Mount the contributor image in the same place as the project itself.

Also run as domjudge, not root, by default. One can use sudo to access the root shell.

Author: nickygerritsen

docker-contributor/Dockerfile

@@ -34,12 +34,9 @@ RUN apt update \
     supervisor apache2-utils lsb-release \
     libcurl4-gnutls-dev libjsoncpp-dev libmagic-dev \
     enscript lpr ca-certificates less vim \
-    php-pear php-dev software-properties-common pkg-config libcairo2-dev python3-dev \
+    php-pear php-dev software-properties-common python3-pygments rst2pdf \
     && rm -rf /var/lib/apt/lists/*
 
-# Needed for building the docs
-RUN pip3 install pygments && pip3 install rst2pdf
-
 # Forward nginx request and error logs to standard output/error. Also create directory for PHP-FPM socket
 RUN ln -sf /dev/stdout /var/log/nginx/access.log \
 	&& ln -sf /dev/stderr /var/log/nginx/error.log \
@@ -83,11 +80,6 @@ RUN for VERSION in $PHPSUPPORTED; do \
     done
 RUN update-alternatives --set php-fpm /usr/sbin/php-fpm${DEFAULTPHPVERSION}
 
-# Add exposed volume
-VOLUME ["/domjudge"]
-
-WORKDIR /domjudge
-
 # Add PHP configuration
 RUN mkdir /php-config
 COPY ["php-config", "/php-config"]
@@ -114,5 +106,7 @@ COPY ["supervisor", "/etc/supervisor/conf.d/"]
 COPY ["sudoers-domjudge", "/etc/sudoers.d/domjudge"]
 RUN chmod 440 /etc/sudoers.d/domjudge
 
+USER domjudge
+
 # Expose HTTP port
 EXPOSE 80

docker-contributor/README.md

@@ -37,10 +37,10 @@ Next, if you are on Linux make sure you have cgroups enabled. See the [DOMjudge
 Now you can run DOMjudge itself using the following command:
 
 ```bash
-docker run -v [path-to-domjudge-checkout]:/domjudge -v /sys/fs/cgroup:/sys/fs/cgroup:ro --link dj-mariadb:mariadb -it -e MYSQL_HOST=mariadb -e MYSQL_USER=domjudge -e MYSQL_DATABASE=domjudge -e MYSQL_PASSWORD=djpw -e MYSQL_ROOT_PASSWORD=rootpw -p 12345:80 --name domjudge --privileged domjudge/domjudge-contributor
+docker run -v [path-to-domjudge-checkout]:[path-to-domjudge-checkout] -v /sys/fs/cgroup:/sys/fs/cgroup:ro --link dj-mariadb:mariadb -it -e PROJECT_DIR=[path-to-domjudge-checkout] -p 12345:80 --name domjudge --privileged domjudge/domjudge-contributor
 ```
 
-Make sure you replace `[path-to-domjudge-checkout]` with the path to your local DOMjudge checkout. On recent macOS and Windows Docker builds, you should add `:cached` at the end of the `/domjudge` volume (i.e. `-v [path-to-domjudge-checkout]:/domjudge:cached`) to speed up the webserver a lot.
+Make sure you replace `[path-to-domjudge-checkout]` with the path to your local DOMjudge checkout. On recent macOS and Windows Docker builds, you should add `:cached` at the end of the volume (i.e. `-v [path-to-domjudge-checkout]:[path-to-domjudge-checkout]:cached`) to speed up the webserver a lot.
 
 The above command will start the container, set up DOMjudge for a maintainer install, set up the database and create a chroot to be used by the judgedaemons. It will then start nginx, PHP-FPM and two judgedaemons using supervisord.
 
@@ -128,7 +128,7 @@ Xdebug has the following settings:
 
 ### Accessing the judgings
 
-Because the chroot script copies some special devices into every chroot used for judging and Docker does not support having these special devices on volumes, a bind-mount is created for `/domjudge/output/judgings`. Thus, if you want to access the contents of this directory, use `docker exec -it domjudge bash` to get access into the container and go to that directory.
+Because the chroot script copies some special devices into every chroot used for judging and Docker does not support having these special devices on volumes, a bind-mount is created for `[path-to-domjudge-checkout]/output/judgings`. Thus, if you want to access the contents of this directory, use `docker exec -it domjudge bash` to get access into the container and go to that directory.
 
