From e1a8d44e32a9874d5a3e6eae973f117893056f1d Mon Sep 17 00:00:00 2001 From: Rui Marinho Date: Sun, 9 May 2021 21:01:09 +0100 Subject: [PATCH] Add support for custom uid gid --- 0.11/Dockerfile | 6 +++++- 0.11/alpine/Dockerfile | 4 +++- 0.11/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.11/docker-entrypoint.sh | 17 +++++++++++++++-- 0.12/Dockerfile | 6 +++++- 0.12/alpine/Dockerfile | 7 ++++++- 0.12/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.12/docker-entrypoint.sh | 17 +++++++++++++++-- 0.13/Dockerfile | 6 +++++- 0.13/alpine/Dockerfile | 7 ++++++- 0.13/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.13/docker-entrypoint.sh | 17 +++++++++++++++-- 0.16/Dockerfile | 6 +++++- 0.16/alpine/Dockerfile | 7 ++++++- 0.16/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.16/docker-entrypoint.sh | 17 +++++++++++++++-- 0.17/Dockerfile | 6 +++++- 0.17/alpine/Dockerfile | 7 ++++++- 0.17/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.17/docker-entrypoint.sh | 17 +++++++++++++++-- 0.18/Dockerfile | 6 +++++- 0.18/alpine/Dockerfile | 7 ++++++- 0.18/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.18/docker-entrypoint.sh | 17 +++++++++++++++-- 0.19/Dockerfile | 6 +++++- 0.19/alpine/Dockerfile | 8 ++++++-- 0.19/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.19/docker-entrypoint.sh | 17 +++++++++++++++-- 0.20/Dockerfile | 6 +++++- 0.20/alpine/Dockerfile | 8 ++++++-- 0.20/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.20/docker-entrypoint.sh | 17 +++++++++++++++-- 0.21/Dockerfile | 5 ++++- 0.21/alpine/Dockerfile | 8 ++++++-- 0.21/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 0.21/docker-entrypoint.sh | 17 +++++++++++++++-- 22/Dockerfile | 6 +++++- 22/alpine/Dockerfile | 8 ++++++-- 22/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 22/docker-entrypoint.sh | 17 +++++++++++++++-- 23/Dockerfile | 6 +++++- 23/alpine/Dockerfile | 8 +++++++- 23/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 23/docker-entrypoint.sh | 17 +++++++++++++++-- 24/Dockerfile | 6 +++++- 24/alpine/Dockerfile | 9 +++++++-- 24/alpine/docker-entrypoint.sh | 15 ++++++++++++++- 24/docker-entrypoint.sh | 17 +++++++++++++++-- README.md | 16 +++++++++++++++- 49 files changed, 493 insertions(+), 66 deletions(-) diff --git a/0.11/Dockerfile b/0.11/Dockerfile index 04c8db6..724d502 100644 --- a/0.11/Dockerfile +++ b/0.11/Dockerfile @@ -1,10 +1,14 @@ FROM debian:stable-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.11/alpine/Dockerfile b/0.11/alpine/Dockerfile index 94544bc..eec9dbf 100644 --- a/0.11/alpine/Dockerfile +++ b/0.11/alpine/Dockerfile @@ -99,7 +99,8 @@ LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost \ @@ -107,6 +108,7 @@ RUN apk --no-cache add \ libevent \ openssl \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.11/alpine/docker-entrypoint.sh b/0.11/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.11/alpine/docker-entrypoint.sh +++ b/0.11/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.11/docker-entrypoint.sh b/0.11/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.11/docker-entrypoint.sh +++ b/0.11/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.12/Dockerfile b/0.12/Dockerfile index 8672d92..2a4dfaa 100644 --- a/0.12/Dockerfile +++ b/0.12/Dockerfile @@ -1,10 +1,14 @@ FROM debian:stable-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.12/alpine/Dockerfile b/0.12/alpine/Dockerfile index 8e4d583..8f4b1a2 100644 --- a/0.12/alpine/Dockerfile +++ b/0.12/alpine/Dockerfile @@ -91,11 +91,15 @@ RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 # Build stage for compiled artifacts FROM alpine:3.9 +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost \ @@ -103,6 +107,7 @@ RUN apk --no-cache add \ libevent \ libressl \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.12/alpine/docker-entrypoint.sh b/0.12/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.12/alpine/docker-entrypoint.sh +++ b/0.12/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.12/docker-entrypoint.sh b/0.12/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.12/docker-entrypoint.sh +++ b/0.12/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.13/Dockerfile b/0.13/Dockerfile index bc7428a..1796d89 100644 --- a/0.13/Dockerfile +++ b/0.13/Dockerfile @@ -1,10 +1,14 @@ FROM debian:stable-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.13/alpine/Dockerfile b/0.13/alpine/Dockerfile index 9781270..224aef7 100644 --- a/0.13/alpine/Dockerfile +++ b/0.13/alpine/Dockerfile @@ -91,11 +91,15 @@ RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 # Build stage for compiled artifacts FROM alpine:3.9 +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost \ @@ -103,6 +107,7 @@ RUN apk --no-cache add \ libevent \ libressl \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.13/alpine/docker-entrypoint.sh b/0.13/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.13/alpine/docker-entrypoint.sh +++ b/0.13/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.13/docker-entrypoint.sh b/0.13/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.13/docker-entrypoint.sh +++ b/0.13/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.16/Dockerfile b/0.16/Dockerfile index 47029a2..9bed7cd 100644 --- a/0.16/Dockerfile +++ b/0.16/Dockerfile @@ -1,10 +1,14 @@ FROM debian:stable-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.16/alpine/Dockerfile b/0.16/alpine/Dockerfile index c411991..49f3f8a 100644 --- a/0.16/alpine/Dockerfile +++ b/0.16/alpine/Dockerfile @@ -89,11 +89,15 @@ RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 # Build stage for compiled artifacts FROM alpine:3.9 +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost \ @@ -101,6 +105,7 @@ RUN apk --no-cache add \ libevent \ libressl \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.16/alpine/docker-entrypoint.sh b/0.16/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.16/alpine/docker-entrypoint.sh +++ b/0.16/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.16/docker-entrypoint.sh b/0.16/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.16/docker-entrypoint.sh +++ b/0.16/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.17/Dockerfile b/0.17/Dockerfile index 9562bde..9cc5980 100644 --- a/0.17/Dockerfile +++ b/0.17/Dockerfile @@ -1,10 +1,14 @@ FROM debian:stable-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.17/alpine/Dockerfile b/0.17/alpine/Dockerfile index e98f5c6..c252e76 100644 --- a/0.17/alpine/Dockerfile +++ b/0.17/alpine/Dockerfile @@ -89,11 +89,15 @@ RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 # Build stage for compiled artifacts FROM alpine:3.9 +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost \ @@ -101,6 +105,7 @@ RUN apk --no-cache add \ libevent \ libressl \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.17/alpine/docker-entrypoint.sh b/0.17/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.17/alpine/docker-entrypoint.sh +++ b/0.17/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.17/docker-entrypoint.sh b/0.17/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.17/docker-entrypoint.sh +++ b/0.17/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.18/Dockerfile b/0.18/Dockerfile index 9cc23f7..3b15ffc 100644 --- a/0.18/Dockerfile +++ b/0.18/Dockerfile @@ -1,10 +1,14 @@ FROM debian:stable-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.18/alpine/Dockerfile b/0.18/alpine/Dockerfile index 779e224..b80670b 100644 --- a/0.18/alpine/Dockerfile +++ b/0.18/alpine/Dockerfile @@ -89,11 +89,15 @@ RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 # Build stage for compiled artifacts FROM alpine:3.9 +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost \ @@ -101,6 +105,7 @@ RUN apk --no-cache add \ libevent \ libressl \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.18/alpine/docker-entrypoint.sh b/0.18/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.18/alpine/docker-entrypoint.sh +++ b/0.18/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.18/docker-entrypoint.sh b/0.18/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.18/docker-entrypoint.sh +++ b/0.18/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.19/Dockerfile b/0.19/Dockerfile index 47360b9..e98b7bd 100644 --- a/0.19/Dockerfile +++ b/0.19/Dockerfile @@ -1,10 +1,14 @@ FROM debian:bullseye-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.19/alpine/Dockerfile b/0.19/alpine/Dockerfile index bd1d83b..42ac1c1 100644 --- a/0.19/alpine/Dockerfile +++ b/0.19/alpine/Dockerfile @@ -85,14 +85,17 @@ RUN strip ${BITCOIN_PREFIX}/bin/bitcoind RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.a RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 -# Build stage for compiled artifacts FROM alpine +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost-chrono \ @@ -102,6 +105,7 @@ RUN apk --no-cache add \ libevent \ libressl \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.19/alpine/docker-entrypoint.sh b/0.19/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.19/alpine/docker-entrypoint.sh +++ b/0.19/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.19/docker-entrypoint.sh b/0.19/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.19/docker-entrypoint.sh +++ b/0.19/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.20/Dockerfile b/0.20/Dockerfile index 724cda1..a29ac60 100644 --- a/0.20/Dockerfile +++ b/0.20/Dockerfile @@ -1,10 +1,14 @@ FROM debian:bullseye-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.20/alpine/Dockerfile