mirror of
https://gitee.com/wanwujie/sub2api
synced 2026-04-02 22:42:14 +08:00
aa5846b282
Docker named volumes and host bind-mounts may be owned by root, causing "open data/model_pricing.sha256: permission denied" when the container runs as the non-root sub2api user. Add an entrypoint script that fixes /app/data ownership before dropping to sub2api via su-exec. Replace USER directive with the entrypoint approach across all three Dockerfiles and update both GoReleaser configs to include the script in Docker build contexts.
23 lines
674 B
Bash
23 lines
674 B
Bash
#!/bin/sh
|
|
set -e
|
|
|
|
# Fix data directory permissions when running as root.
|
|
# Docker named volumes / host bind-mounts may be owned by root,
|
|
# preventing the non-root sub2api user from writing files.
|
|
if [ "$(id -u)" = "0" ]; then
|
|
mkdir -p /app/data
|
|
chown -R sub2api:sub2api /app/data
|
|
# Re-invoke this script as sub2api so the flag-detection below
|
|
# also runs under the correct user.
|
|
exec su-exec sub2api "$0" "$@"
|
|
fi
|
|
|
|
# Compatibility: if the first arg looks like a flag (e.g. --help),
|
|
# prepend the default binary so it behaves the same as the old
|
|
# ENTRYPOINT ["/app/sub2api"] style.
|
|
if [ "${1#-}" != "$1" ]; then
|
|
set -- /app/sub2api "$@"
|
|
fi
|
|
|
|
exec "$@"
|