From 9a8aeef478f6b81cbe6d489fdc1efa2fc9f43a6b Mon Sep 17 00:00:00 2001 From: Jean-Philippe Roemer Date: Wed, 4 Nov 2015 19:19:39 +0000 Subject: [PATCH 1/3] Add syslog & fix `/data/git` rights & SOCAT_LINK env var - Resolve #1893 - Add syslogd to output sshd log on stdout (via `docker logs`) - Enforce directory rights on `/data/git`, `/data/gogs` & `/data/ssh` - Add `SOCAT_LINK` environment variable to prevent the creation of scout links when they are not needed (see #1815) --- docker/s6/gogs/setup | 1 + docker/s6/openssh/setup | 3 ++- docker/s6/syslogd/run | 7 +++++++ docker/start.sh | 41 +++++++++++++++++++++++------------------ 4 files changed, 33 insertions(+), 19 deletions(-) create mode 100755 docker/s6/syslogd/run diff --git a/docker/s6/gogs/setup b/docker/s6/gogs/setup index e64a36d6e..40bd82b28 100755 --- a/docker/s6/gogs/setup +++ b/docker/s6/gogs/setup @@ -20,3 +20,4 @@ ln -sf /data/gogs/data ./data ln -sf /data/git /home/git chown -R git:git /data /app/gogs ~git/ +chmod 0755 /data /data/gogs ~git/ diff --git a/docker/s6/openssh/setup b/docker/s6/openssh/setup index f263516bc..6df5ef705 100755 --- a/docker/s6/openssh/setup +++ b/docker/s6/openssh/setup @@ -23,4 +23,5 @@ fi # Set correct right to ssh keys chown -R root:root /data/ssh/* -chmod 600 /data/ssh/* +chmod 0700 /data/ssh +chmod 0600 /data/ssh/* diff --git a/docker/s6/syslogd/run b/docker/s6/syslogd/run new file mode 100755 index 000000000..f7bdbe36d --- /dev/null +++ b/docker/s6/syslogd/run @@ -0,0 +1,7 @@ +#!/bin/sh + +if test -f ./setup; then + source ./setup +fi + +exec gosu root /sbin/syslogd -nS -O- diff --git a/docker/start.sh b/docker/start.sh index 42bdb3c54..bf679f22c 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -13,24 +13,29 @@ for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do done # Bind linked docker container to localhost socket using socat -USED_PORT="3000:22" -while read NAME ADDR PORT; do - if test -z "$NAME$ADDR$PORT"; then - continue - elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then - echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2 - else - SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT} - mkdir -p ${SERV_FOLDER} - CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}" - echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run - chmod +x ${SERV_FOLDER}/run - USED_PORT="${USED_PORT}:${PORT}" - echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2 - fi -done << EOT -$(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p') -EOT +LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]') +if [ "$LINK" != "false" -a "$LINK" != "0" ]; then + + USED_PORT="3000:22" + while read NAME ADDR PORT; do + if test -z "$NAME$ADDR$PORT"; then + continue + elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then + echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2 + else + SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT} + mkdir -p ${SERV_FOLDER} + CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}" + echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run + chmod +x ${SERV_FOLDER}/run + USED_PORT="${USED_PORT}:${PORT}" + echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2 + fi + done << EOT + $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p') + EOT + +fi # Exec CMD or S6 by default if nothing present if [ $# -gt 0 ];then From 7679aa1a21c8bb751c628cd027681f438c924ae5 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Roemer Date: Wed, 4 Nov 2015 19:34:26 +0000 Subject: [PATCH 2/3] Fix typo & cleanup start.sh code --- docker/start.sh | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/docker/start.sh b/docker/start.sh index bf679f22c..066fe91b7 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -1,21 +1,7 @@ #!/bin/sh -# Cleanup SOCAT services and s6 event folder -# On start and on shutdown in case container has been killed -rm -rf $(find /app/gogs/docker/s6/ -name 'event') -rm -rf /app/gogs/docker/s6/SOCAT_* - -# Create VOLUME subfolder -for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do - if ! test -d $f; then - mkdir -p $f - fi -done - -# Bind linked docker container to localhost socket using socat -LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]') -if [ "$LINK" != "false" -a "$LINK" != "0" ]; then - +create_socat_links() { + # Bind linked docker container to localhost socket using socat USED_PORT="3000:22" while read NAME ADDR PORT; do if test -z "$NAME$ADDR$PORT"; then @@ -33,8 +19,31 @@ if [ "$LINK" != "false" -a "$LINK" != "0" ]; then fi done << EOT $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p') - EOT +EOT +} +cleanup() { + # Cleanup SOCAT services and s6 event folder + # On start and on shutdown in case container has been killed + rm -rf $(find /app/gogs/docker/s6/ -name 'event') + rm -rf /app/gogs/docker/s6/SOCAT_* +} + +create_volume_subfolder() { + # Create VOLUME subfolder + for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do + if ! test -d $f; then + mkdir -p $f + fi + done +} + +cleanup +create_volume_subfolder + +LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]') +if [ "$LINK" != "false" -a "$LINK" != "0" ]; then + create_socat_links fi # Exec CMD or S6 by default if nothing present From 14a8a46bec8742c5d42ec65848dcf2c6823e6505 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Roemer Date: Wed, 4 Nov 2015 19:43:25 +0000 Subject: [PATCH 3/3] Add logging when socat link creation is deactivated --- docker/start.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docker/start.sh b/docker/start.sh index 066fe91b7..041beba5b 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -7,7 +7,7 @@ create_socat_links() { if test -z "$NAME$ADDR$PORT"; then continue elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then - echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2 + echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2 else SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT} mkdir -p ${SERV_FOLDER} @@ -15,7 +15,7 @@ create_socat_links() { echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run chmod +x ${SERV_FOLDER}/run USED_PORT="${USED_PORT}:${PORT}" - echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2 + echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2 fi done << EOT $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p') @@ -42,7 +42,9 @@ cleanup create_volume_subfolder LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]') -if [ "$LINK" != "false" -a "$LINK" != "0" ]; then +if [ "$LINK" = "false" -o "$LINK" = "0" ]; then + echo "init:socat | Will not try to create socat links as requested" 1>&2 +else create_socat_links fi