From 755d0d475263fdb4a47698ab53b999c288493fc7 Mon Sep 17 00:00:00 2001 From: icedream Date: Sun, 1 Nov 2015 00:45:06 +0100 Subject: [PATCH] Migrating to base image nodejs:4.2. - Remove dbus, it's unnecessary and we can no longer run it in the background without the phusion-baseimage's init process. - Remove setuser calls since that script no longer exists without phusion-baseimage, instead do all as root (will make files read-only for the app user which is more secure anyways). --- Dockerfile | 9 +++++++-- setup.sh | 12 ++++-------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index e9dd9d7..ab0991c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,12 @@ -FROM phusion/passenger-nodejs:0.9.17 +FROM nodejs:4.2 ENV TS3CLIENT_VERSION 3.0.18.2 ENV TS3BOT_COMMIT 82c19a2196770c463d8c94fc9e5842dfe8697c8d +# Add "app" user +RUN mkdir -p /tmp/empty &&\ + useradd -d /home/app -l -g app -m /tmp/empty -u 9999 app + ADD setup.sh / RUN sh /setup.sh @@ -11,4 +15,5 @@ COPY etc/ /etc # Startup configuration WORKDIR /home/app -ENTRYPOINT [ "/sbin/my_init" ] +USER app +ENTRYPOINT [ "node", "/home/app" ] diff --git a/setup.sh b/setup.sh index 0aaee09..3f5119d 100644 --- a/setup.sh +++ b/setup.sh @@ -6,9 +6,6 @@ set -ex export INITRD=no export DEBIAN_FRONTEND=noninteractive -# Get rid of some preinstalled services we don't need -rm -r /etc/service/cron /etc/service/nginx /etc/service/nginx-log-forwarder - # Set up APT sources rm /etc/apt/sources.list.d/* @@ -18,7 +15,6 @@ apt-get install -y --no-install-recommends \ wget ca-certificates \ blackbox xvfb xdotool \ pulseaudio pulseaudio-utils \ - dbus \ cmake cmake-data \ python python-minimal python-pkg-resources \ vlc-nox '^libvlc[0-9]+$' libvlc-dev vlc-plugin-pulse @@ -30,21 +26,21 @@ dbus-uuidgen --ensure # Configure GUI user, we are going to use the pre-setup "app" user for this mkdir -p /config -/sbin/setuser app ln -sf /config ~app/.ts3bot +ln -sf /config ~app/.ts3bot # Install TeamSpeak3. # Original comment that used to be here: temporary non-interactive teamspeak3 install hack, remove before publishing!! # In fact, it would be nice if we had some lazy handling code for this that just requires the user to provide a "--agree-with-license" once. cd ~app -/sbin/setuser app wget http://dl.4players.de/ts/releases/${TS3CLIENT_VERSION}/TeamSpeak3-Client-linux_amd64-${TS3CLIENT_VERSION}.run -Ots3client.run +wget http://dl.4players.de/ts/releases/${TS3CLIENT_VERSION}/TeamSpeak3-Client-linux_amd64-${TS3CLIENT_VERSION}.run -Ots3client.run chmod +x ./ts3client.run sed -i 's/^MS_PrintLicense$/#MS_PrintLicense/g' ./ts3client.run -/sbin/setuser app ./ts3client.run --quiet --target ts3client +sudo -u app ./ts3client.run --quiet --target ts3client rm ./ts3client.run # Install TS3Bot wget https://github.com/icedream/ts3bot-control/archive/${TS3BOT_COMMIT}.tar.gz -O- |\ - /sbin/setuser app tar xzv + tar xzv mv ts3bot-control* ts3bot (cd ts3bot && \ npm_config_wcjs_runtime="node" npm_config_wcjs_runtime_version="$(nodejs --version | tr -d 'v')" \