Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change base image for Dockerfile #2289

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Change base image for Dockerfile #2289

wants to merge 3 commits into from
+69 −50

Conversation

tech-6
Copy link
Contributor

@tech-6 tech-6 commented Nov 24, 2024

  • Default user and group id is now 977 as 999 was taken.

Caution

!!This may cause permissions issues in existing installations.
The above mentioned permissions issues can be fixed by either:

  • mounting the volume with another container as a root user and changing ownership of /app/data (including their contents) to 977:977
  • chmod -R 977:977 /var/lib/docker/volumes/${VOLUME_NAME_OR_HASH} of the volume from the host's volume directory.
  • chmod -R 777 /app/data (don't do this)
  • Dockerfile and entrypoint.sh was changed to run NO application code as a privileged user. When the container is running there is no code executed in a privileged context, as anything requiring privileges is run during build time.
  • Addition of a .dockerignore file to ignore non-application files and improve docker cache hits.

Proposed fix #2288

@tech-6
add .dockerignore to help improve container image cache hits.
35ae9b4 
(cherry picked from commit 553641f)
@tech-6
BellSoft Dockerfile, rootless by default.
a332855 
Default user and group id is now 977 as 999 was taken.
!!**This may cause permissions issues in existing installations**. These issues can be fixed by either:
- mounting the volume with another container as a root user and changing ownership of `/app/data` (including their contents) to 977:977
- `chmod -R 977:977 /var/lib/docker/volumes/${VOLUME_NAME_OR_HASH}` of the volume from the host's volume directory.
- `chmod -R  777 /app/data` (don't do this)

Dockerfile and entrypoint.sh was changed to run NO application code as a privileged user. When the container is running there is no code executed in a privileged context, as anything requiring privileges is run during build time.

Proposed Solution to dzikoysk#2288
@tech-6 tech-6 mentioned this pull request Nov 24, 2024
Open
@tech-6 tech-6 marked this pull request as ready for review November 26, 2024 02:01
@tech-6
Copy link
Contributor Author

tech-6 commented Nov 26, 2024

Seems ready for review, has been stable in my testing environment.

@dzikoysk
Copy link
Owner

Hmm... I'm a bit worried about changing current behaviour - we have quite wide variety of users, even on some exotic setups. That's also the reason why we basically moved a lot of the logic to the entrypoint.sh script.

I think it requires deeper investigation, I'll try to check some historical issues. I guess you could also browse them by searching for Dockerfile or entrypoint keywords.

@dzikoysk dzikoysk added the investigation Issue is currently investigeted, e.g. author is trying to reproduce problem label Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
investigation Issue is currently investigeted, e.g. author is trying to reproduce problem
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Deprecation of openJDK docker images
2 participants
@tech-6 @dzikoysk