 ## Building the image
 

docker-contributor/scripts/bin/extra-judges

@@ -7,6 +7,6 @@ then
 fi
 
 for id in `seq 2 3`; do
-  supervisorctl $1 judgedaemon$id
+  sudo supervisorctl $1 judgedaemon$id
 done
 

docker-contributor/scripts/bin/submit-test-programs

@@ -1,7 +1,12 @@
 #!/bin/bash
-if [[ -d /domjudge/webapp/var/log ]]
+if [ -z "$PROJECT_DIR" ]
 then
-    tail -F /domjudge/webapp/var/log/dev.log
+  PROJECT_DIR=/domjudge
+fi
+
+if [[ -d "${PROJECT_DIR}/webapp/var/log" ]]
+then
+    tail -F "${PROJECT_DIR}/webapp/var/log/dev.log"
 else
-    tail -F /domjudge/webapp/var/logs/dev.log
+    tail -F "${PROJECT_DIR}/webapp/var/logs/dev.log"
 fi

docker-contributor/scripts/bin/symfony-log

@@ -1,3 +1,3 @@
 #!/bin/bash
-phpdismod xdebug
-supervisorctl restart php
+sudo phpdismod xdebug
+sudo supervisorctl restart php

docker-contributor/scripts/bin/xdebug-disable

@@ -1,3 +1,3 @@
 #!/bin/bash
-phpenmod xdebug
-supervisorctl restart php
+sudo phpenmod xdebug
+sudo supervisorctl restart php

docker-contributor/scripts/bin/xdebug-enable

@@ -10,32 +10,37 @@ function file_or_env {
 }
 
 echo "[..] Setting timezone"
-ln -snf "/usr/share/zoneinfo/${CONTAINER_TIMEZONE}" /etc/localtime
-echo "${CONTAINER_TIMEZONE}" > /etc/timezone
-dpkg-reconfigure -f noninteractive tzdata
+sudo ln -snf "/usr/share/zoneinfo/${CONTAINER_TIMEZONE}" /etc/localtime
+echo "${CONTAINER_TIMEZONE}" | sudo tee /etc/timezone
+sudo dpkg-reconfigure -f noninteractive tzdata
 echo "[ok] Container timezone set to: ${CONTAINER_TIMEZONE}"; echo
 
 echo "[..] Changing nginx and PHP configuration settings"
 # Set correct settings
-sed -ri -e "s/^user.*/user domjudge;/" /etc/nginx/nginx.conf
+sudo sed -ri -e "s/^user.*/user domjudge;/" /etc/nginx/nginx.conf
 for VERSION in $PHPSUPPORTED
 do
-  sed -ri -e "s/^upload_max_filesize.*/upload_max_filesize = 100M/" \
+  sudo sed -ri -e "s/^upload_max_filesize.*/upload_max_filesize = 100M/" \
       -e "s/^post_max_size.*/post_max_size = 100M/" \
       -e "s/^memory_limit.*/memory_limit = 2G/" \
       -e "s/^max_file_uploads.*/max_file_uploads = 200/" \
       -e "s#^;date\.timezone.*#date.timezone = ${CONTAINER_TIMEZONE}#" \
       "/etc/php/${VERSION}/fpm/php.ini"
-  sed -ri -e "s#^;date\.timezone.*#date.timezone = ${CONTAINER_TIMEZONE}#" \
+  sudo sed -ri -e "s#^;date\.timezone.*#date.timezone = ${CONTAINER_TIMEZONE}#" \
       "/etc/php/${VERSION}/cli/php.ini"
 done
 echo "[ok] Done changing nginx and PHP configuration settings"; echo
 
-cd /domjudge
+if [ -z "$PROJECT_DIR" ]
+then
+  PROJECT_DIR=/domjudge
+fi
+
+cd "$PROJECT_DIR"
 
 if [[ ! -f README.md ]] || ! grep -q DOMjudge README.md
 then
-  echo "DOMjudge sources not found. Did you add a volume with your DOMjudge checkout at /domjudge?"
+  echo "DOMjudge sources not found. Did you add a volume with your DOMjudge checkout at ${PROJECT_DIR}?"
   exit 1
 fi
 
