Skip to content

Commit 6e12c36

Browse files
sivukhinsivukhin
authored
use gosu instead of native docker USER in the entrypoint (#1590)
1 parent 376a89d commit 6e12c36

File tree

4 files changed

+105
-17
lines changed

4 files changed

+105
-17
lines changed

Dockerfile

Lines changed: 38 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ FROM rust:slim-bullseye AS chef
33
RUN apt update \
44
&& apt install -y libclang-dev clang \
55
build-essential tcl protobuf-compiler file \
6-
libssl-dev pkg-config git tcl cmake \
6+
libssl-dev pkg-config git cmake \
77
&& apt clean \
88
&& rm -rf /var/lib/apt/lists/*
99

@@ -36,6 +36,38 @@ RUN if [ "$ENABLE_FEATURES" == "" ]; then \
3636
else \
3737
cargo build -p libsql-server --features "$ENABLE_FEATURES" --release ; \
3838
fi
39+
40+
# official gosu install instruction (https://github.com/tianon/gosu/blob/master/INSTALL.md)
41+
FROM debian:bullseye-slim as gosu
42+
ENV GOSU_VERSION 1.17
43+
RUN set -eux; \
44+
# save list of currently installed packages for later so we can clean up
45+
savedAptMark="$(apt-mark showmanual)"; \
46+
apt-get update; \
47+
apt-get install -y --no-install-recommends ca-certificates gnupg wget; \
48+
rm -rf /var/lib/apt/lists/*; \
49+
\
50+
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
51+
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
52+
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
53+
\
54+
# verify the signature
55+
export GNUPGHOME="$(mktemp -d)"; \
56+
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
57+
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
58+
gpgconf --kill all; \
59+
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
60+
\
61+
# clean up fetch dependencies
62+
apt-mark auto '.*' > /dev/null; \
63+
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
64+
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
65+
\
66+
chmod +x /usr/local/bin/gosu; \
67+
# verify that the binary works
68+
gosu --version; \
69+
gosu nobody true
70+
3971
# runtime
4072
FROM debian:bullseye-slim
4173
RUN apt update
@@ -49,9 +81,13 @@ WORKDIR /var/lib/sqld
4981
USER sqld
5082

5183
COPY docker-entrypoint.sh /usr/local/bin
84+
COPY docker-wrapper.sh /usr/local/bin
5285

86+
COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu
5387
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
5488
COPY --from=builder /target/release/sqld /bin/sqld
5589

56-
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
90+
USER root
91+
92+
ENTRYPOINT ["/usr/local/bin/docker-wrapper.sh"]
5793
CMD ["/bin/sqld"]

Dockerfile.dev

Lines changed: 47 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,11 @@
11
# build sqld
22
FROM rust:slim-bullseye as builder
3-
RUN apt update
4-
5-
RUN apt install -y libclang-dev clang \
3+
RUN apt update \
4+
&& apt install -y libclang-dev clang \
65
build-essential tcl protobuf-compiler file \
7-
libssl-dev pkg-config
8-
9-
RUN apt clean
10-
RUN update-ca-certificates
6+
libssl-dev pkg-config git cmake \
7+
&& apt clean \
8+
&& rm -rf /var/lib/apt/lists/*
119

1210
WORKDIR /sqld
1311
COPY . .
@@ -18,22 +16,57 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
1816
cp target/release/sqld /sqld/bin
1917

2018

19+
# official gosu install instruction (https://github.com/tianon/gosu/blob/master/INSTALL.md)
20+
FROM debian:bullseye-slim as gosu
21+
ENV GOSU_VERSION 1.17
22+
RUN set -eux; \
23+
# save list of currently installed packages for later so we can clean up
24+
savedAptMark="$(apt-mark showmanual)"; \
25+
apt-get update; \
26+
apt-get install -y --no-install-recommends ca-certificates gnupg wget; \
27+
rm -rf /var/lib/apt/lists/*; \
28+
\
29+
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
30+
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
31+
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
32+
\
33+
# verify the signature
34+
export GNUPGHOME="$(mktemp -d)"; \
35+
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
36+
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
37+
gpgconf --kill all; \
38+
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
39+
\
40+
# clean up fetch dependencies
41+
apt-mark auto '.*' > /dev/null; \
42+
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
43+
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
44+
\
45+
chmod +x /usr/local/bin/gosu; \
46+
# verify that the binary works
47+
gosu --version; \
48+
gosu nobody true
49+
2150
# runtime
2251
FROM debian:bullseye-slim
2352
RUN apt update
2453

25-
COPY --from=builder /sqld/bin /bin/sqld
26-
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
27-
COPY docker-entrypoint.sh /usr/local/bin
28-
54+
EXPOSE 5001 8080
2955
VOLUME [ "/var/lib/sqld" ]
3056

3157
RUN groupadd --system --gid 666 sqld
3258
RUN adduser --system --home /var/lib/sqld --uid 666 --gid 666 sqld
33-
USER sqld
3459
WORKDIR /var/lib/sqld
60+
USER sqld
3561

36-
EXPOSE 5001 8080
62+
COPY docker-entrypoint.sh /usr/local/bin
63+
COPY docker-wrapper.sh /usr/local/bin
64+
65+
COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu
66+
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
67+
COPY --from=builder /sqld/bin /bin/sqld
68+
69+
USER root
3770

38-
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
71+
ENTRYPOINT ["/usr/local/bin/docker-wrapper.sh"]
3972
CMD ["/bin/sqld"]

docker-wrapper.sh

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
#!/bin/bash
2+
3+
set -Eeuo pipefail
4+
5+
SQLD_DB_PATH="${SQLD_DB_PATH:-iku.db}"
6+
mkdir -p $SQLD_DB_PATH
7+
chown -R sqld:sqld $SQLD_DB_PATH
8+
exec gosu sqld docker-entrypoint.sh "$@"

docs/DOCKER.md

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,9 +44,20 @@ mount on your local disk.
4444
4545
```
4646
docker run --name some-sqld -ti \
47-
-v ./.data/libsql \
47+
-v $(pwd)/sqld-data:/var/lib/sqld \ # you can mount local path
4848
-e SQLD_NODE=primary \
4949
ghcr.io/tursodatabase/libsql-server:latest
50+
51+
docker run --name some-sqld -ti \
52+
-v sqld-data:/var/lib/sqld \ # or create named volume
53+
-e SQLD_NODE=primary \
54+
ghcr.io/tursodatabase/libsql-server:latest
55+
56+
docker run --name some-sqld -ti \
57+
-v sqld-data:/data/sqld \ # to mount data in different directory set SQLD_DB_PATH env var
58+
-e SQLD_NODE=primary \
59+
-e SQLD_DB_PATH=/data/sqld \
60+
ghcr.io/tursodatabase/libsql-server:latest
5061
```
5162
5263
## Environment variables

0 commit comments

Comments
 (0)