|
@@ -1,15 +1,28 @@
|
|
|
#!/bin/bash
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
-### Bash Environment Setup
|
|
|
|
|
|
|
+# This Docker ENTRYPOINT script is called by `docker run archivebox ...` or `docker compose run archivebox ...`.
|
|
|
|
|
+# It takes a CMD as $* shell arguments and runs it following these setup steps:
|
|
|
|
|
+
|
|
|
|
|
+# - Set the archivebox user to use the correct PUID & PGID
|
|
|
|
|
+# 1. highest precedence is for valid PUID and PGID env vars passsed in explicitly
|
|
|
|
|
+# 2. fall back to DETECTED_PUID of files found within existing data dir
|
|
|
|
|
+# 3. fall back to DEFAULT_PUID if no data dir or its owned by root
|
|
|
|
|
+# - Create a new /data dir if necessary and set the correct ownership on it
|
|
|
|
|
+# - Create a new /browsers dir if necessary and set the correct ownership on it
|
|
|
|
|
+# - Check whether we're running inside QEMU emulation and show a warning if so.
|
|
|
|
|
+# - Drop down to archivebox user permisisons and execute passed CMD command.
|
|
|
|
|
+
|
|
|
|
|
+# Bash Environment Setup
|
|
|
# http://redsymbol.net/articles/unofficial-bash-strict-mode/
|
|
# http://redsymbol.net/articles/unofficial-bash-strict-mode/
|
|
|
# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
|
|
# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
|
|
|
# set -o xtrace
|
|
# set -o xtrace
|
|
|
|
|
+# set -o nounset
|
|
|
set -o errexit
|
|
set -o errexit
|
|
|
set -o errtrace
|
|
set -o errtrace
|
|
|
set -o pipefail
|
|
set -o pipefail
|
|
|
-IFS=$'\n'
|
|
|
|
|
|
|
+# IFS=$'\n'
|
|
|
|
|
|
|
|
-# Load global config (set by Dockerfile during image build time, not intended to be customized by users at runtime)
|
|
|
|
|
|
|
+# Load global invariants (set by Dockerfile during image build time, not intended to be customized by users at runtime)
|
|
|
export DATA_DIR="${DATA_DIR:-/data}"
|
|
export DATA_DIR="${DATA_DIR:-/data}"
|
|
|
export ARCHIVEBOX_USER="${ARCHIVEBOX_USER:-archivebox}"
|
|
export ARCHIVEBOX_USER="${ARCHIVEBOX_USER:-archivebox}"
|
|
|
|
|
|
|
@@ -19,10 +32,10 @@ export DEFAULT_PGID=911
|
|
|
|
|
|
|
|
# If user tires to set PUID and PGID to root values manually, catch and reject because root is not allowed
|
|
# If user tires to set PUID and PGID to root values manually, catch and reject because root is not allowed
|
|
|
if [[ "$PUID" == "0" ]] || [[ "$PGID" == "0" ]]; then
|
|
if [[ "$PUID" == "0" ]] || [[ "$PGID" == "0" ]]; then
|
|
|
- echo -e "\n[X] Error: Got PUID=$PUID and PGID=$PGID but ArchiveBox is not allowed to be run as root, please change or unset PUID & PGID and try again." >&2
|
|
|
|
|
- echo -e " Hint: some NFS/SMB/FUSE/etc. filesystems force-remap all permissions, leave PUID/PGID blank" >&2
|
|
|
|
|
- echo -e " or set PUID/PGID to the same value as the user/group they remap to (e.g. $DEFAULT_PUID:$DEFAULT_PGID)." >&2
|
|
|
|
|
- echo -e " https://linux.die.net/man/8/mount.cifs#:~:text=does%20not%20provide%20unix%20ownership" >&2
|
|
|
|
|
|
|
+ echo -e "\n[X] Error: Got PUID=$PUID and PGID=$PGID but ArchiveBox is not allowed to be run as root, please change or unset PUID & PGID and try again." > /dev/stderr
|
|
|
|
|
+ echo -e " Hint: some NFS/SMB/FUSE/etc. filesystems force-remap all permissions, leave PUID/PGID blank" > /dev/stderr
|
|
|
|
|
+ echo -e " or set PUID/PGID to the same value as the user/group they remap to (e.g. $DEFAULT_PUID:$DEFAULT_PGID)." > /dev/stderr
|
|
|
|
|