@@ -48,7 +53,6 @@ host=${MYSQL_HOST}
 user=root
 password=${MYSQL_ROOT_PASSWORD}
 EOF
-chown domjudge: /home/domjudge/.my.cnf
 
 echo "[..] Updating database credentials file"
 echo "dummy:${MYSQL_HOST}:${MYSQL_DATABASE}:${MYSQL_USER}:${MYSQL_PASSWORD}" > etc/dbpasswords.secret
@@ -59,15 +63,15 @@ then
   echo "Skipping maintainer-mode install for DOMjudge"
 else
   echo "[..] Performing maintainer-mode install for DOMjudge"
-  sudo -H -u domjudge make maintainer-conf CONFIGURE_FLAGS="--with-baseurl=http://localhost/ --with-webserver-group=domjudge"
-  sudo -H -u domjudge make maintainer-install
+  make maintainer-conf CONFIGURE_FLAGS="--with-baseurl=http://localhost/ --with-webserver-group=domjudge"
+  make maintainer-install
   echo "[ok] DOMjudge installed in Maintainer-mode"; echo
 fi
 
 echo "[..] Setting up bind mount and correct permissions for judgings"
-mkdir -p /domjudge-judgings
-mount -o bind /domjudge-judgings /domjudge/output/judgings
-chown -R domjudge output
+sudo mkdir -p /domjudge-judgings
+sudo mount -o bind /domjudge-judgings "${PROJECT_DIR}/output/judgings"
+sudo chown -R domjudge output
 echo "[ok] Done setting up permissions"
 
 # Sometimes when running `docker-compose up` we're too fast at this step
@@ -91,13 +95,13 @@ then
   exit 1
 fi
 
-if ! bin/dj_setup_database -uroot -p"${MYSQL_ROOT_PASSWORD}" status > /dev/null 2>&1
+if ! sudo bin/dj_setup_database -uroot -p"${MYSQL_ROOT_PASSWORD}" status > /dev/null 2>&1
 then
   echo "  Database not installed; installing..."
-  bin/dj_setup_database -uroot -p"${MYSQL_ROOT_PASSWORD}" bare-install
+  sudo bin/dj_setup_database -uroot -p"${MYSQL_ROOT_PASSWORD}" bare-install
 else
   echo "  Database installed; upgrading..."
-  bin/dj_setup_database -uroot -p"${MYSQL_ROOT_PASSWORD}" upgrade
+  sudo bin/dj_setup_database -uroot -p"${MYSQL_ROOT_PASSWORD}" upgrade
 fi
 echo "[ok] Database ready"; echo
 
@@ -107,63 +111,64 @@ echo "[ok] Changed restapi URL from http://localhost/domjudge to http://localhos
 
 echo "[..] Copying webserver config"
 # Set up vhost
-cp etc/nginx-conf /etc/nginx/sites-enabled/default
+sudo cp etc/nginx-conf /etc/nginx/sites-enabled/default
 # Replace nginx php socket location
-sed -i 's/server unix:.*/server unix:\/var\/run\/php-fpm-domjudge.sock;/' /etc/nginx/sites-enabled/default
+sudo sed -i 's/server unix:.*/server unix:\/var\/run\/php-fpm-domjudge.sock;/' /etc/nginx/sites-enabled/default
 # Remove default FPM pool config and link in DOMjudge version
 for VERSION in $PHPSUPPORTED
 do
   if [[ -f /etc/php/${VERSION}/fpm/pool.d/www.conf ]]
   then
-    rm "/etc/php/${VERSION}/fpm/pool.d/www.conf"
+    sudo rm "/etc/php/${VERSION}/fpm/pool.d/www.conf"
   fi
   if [[ ! -f /etc/php/${VERSION}/fpm/pool.d/domjudge.conf ]]
   then
-    ln -s /domjudge/etc/domjudge-fpm.conf "/etc/php/${VERSION}/fpm/pool.d/domjudge.conf"
+    sudo ln -s "${PROJECT_DIR}/etc/domjudge-fpm.conf" "/etc/php/${VERSION}/fpm/pool.d/domjudge.conf"
   fi
   # Change pm.max_children
-  sed -i "s/^pm\.max_children = .*$/pm.max_children = ${FPM_MAX_CHILDREN}/" "/etc/php/${VERSION}/fpm/pool.d/domjudge.conf"
+  sudo sed -i "s/^pm\.max_children = .*$/pm.max_children = ${FPM_MAX_CHILDREN}/" "/etc/php/${VERSION}/fpm/pool.d/domjudge.conf"
 done
 