b/0.20/alpine/Dockerfile index b205009..f616ea9 100644 --- a/0.20/alpine/Dockerfile +++ b/0.20/alpine/Dockerfile @@ -84,14 +84,17 @@ RUN strip ${BITCOIN_PREFIX}/bin/bitcoind RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.a RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 -# Build stage for compiled artifacts FROM alpine +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost-filesystem \ @@ -99,6 +102,7 @@ RUN apk --no-cache add \ boost-thread \ libevent \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.20/alpine/docker-entrypoint.sh b/0.20/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.20/alpine/docker-entrypoint.sh +++ b/0.20/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.20/docker-entrypoint.sh b/0.20/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.20/docker-entrypoint.sh +++ b/0.20/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.21/Dockerfile b/0.21/Dockerfile index 8e2dd68..e67b1f4 100644 --- a/0.21/Dockerfile +++ b/0.21/Dockerfile @@ -1,10 +1,13 @@ FROM debian:bullseye-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN useradd --system --user-group bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/0.21/alpine/Dockerfile b/0.21/alpine/Dockerfile index 36e975d..db2f03d 100644 --- a/0.21/alpine/Dockerfile +++ b/0.21/alpine/Dockerfile @@ -86,14 +86,17 @@ RUN strip ${BITCOIN_PREFIX}/bin/bitcoind RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.a RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 -# Build stage for compiled artifacts FROM alpine +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup -S bitcoin +RUN adduser -G bitcoin -H -S bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost-filesystem \ @@ -102,6 +105,7 @@ RUN apk --no-cache add \ sqlite-dev \ libevent \ libzmq \ + shadow \ su-exec ENV BITCOIN_DATA=/home/bitcoin/.bitcoin diff --git a/0.21/alpine/docker-entrypoint.sh b/0.21/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/0.21/alpine/docker-entrypoint.sh +++ b/0.21/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/0.21/docker-entrypoint.sh b/0.21/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/0.21/docker-entrypoint.sh +++ b/0.21/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/22/Dockerfile b/22/Dockerfile index 4039d01..8011257 100644 --- a/22/Dockerfile +++ b/22/Dockerfile @@ -1,10 +1,14 @@ FROM debian:bullseye-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/22/alpine/Dockerfile b/22/alpine/Dockerfile index 8b9a9b4..8d03c78 100644 --- a/22/alpine/Dockerfile +++ b/22/alpine/Dockerfile @@ -99,14 +99,17 @@ RUN strip ${BITCOIN_PREFIX}/bin/bitcoind RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.a RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 -# Build stage for compiled artifacts FROM alpine +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup bitcoin --gid ${GID} --system +RUN adduser --uid ${UID} --system bitcoin --ingroup bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost-filesystem \ @@ -114,6 +117,7 @@ RUN apk --no-cache add \ boost-thread \ libevent \ libzmq \ + shadow \ sqlite-dev \ su-exec diff --git a/22/alpine/docker-entrypoint.sh b/22/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/22/alpine/docker-entrypoint.sh +++ b/22/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/22/docker-entrypoint.sh b/22/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/22/docker-entrypoint.sh +++ b/22/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/23/Dockerfile b/23/Dockerfile index 7b34478..9e35687 100644 --- a/23/Dockerfile +++ b/23/Dockerfile @@ -1,10 +1,14 @@ FROM debian:bullseye-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/23/alpine/Dockerfile b/23/alpine/Dockerfile index 7179ae2..edae01e 100644 --- a/23/alpine/Dockerfile +++ b/23/alpine/Dockerfile @@ -1,6 +1,8 @@ # Build stage for BerkeleyDB FROM alpine as berkeleydb +ARG TARGETPLATFORM + RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add autoconf RUN apk --no-cache add automake @@ -106,11 +108,15 @@ RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 # Build stage for compiled artifacts FROM alpine +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup bitcoin --gid ${GID} --system +RUN adduser --uid ${UID} --system bitcoin --ingroup bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost-filesystem \ diff --git a/23/alpine/docker-entrypoint.sh b/23/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/23/alpine/docker-entrypoint.sh +++ b/23/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/23/docker-entrypoint.sh b/23/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/23/docker-entrypoint.sh +++ b/23/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/24/Dockerfile b/24/Dockerfile index 