Mirrored_Repos/docker-atlassian-confluence-server
1
0
Fork 0
mirror of https://bitbucket.org/atlassian-docker/docker-atlassian-confluence-server.git synced 2024-08-30 18:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Switch to safer bootstrap method & skip locked down files

Browse Source
This commit is contained in:
Dave Chevell 2019-09-06 10:34:36 +10:00
parent 4067f473d1
commit 0ab1700523
No known key found for this signature in database
GPG Key ID: 279DF1B52C7C44DC
4 changed files with 10 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Dockerfile
View File

@ -40,9 +40,6 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
&& chown ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
&& chown ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/seraph-config.xml \
&& chown ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/confluence-init.properties \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \
\
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh

3
Dockerfile-alpine
View File

@ -39,9 +39,6 @@ RUN addgroup -g ${RUN_GID} ${RUN_GROUP} \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
&& chown ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
&& chown ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/seraph-config.xml \
&& chown ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/confluence-init.properties \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \
\
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh

18
entrypoint.py
View File

@ -48,17 +48,17 @@ env = {k.lower(): v
######################################################################
# Generate all configuration files for Confluence
gen_cfg('server.xml.j2',
f"{env['confluence_install_dir']}/conf/server.xml", env,
user=env['run_user'], group=env['run_group'])
if os.getuid() == 0:
gen_cfg('server.xml.j2',
f"{env['confluence_install_dir']}/conf/server.xml", env)
gen_cfg('seraph-config.xml.j2',
f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/seraph-config.xml", env,
user=env['run_user'], group=env['run_group'])
gen_cfg('seraph-config.xml.j2',
f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/seraph-config.xml", env)
gen_cfg('confluence-init.properties.j2',
f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/confluence-init.properties", env,
user=env['run_user'], group=env['run_group'])
gen_cfg('confluence-init.properties.j2',
f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/confluence-init.properties", env)
else:
logging.warning("Container not started as root. Tomcat, seraph-config.xml, confluence-init.properties boostrapping will be skipped.")
gen_cfg('confluence.cfg.xml.j2',
f"{env['confluence_home']}/confluence.cfg.xml", env,

4
tests/test_image.py
View File

@ -67,9 +67,7 @@ def test_install_permissions(docker_cli, image):
assert container.file(f'{CONF_INSTALL}').user == 'root'
for d in ['logs', 'work', 'temp', 'conf/server.xml',
'confluence/WEB-INF/classes/seraph-config.xml',
'confluence/WEB-INF/classes/confluence-init.properties']:
for d in ['logs', 'work', 'temp']:
path = f'{CONF_INSTALL}/{d}'
assert container.file(path).user == 'confluence'