-chown domjudge: /domjudge/etc/dbpasswords.secret
-chown domjudge: /domjudge/etc/restapi.secret
-# shellcheck disable=SC2034
-HAS_INNER_NGINX=1
-cp etc/nginx-conf-inner /etc/nginx/snippets/domjudge-inner
+sudo chown domjudge: "${PROJECT_DIR}/etc/dbpasswords.secret"
+sudo chown domjudge: "${PROJECT_DIR}/etc/restapi.secret"
+sudo cp etc/nginx-conf-inner /etc/nginx/snippets/domjudge-inner
 NGINX_CONFIG_FILE=/etc/nginx/snippets/domjudge-inner
-sed -i 's/\/domjudge\/etc\/nginx-conf-inner/\/etc\/nginx\/snippets\/domjudge-inner/' /etc/nginx/sites-enabled/default
+sudo sed -i "s|${PROJECT_DIR}/etc/nginx-conf-inner|/etc/nginx/snippets/domjudge-inner|" /etc/nginx/sites-enabled/default
 # Run DOMjudge in root
-sed -i '/^# location \//,/^# \}/ s/# //' $NGINX_CONFIG_FILE
-sed -i '/^location \/domjudge/,/^\}/ s/^/#/' $NGINX_CONFIG_FILE
-sed -i 's/\/domjudge;/"";/' $NGINX_CONFIG_FILE
+sudo sed -i '/^# location \//,/^# \}/ s/# //' $NGINX_CONFIG_FILE
+sudo sed -i '/^location \/domjudge/,/^\}/ s/^/#/' $NGINX_CONFIG_FILE
+sudo sed -i 's/\/domjudge;/"";/' $NGINX_CONFIG_FILE
 # Remove access_log and error_log entries
-sed -i '/access_log/d' $NGINX_CONFIG_FILE
-sed -i '/error_log/d' $NGINX_CONFIG_FILE
+sudo sed -i '/access_log/d' $NGINX_CONFIG_FILE
+sudo sed -i '/error_log/d' $NGINX_CONFIG_FILE
 # Use debug front controller
-sed -i 's/app\.php/app_dev.php/g' $NGINX_CONFIG_FILE
-sed -i 's/app\\\.php/app\\_dev.php/g' $NGINX_CONFIG_FILE
+sudo sed -i 's/app\.php/app_dev.php/g' $NGINX_CONFIG_FILE
+sudo sed -i 's/app\\\.php/app\\_dev.php/g' $NGINX_CONFIG_FILE
 # Set up permissions (make sure the script does not stop if this fails, as this will happen on macOS / Windows)
-chown domjudge: /domjudge/webapp/var
+sudo chown domjudge: "${PROJECT_DIR}/webapp/var"
 echo "[ok] Webserver config installed"; echo
 
 if [[ ! -d /chroot/domjudge ]]
 then
   echo "[..] Setting up chroot"
-  bin/dj_make_chroot
+  sudo bin/dj_make_chroot
   echo "[ok] Done setting up chroot"; echo
 fi
 
 echo "[..] Setting up cgroups"
 if [[ -f bin/create_cgroups ]]
 then
-  bin/create_cgroups
+  sudo bin/create_cgroups
 else
-  judge/create_cgroups
+  sudo judge/create_cgroups
 fi
 echo "[ok] cgroups set up"; echo
 
 echo "[..] Adding sudoers configuration"
-cp etc/sudoers-domjudge /etc/sudoers.d/
+sudo cp etc/sudoers-domjudge /etc/sudoers.d/
 echo "[ok] Sudoers configuration added"; echo
 
-exec supervisord -n -c /etc/supervisor/supervisord.conf
+sudo sed -i "s|/domjudge|${PROJECT_DIR}|" /etc/supervisor/conf.d/judgedaemon.conf
+sudo sed -i "s|/domjudge|${PROJECT_DIR}|" /etc/supervisor/conf.d/judgedaemonextra.conf
+
+exec sudo supervisord -n -c /etc/supervisor/supervisord.conf