+ echo -e " https://linux.die.net/man/8/mount.cifs#:~:text=does%20not%20provide%20unix%20ownership" > /dev/stderr
|
|
|
exit 3
|
|
exit 3
|
|
|
fi
|
|
fi
|
|
|
|
|
|
|
@@ -34,9 +47,7 @@ export DETECTED_PGID="$(stat -c '%g' "$DATA_DIR/logs/errors.log" 2>/dev/null ||
|
|
|
[[ "$DETECTED_PUID" == "0" ]] && export DETECTED_PUID="$DEFAULT_PUID"
|
|
[[ "$DETECTED_PUID" == "0" ]] && export DETECTED_PUID="$DEFAULT_PUID"
|
|
|
[[ "$DETECTED_PGID" == "0" ]] && export DETECTED_PGID="$DEFAULT_PGID"
|
|
[[ "$DETECTED_PGID" == "0" ]] && export DETECTED_PGID="$DEFAULT_PGID"
|
|
|
|
|
|
|
|
-
|
|
|
|
|
-# Set the archivebox user to use the configured UID & GID
|
|
|
|
|
-# prefer PUID and PGID env vars passsed in explicitly, falls back to autodetected values or global defaults
|
|
|
|
|
|
|
+# Set archivebox user and group ids to desired PUID/PGID
|
|
|
usermod -o -u "${PUID:-$DETECTED_PUID}" "$ARCHIVEBOX_USER" > /dev/null 2>&1
|
|
usermod -o -u "${PUID:-$DETECTED_PUID}" "$ARCHIVEBOX_USER" > /dev/null 2>&1
|
|
|
groupmod -o -g "${PGID:-$DETECTED_PGID}" "$ARCHIVEBOX_USER" > /dev/null 2>&1
|
|
groupmod -o -g "${PGID:-$DETECTED_PGID}" "$ARCHIVEBOX_USER" > /dev/null 2>&1
|
|
|
|
|
|
|
@@ -54,10 +65,10 @@ if [[ -d "$DATA_DIR/archive" ]]; then
|
|
|
else
|
|
else
|
|
|
# the only time this fails is if the host filesystem doesn't allow us to write as root (e.g. some NFS mapall/maproot problems, connection issues, drive dissapeared, etc.)
|
|
# the only time this fails is if the host filesystem doesn't allow us to write as root (e.g. some NFS mapall/maproot problems, connection issues, drive dissapeared, etc.)
|
|
|
echo -e "\n[X] Error: archivebox user (PUID=$PUID) is not able to write to your ./data dir (currently owned by $(stat -c '%u' "$DATA_DIR"):$(stat -c '%g' "$DATA_DIR")." >&2
|
|
echo -e "\n[X] Error: archivebox user (PUID=$PUID) is not able to write to your ./data dir (currently owned by $(stat -c '%u' "$DATA_DIR"):$(stat -c '%g' "$DATA_DIR")." >&2
|
|
|
- echo -e " Change ./data to be owned by PUID=$PUID PGID=$PGID on the host and retry:" >&2
|
|
|
|
|
- echo -e " \$ chown -R $PUID:$PGID ./data\n" >&2
|
|
|
|
|
- echo -e " Configure the PUID & PGID environment variables to change the desired owner:" >&2
|
|
|
|
|
- echo -e " https://docs.linuxserver.io/general/understanding-puid-and-pgid\n" >&2
|
|
|
|
|
|
|
+ echo -e " Change ./data to be owned by PUID=$PUID PGID=$PGID on the host and retry:" > /dev/stderr
|
|
|
|
|
+ echo -e " \$ chown -R $PUID:$PGID ./data\n" > /dev/stderr
|
|
|
|
|
+ echo -e " Configure the PUID & PGID environment variables to change the desired owner:" > /dev/stderr
|
|
|
|
|
+ echo -e " https://docs.linuxserver.io/general/understanding-puid-and-pgid\n" > /dev/stderr
|
|
|
exit 3
|
|
exit 3
|
|
|
fi
|
|
fi
|
|
|
else
|
|
else
|
|
@@ -72,32 +83,33 @@ chown $PUID:$PGID "$DATA_DIR"/*
|
|
|
|
|
|
|
|
# also chown BROWSERS_DIR because otherwise 'archivebox setup' wont be able to install chrome at runtime
|
|
# also chown BROWSERS_DIR because otherwise 'archivebox setup' wont be able to install chrome at runtime
|
|
|
PLAYWRIGHT_BROWSERS_PATH="${PLAYWRIGHT_BROWSERS_PATH:-/browsers}"
|
|
PLAYWRIGHT_BROWSERS_PATH="${PLAYWRIGHT_BROWSERS_PATH:-/browsers}"
|
|
|
-mkdir -p "$PLAYWRIGHT_BROWSERS_PATH"
|
|
|
|
|
|
|
+mkdir -p "$PLAYWRIGHT_BROWSERS_PATH/permissions_test_safe_to_delete"
|
|
|
chown $PUID:$PGID "$PLAYWRIGHT_BROWSERS_PATH"
|
|
chown $PUID:$PGID "$PLAYWRIGHT_BROWSERS_PATH"
|
|
|
-touch "$PLAYWRIGHT_BROWSERS_PATH"/.permissions_test_safe_to_delete
|
|
|
|
|
