Skip to content

Commit b96b1a6

Browse files
rouiljrouilj
committed
Use dumb-init in Dockerfile; chown tracker directory to proper uid
Use dumb-init so proceses started from Roundup get properly reaped if they exit after the Roundup server instance. Also chown the tracker mount directory to the specified uid/gid.
1 parent 83c7399 commit b96b1a6

File tree

2 files changed

+13
-5
lines changed

2 files changed

+13
-5
lines changed

CHANGES.txt

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,10 @@ Fixed:
8484
- fix crash due to invalid initialization/reset of configuration.py
8585
option_validators. Crashed roundup-admin on second command if an
8686
option_validator was added by a detector or extension. (John Rouillard)
87+
- Dockerfile uses dumb-init to properly wait for child/zombie
88+
processes. Defense against child process starting from detector
89+
and becoming a zombie when its roundup-server instance exits.
90+
(John Rouillard)
8791

8892
Features:
8993

scripts/Docker/Dockerfile

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,7 @@ SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
153153
RUN apk --no-cache upgrade; \
154154
apk --no-cache add \
155155
brotli-libs \
156+
dumb-init \
156157
gpgme \
157158
mariadb-connector-c \
158159
libpq \
@@ -183,8 +184,13 @@ COPY --from=build /usr/local/share /usr/local/share/
183184
COPY scripts/Docker/roundup_start .
184185
COPY scripts/Docker/roundup_healthcheck .
185186

187+
# Do not run roundup as root. This creates roundup user and group.
188+
ARG roundup_uid
189+
RUN adduser -D -h ${appdir} -u ${roundup_uid:-1000} roundup
190+
186191
# make roundup scripts execuable and mount a trackerdir on tracker location
187-
RUN chmod +x roundup_start roundup_healthcheck; mkdir tracker
192+
RUN chmod +x roundup_start roundup_healthcheck; \
193+
mkdir tracker; chown ${roundup_uid:-1000}:${roundup_uid:-1000} tracker
188194
VOLUME $appdir/tracker
189195

190196
# map port 8080 to your local port
@@ -193,15 +199,13 @@ EXPOSE 8080/tcp
193199
HEALTHCHECK --start-period=1m \
194200
CMD ./roundup_healthcheck
195201

196-
# do not run roundup as root. This creates roundup user and group.
197-
ARG roundup_uid
198-
RUN adduser -D -h ${appdir} -u ${roundup_uid:-1000} roundup
202+
# switch to using roundup user
199203
USER roundup
200204

201205
# run the server, disable output buffering so we can see logs.
202206
ENV PYTHONUNBUFFERED=1
203207
#ENTRYPOINT [ "roundup-server", "-n", "0.0.0.0" ]
204-
ENTRYPOINT [ "./roundup_start" ]
208+
ENTRYPOINT [ "/usr/bin/dumb-init", "./roundup_start" ]
205209

206210
# allow the invoker to override cmd with multiple trackers
207211
# in each subdirectory under $appdir/tracker. E.G.

0 commit comments

Comments
 (0)