fix: run api as signal-api user, fix permissions on startup

2025-12-20 16:14:29 +01:00 · 2020-11-22 14:16:06 +01:00
parent 418b93459f
commit eb94d04c79
2 changed files with 15 additions and 1 deletions
--- a/6
+++ b/6
@@ -41,8 +41,12 @@ RUN cd /tmp/signal-cli-rest-api-src && swag init && go build
 # Start a fresh container for release container
 FROM adoptopenjdk:11-jre-hotspot

+RUN groupadd -g 1000 signal-api \
+	&& useradd -M -d /home -s /bin/bash -u 1000 -g 1000 signal-api
+
 COPY --from=buildcontainer /tmp/signal-cli-rest-api-src/signal-cli-rest-api /usr/bin/signal-cli-rest-api
 COPY --from=buildcontainer /tmp/signal-cli /opt/signal-cli
+COPY entrypoint.sh /entrypoint.sh

 RUN ln -s /opt/signal-cli/bin/signal-cli /usr/bin/signal-cli
 RUN mkdir -p /signal-cli-config/
@@ -50,4 +54,4 @@ RUN mkdir -p /home/.local/share/signal-cli

 EXPOSE 8080

-ENTRYPOINT ["signal-cli-rest-api"]
+ENTRYPOINT ["/entrypoint.sh"]
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -x
+set -e
+
+# Fix permissions to ensure backward compatibility
+chown 1000:1000 -R /home/.local/share/signal-cli
+
+# Start API
+exec su -s /bin/sh -c "exec signal-cli-rest-api" signal-api