa1a07f9
commit
f087fdc056
2 changed files with 26 additions and 9 deletions
|
|
@ -23,7 +23,10 @@ RUN cd /usr/src/betterframe-nodes && \
|
|||
npm install --omit=dev && \
|
||||
chown -R node-red:root /usr/src/betterframe-nodes /usr/src/bf-settings.js
|
||||
|
||||
USER node-red
|
||||
# Run entrypoint as root so it can fix stale /data state (e.g. /data/settings.js
|
||||
# left as a directory by a previous broken bind mount). Entrypoint drops to
|
||||
# node-red via su-exec before launching the actual server.
|
||||
USER root
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/bf-nodered-entrypoint"]
|
||||
CMD []
|
||||
|
|
|
|||
|
|
@ -1,16 +1,30 @@
|
|||
#!/usr/bin/env sh
|
||||
# Seed /data/settings.js with our BF defaults on first boot.
|
||||
# /data is volume-mounted, so the COPY in the Dockerfile gets hidden
|
||||
# unless we plant a copy after the mount comes up.
|
||||
# Seed /data/settings.js on first boot. The /data named volume overlays
|
||||
# anything we COPY into /data during image build, so the file has to be
|
||||
# planted after the volume mounts.
|
||||
#
|
||||
# Runs as root, fixes /data ownership + any stale directories left by
|
||||
# previous bind-mount attempts, then drops to the node-red user.
|
||||
set -eu
|
||||
|
||||
DATA=/data
|
||||
TPL=/usr/src/bf-settings.js
|
||||
TARGET="$DATA/settings.js"
|
||||
|
||||
if [ ! -f "$DATA/settings.js" ]; then
|
||||
echo "[bf-nodered] seeding $DATA/settings.js from $TPL"
|
||||
cp "$TPL" "$DATA/settings.js"
|
||||
# Clear stale path if a previous broken bind-mount left a directory where
|
||||
# we expect a file.
|
||||
if [ -d "$TARGET" ]; then
|
||||
echo "[bf-nodered] $TARGET is a directory (stale bind mount?). Removing."
|
||||
rm -rf "$TARGET"
|
||||
fi
|
||||
|
||||
# Exec the upstream nodered entrypoint args verbatim.
|
||||
exec npm start --cache /data/.npm -- --userDir /data "$@"
|
||||
if [ ! -f "$TARGET" ]; then
|
||||
echo "[bf-nodered] seeding $TARGET from $TPL"
|
||||
cp "$TPL" "$TARGET"
|
||||
fi
|
||||
|
||||
# Ensure the volume + seeded file are owned by node-red.
|
||||
chown -R node-red:root "$DATA" 2>/dev/null || true
|
||||
|
||||
# Drop to the node-red user before launching. The base image ships su-exec.
|
||||
exec su-exec node-red:node-red npm start --cache /data/.npm -- --userDir /data "$@"
|
||||
|
|
|
|||
Loading…
Reference in a new issue