7751609..6d62d76 100644 --- a/24/Dockerfile +++ b/24/Dockerfile @@ -1,10 +1,14 @@ FROM debian:bullseye-slim +ARG UID=101 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN useradd -r bitcoin \ +RUN groupadd --gid ${GID} bitcoin \ + && useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ && apt-get update -y \ && apt-get install -y curl gnupg gosu \ && apt-get clean \ diff --git a/24/alpine/Dockerfile b/24/alpine/Dockerfile index 1d47dd1..5b3a396 100644 --- a/24/alpine/Dockerfile +++ b/24/alpine/Dockerfile @@ -17,7 +17,7 @@ RUN mkdir -p ${BERKELEYDB_PREFIX} WORKDIR /${BERKELEYDB_VERSION}/build_unix -RUN ../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX} +RUN ../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX} --build=aarch64-unknown-linux-gnu RUN make -j4 RUN make install RUN rm -rf ${BERKELEYDB_PREFIX}/docs @@ -99,11 +99,15 @@ RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 # Build stage for compiled artifacts FROM alpine +ARG UID=100 +ARG GID=101 + LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ maintainer.1="Pedro Branco (@pedrobranco)" \ maintainer.2="Rui Marinho (@ruimarinho)" -RUN adduser -S bitcoin +RUN addgroup bitcoin --gid ${GID} --system +RUN adduser --uid ${UID} --system bitcoin --ingroup bitcoin RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories RUN apk --no-cache add \ boost-filesystem \ @@ -111,6 +115,7 @@ RUN apk --no-cache add \ boost-thread \ libevent \ libzmq \ + shadow \ sqlite-dev \ su-exec diff --git a/24/alpine/docker-entrypoint.sh b/24/alpine/docker-entrypoint.sh index 4918739..d35d9ce 100755 --- a/24/alpine/docker-entrypoint.sh +++ b/24/alpine/docker-entrypoint.sh @@ -1,6 +1,16 @@ #!/bin/sh set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/24/docker-entrypoint.sh b/24/docker-entrypoint.sh index 6080aaf..8149987 100755 --- a/24/docker-entrypoint.sh +++ b/24/docker-entrypoint.sh @@ -1,6 +1,16 @@ -#!/bin/sh +#!/bin/bash set -e +if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then + usermod -u "$UID" bitcoin +fi + +if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then + groupmod -g "$GID" bitcoin +fi + +echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" + if [ $(echo "$1" | cut -c1) = "-" ]; then echo "$0: assuming arguments for bitcoind" @@ -10,7 +20,10 @@ fi if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then mkdir -p "$BITCOIN_DATA" chmod 700 "$BITCOIN_DATA" - chown -R bitcoin "$BITCOIN_DATA" + # Fix permissions for home dir. + chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" + # Fix permissions for bitcoin data dir. + chown -R bitcoin:bitcoin "$BITCOIN_DATA" echo "$0: setting data directory to $BITCOIN_DATA" diff --git a/README.md b/README.md index 99a57f7..4af78b0 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,7 @@ This image contains the main binaries from the Bitcoin Core project - `bitcoind` _Note: [learn more](#using-rpcauth-for-remote-authentication) about how `-rpcauth` works for remote authentication._ -By default, `bitcoind` will run as user `bitcoin` for security reasons and with its default data dir (`~/.bitcoin`). If you'd like to customize where `bitcoin-core` stores its data, you must use the `BITCOIN_DATA` environment variable. The directory will be automatically created with the correct permissions for the `bitcoin` user and `bitcoin-core` automatically configured to use it. +By default, `bitcoind` will run as user `bitcoin` in the group `bitcoin` for security reasons and with its default data dir set to `~/.bitcoin`. If you'd like to customize where `bitcoin-core` stores its data, you must use the `BITCOIN_DATA` environment variable. The directory will be automatically created with the correct permissions for the `bitcoin` user and `bitcoind` automatically configured to use it. ```sh ❯ docker run --env BITCOIN_DATA=/var/lib/bitcoin-core --rm -it ruimarinho/bitcoin-core \ @@ -97,6 +97,20 @@ bitcoin-core: -regtest=1 ``` +### Using a custom user id (UID) and group id (GID) + +By default, images are created with a `bitcoin` user/group using a static UID/GID (`101:101` on Debian and `100:101` on Alpine). You may customize the user and group ids using the build arguments `UID` (`--build-arg UID=`) and `GID` (`--build-arg GID=`). + +If you'd like to use the pre-built images, uou can also customize the UID/GID on runtime via environment variables `$UID` and `$GID`: + +```sh +❯ docker run -e UID=10000 -e GID=10000 -it --rm ruimarinho/bitcoin-core \ + -printtoconsole \ + -regtest=1 +``` + +This will recursively change the ownership of the `bitcoin` home directory and `$BITCOIN_DATA` to UID/GID `10000:10000`. + ### Using RPC to interact with the daemon There are two communications methods to interact with a running Bitcoin Core daemon.