cyphernode proxy is now able to write files to user owned directories using su-exec

2026-02-04 04:04:18 +01:00 · 2018-10-10 00:50:55 +02:00
parent 2108930fb9
commit 78beb9d5cc
3 changed files with 23 additions and 7 deletions
--- a/install/generator-cyphernode/generators/app/templates/installer/docker/docker-compose.yaml
+++ b/install/generator-cyphernode/generators/app/templates/installer/docker/docker-compose.yaml
@@ -7,26 +7,27 @@ services:
      - "TRACING=1"
      - "WATCHER_BTC_NODE_RPC_URL=<%= (bitcoin_mode === 'internal')?'bitcoin':bitcoin_node_ip %>:<%= (net === 'mainnet')?'8332':'18332' %>/wallet/watching01.dat"
      - "WATCHER_BTC_NODE_RPC_USER=<%= bitcoin_rpcuser %>:<%= bitcoin_rpcpassword %>"
-      - "WATCHER_BTC_NODE_RPC_CFG=/proxyuser/watcher_btcnode_curlcfg.properties"
+      - "WATCHER_BTC_NODE_RPC_CFG=/tmp/watcher_btcnode_curlcfg.properties"
      - "SPENDER_BTC_NODE_RPC_URL=<%= (bitcoin_mode === 'internal')?'bitcoin':bitcoin_node_ip %>:<%= (net === 'mainnet')?'8332':'18332' %>/wallet/spending01.dat"
      - "SPENDER_BTC_NODE_RPC_USER=<%= bitcoin_rpcuser %>:<%= bitcoin_rpcpassword %>"
-      - "SPENDER_BTC_NODE_RPC_CFG=/proxyuser/sender_btcnode_curlcfg.properties"
+      - "SPENDER_BTC_NODE_RPC_CFG=/tmp/sender_btcnode_curlcfg.properties"
      - "PROXY_LISTENING_PORT=8888"
-      - "DB_PATH=/proxyuser/db"
-      - "DB_FILE=/proxyuser/db/proxydb"
+      - "DB_PATH=/app/db"
+      - "DB_FILE=/app/db/proxydb"
      - "PYCOIN_CONTAINER=pycoin:7777"
      - "OTS_CONTAINER=otsclient:6666"
      - "DERIVATION_PUB32=<%= xpub %>"
      - "DERIVATION_PATH=<%= derivation_path %>"
      - "WATCHER_BTC_NODE_PRUNED=<%= bitcoin_prune?'true':'false' %>"
    image: cyphernode/proxy
+    command: "$USER /app/startproxy.sh"
 <% if ( devmode ) { %>
    ports:
      - "8888:8888"
 <% } %>
    volumes:
-      - "<%= proxy_datapath %>:/proxyuser/db"
-      - "<%= lightning_datapath %>:/proxyuser/.lightning"
+      - "<%= proxy_datapath %>:/app/db"
+      - "<%= lightning_datapath %>:/app/.lightning"
 #    deploy:
 #      placement:
 #        constraints: [node.hostname==dev]
--- a/proxy_docker/Dockerfile
+++ b/proxy_docker/Dockerfile
@@ -1,3 +1,18 @@
+FROM alpine as builder
+
+RUN set -x\
+ && apk add --no-cache\
+  gcc\
+  make\
+  git\
+  musl-dev
+
+RUN git clone https://github.com/ncopa/su-exec.git /su-exec
+
+WORKDIR /su-exec
+RUN make
+RUN strip su-exec
+
 FROM alpine

 ENV HOME /proxy
--- a/proxy_docker/app/script/startproxy.sh
+++ b/proxy_docker/app/script/startproxy.sh
@@ -31,7 +31,7 @@ createCurlConfig() {
 }

 if [ ! -e ${DB_FILE} ]; then
-	echo "DB not found, creating..." 1>&2
+	echo "DB not found, creating..."
 	cat watching.sql | sqlite3 $DB_FILE
 fi