From ce6107f6d70eacc23ebb2b360552fedb66236d6d Mon Sep 17 00:00:00 2001
From: Bernhard B <schluchti@gmail.com>
Date: Fri, 25 Dec 2020 12:52:52 +0100
Subject: [PATCH 1/2] Revert "Revert "Merge commit 'refs/pull/41/head' of
 https://github.com/bbernhard/signal-cli-rest-api""

This reverts commit 5ef870fa0ce5a753b920fce96a93f5c846bb7be0.
---
 Dockerfile    | 11 +++++++----
 entrypoint.sh | 16 ++++++++++++++++
 2 files changed, 23 insertions(+), 4 deletions(-)
 create mode 100755 entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index 345001b..2c3c989 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,11 +43,14 @@ FROM adoptopenjdk:11-jdk-hotspot-bionic
 
 COPY --from=buildcontainer /tmp/signal-cli-rest-api-src/signal-cli-rest-api /usr/bin/signal-cli-rest-api
 COPY --from=buildcontainer /tmp/signal-cli /opt/signal-cli
+COPY entrypoint.sh /entrypoint.sh
 
-RUN ln -s /opt/signal-cli/bin/signal-cli /usr/bin/signal-cli
-RUN mkdir -p /signal-cli-config/
-RUN mkdir -p /home/.local/share/signal-cli
+RUN groupadd -g 1000 signal-api \
+	&& useradd -M -d /home -s /bin/bash -u 1000 -g 1000 signal-api \
+	&& ln -s /opt/signal-cli/bin/signal-cli /usr/bin/signal-cli \
+	&& mkdir -p /signal-cli-config/ \
+	&& mkdir -p /home/.local/share/signal-cli
 
 EXPOSE 8080
 
-ENTRYPOINT ["signal-cli-rest-api"]
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..1439eb8
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -x
+set -e
+
+# Fix permissions to ensure backward compatibility
+chown 1000:1000 -R /home/.local/share/signal-cli
+
+# Show warning on docker exec
+cat <<EOF >> /root/.bashrc
+echo "WARNING: signal-cli-rest-api runs as signal-api (not as root!)" 
+echo "Run 'su signal-api' before using signal-cli!"
+EOF
+
+# Start API as signal-api user
+exec setpriv --reuid=1000 --regid=1000 --init-groups --inh-caps=-all signal-cli-rest-api $@

From dc3d15eadc1e238021ef05224671534da982e9a4 Mon Sep 17 00:00:00 2001
From: Bernhard B <schluchti@gmail.com>
Date: Fri, 25 Dec 2020 12:58:32 +0100
Subject: [PATCH 2/2] add missing setpriv to Dockerfile

---
 Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 2c3c989..26eefd8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,6 +41,10 @@ RUN cd /tmp/signal-cli-rest-api-src && swag init && go build
 # Start a fresh container for release container
 FROM adoptopenjdk:11-jdk-hotspot-bionic
 
+RUN apt-get update \
+	&& apt-get install -y --no-install-recommends setpriv \
+	&& rm -rf /var/lib/apt/lists/* 
+
 COPY --from=buildcontainer /tmp/signal-cli-rest-api-src/signal-cli-rest-api /usr/bin/signal-cli-rest-api
 COPY --from=buildcontainer /tmp/signal-cli /opt/signal-cli
 COPY entrypoint.sh /entrypoint.sh