From eb94d04c79334a459faba233253f2eed546394e6 Mon Sep 17 00:00:00 2001
From: FL42 <46161216+fl42@users.noreply.github.com>
Date: Sun, 22 Nov 2020 14:16:06 +0100
Subject: [PATCH] fix: run api as signal-api user, fix permissions on startup

---
 Dockerfile    |  6 +++++-
 entrypoint.sh | 10 ++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100755 entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index 31b777f..e6ebcfb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,8 +41,12 @@ RUN cd /tmp/signal-cli-rest-api-src && swag init && go build
 # Start a fresh container for release container
 FROM adoptopenjdk:11-jre-hotspot
 
+RUN groupadd -g 1000 signal-api \
+	&& useradd -M -d /home -s /bin/bash -u 1000 -g 1000 signal-api
+
 COPY --from=buildcontainer /tmp/signal-cli-rest-api-src/signal-cli-rest-api /usr/bin/signal-cli-rest-api
 COPY --from=buildcontainer /tmp/signal-cli /opt/signal-cli
+COPY entrypoint.sh /entrypoint.sh
 
 RUN ln -s /opt/signal-cli/bin/signal-cli /usr/bin/signal-cli
 RUN mkdir -p /signal-cli-config/
@@ -50,4 +54,4 @@ RUN mkdir -p /home/.local/share/signal-cli
 
 EXPOSE 8080
 
-ENTRYPOINT ["signal-cli-rest-api"]
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..cc6b4da
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -x
+set -e
+
+# Fix permissions to ensure backward compatibility
+chown 1000:1000 -R /home/.local/share/signal-cli
+
+# Start API
+exec su -s /bin/sh -c "exec signal-cli-rest-api" signal-api