dockerCopyBuildContext rsync'd the install template into the container dir with -a, which preserves owner/group — so the deployed WebUI tree (frontend/ included) inherited the repo clone's owner (the human user, uid ~1000) on every install. The trailing chown used the $docker_install_user global, which is stale/empty in this context, so it silently no-op'd and uid 1000 survived (visible as frontend/ owned by 1000 with the template's mtime). Add --no-owner --no-group so the copy doesn't carry source ownership, and chown via the config-authoritative dockerContainerOwner (rooted -> manager, rootless -> docker install user) through runSystem. The deployed tree now lands owned by the mode's container owner. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
67 lines
2.7 KiB
Bash
67 lines
2.7 KiB
Bash
#!/bin/bash
|
|
|
|
# Apps with `build: .` in their docker compose need their Dockerfile +
|
|
# source tree to live in the deployed container dir (where compose runs
|
|
# from), not just in the install template dir. dockerComposeSetupFile
|
|
# only copies the compose itself; this helper covers the rest.
|
|
#
|
|
# Auto-detect: if a Dockerfile exists in the install dir for the app,
|
|
# we copy every file/folder from install→deployed except docker-compose
|
|
# variants (already handled) and the .config (per-app config has its
|
|
# own copy lifecycle in dockerConfigSetupToContainer).
|
|
#
|
|
# Idempotent: re-running mirrors the latest install template. Safe to
|
|
# call on every install action.
|
|
dockerCopyBuildContext()
|
|
{
|
|
local app_name="$1"
|
|
local source_dir="$install_containers_dir$app_name"
|
|
local target_dir="$containers_dir$app_name"
|
|
|
|
if [[ -z "$app_name" ]]; then
|
|
isError "dockerCopyBuildContext: app_name is empty."
|
|
return 1
|
|
fi
|
|
if [[ ! -f "$source_dir/Dockerfile" ]]; then
|
|
# Nothing to do — app uses a pre-built image.
|
|
return 0
|
|
fi
|
|
if [[ ! -d "$target_dir" ]]; then
|
|
isError "dockerCopyBuildContext: target $target_dir doesn't exist."
|
|
return 1
|
|
fi
|
|
|
|
isNotice "Copying build context (Dockerfile + source)"
|
|
|
|
# Use rsync if available so re-installs only diff what changed; fall
|
|
# back to cp -R for systems without rsync. Either way we exclude the
|
|
# files that have their own copy lifecycle.
|
|
# --no-owner --no-group: don't carry the install template's ownership (the
|
|
# repo clone is owned by the human user, uid ~1000) onto the deployed
|
|
# container dir — the chown below sets the correct owner. Without this the
|
|
# rsync re-stamps the WebUI tree as uid 1000 every install.
|
|
if command -v rsync >/dev/null 2>&1; then
|
|
sudo rsync -a --no-owner --no-group \
|
|
--exclude="docker-compose.yml" \
|
|
--exclude="docker-compose.${app_name}.yml" \
|
|
--exclude="${app_name}.config" \
|
|
--exclude="${app_name}.tools.json" \
|
|
--exclude="${app_name}.svg" \
|
|
--exclude="data" \
|
|
"$source_dir/" "$target_dir/"
|
|
else
|
|
# Best-effort fallback. Copies everything then nukes the
|
|
# excluded items in the target.
|
|
sudo cp -R "$source_dir/." "$target_dir/"
|
|
sudo rm -f "$target_dir/${app_name}.config" "$target_dir/${app_name}.tools.json"
|
|
fi
|
|
|
|
# Own the deployed tree as the mode's container owner (config-authoritative,
|
|
# never the stale/empty $docker_install_user global that let uid 1000 slip
|
|
# through before).
|
|
local owner
|
|
owner="$(dockerContainerOwner)"
|
|
runSystem chown -R "$owner:$owner" "$target_dir"
|
|
isSuccessful "Build context copied for $app_name."
|
|
}
|