-chown $PUID:$PGID "$PLAYWRIGHT_BROWSERS_PATH"/*.*
|
|
|
|
|
-rm -f "$PLAYWRIGHT_BROWSERS_PATH"/.permissions_test_safe_to_delete
|
|
|
|
|
|
|
+chown $PUID:$PGID "$PLAYWRIGHT_BROWSERS_PATH"/*
|
|
|
|
|
+rm -Rf "$PLAYWRIGHT_BROWSERS_PATH/permissions_test_safe_to_delete"
|
|
|
|
|
|
|
|
|
|
|
|
|
# (this check is written in blood, QEMU silently breaks things in ways that are not obvious)
|
|
# (this check is written in blood, QEMU silently breaks things in ways that are not obvious)
|
|
|
-export IN_QEMU="$(pmap 1 | grep qemu | wc -l | grep -E '^0$' >/dev/null && echo 'False' || echo 'True')"
|
|
|
|
|
-if [[ "$IN_QEMU" == 'True' ]]; then
|
|
|
|
|
- echo -e "\n[!] Warning: Running $(uname -m) emulated container in QEMU, some things will break!" >&2
|
|
|
|
|
- echo -e " chromium (screenshot, pdf, dom), singlefile, and any dependencies that rely on inotify will not run in QEMU." >&2
|
|
|
|
|
- echo -e " See here for more info: https://github.com/microsoft/playwright/issues/17395#issuecomment-1250830493\n" >&2
|
|
|
|
|
|
|
+export IN_QEMU="$(pmap 1 | grep qemu >/dev/null && echo 'True' || echo 'False')"
|
|
|
|
|
+if [[ "$IN_QEMU" == "True" ]]; then
|
|
|
|
|
+ echo -e "\n[!] Warning: Running $(uname -m) docker image using QEMU emulation, some things will break!" > /dev/stderr
|
|
|
|
|
+ echo -e " chromium (screenshot, pdf, dom), singlefile, and any dependencies that rely on inotify will not run in QEMU." > /dev/stderr
|
|
|
|
|
+ echo -e " See here for more info: https://github.com/microsoft/playwright/issues/17395#issuecomment-1250830493\n" > /dev/stderr
|
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
# Drop permissions to run commands as the archivebox user
|
|
# Drop permissions to run commands as the archivebox user
|
|
|
if [[ "$1" == /* || "$1" == "bash" || "$1" == "sh" || "$1" == "echo" || "$1" == "cat" || "$1" == "archivebox" ]]; then
|
|
if [[ "$1" == /* || "$1" == "bash" || "$1" == "sh" || "$1" == "echo" || "$1" == "cat" || "$1" == "archivebox" ]]; then
|
|
|
# handle "docker run archivebox /some/non-archivebox/command --with=some args" by passing args directly to bash -c
|
|
# handle "docker run archivebox /some/non-archivebox/command --with=some args" by passing args directly to bash -c
|
|
|
- # e.g. "docker run archivebox /venv/bin/archivebox-alt init"
|
|
|
|
|
|
|
+ # e.g. "docker run archivebox archivebox init:
|
|
|
|
|
+ # "docker run archivebox /venv/bin/archivebox-alt init"
|
|
|
# "docker run archivebox /bin/bash -c '...'"
|
|
# "docker run archivebox /bin/bash -c '...'"
|
|
|
- # "docker run archivebox echo test"
|
|
|
|
|
|
|
+ # "docker run archivebox cat /VERSION.txt"
|
|
|
exec gosu "$PUID" bash -c "$*"
|
|
exec gosu "$PUID" bash -c "$*"
|
|
|
else
|
|
else
|
|
|
# handle "docker run archivebox add some subcommand --with=args abc" by calling archivebox to run as args as CLI subcommand
|
|
# handle "docker run archivebox add some subcommand --with=args abc" by calling archivebox to run as args as CLI subcommand
|
|
|
- # e.g. "docker run archivebox add --depth=1 https://example.com"
|
|
|
|
|
|
|
+ # e.g. "docker run archivebox help"
|
|
|
|
|
+ # "docker run archivebox add --depth=1 https://example.com"
|
|
|
# "docker run archivebox manage createsupseruser"
|
|
# "docker run archivebox manage createsupseruser"
|
|
|
# "docker run archivebox server 0.0.0.0:8000"
|
|
# "docker run archivebox server 0.0.0.0:8000"
|
|
|
exec gosu "$PUID" bash -c "archivebox $*"
|
|
exec gosu "$PUID" bash -c "archivebox $*"
|
Nick Sweeting