Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add -u git to docs when using docker exec with root installation #29314

Merged
merged 1 commit into from
Apr 3, 2024

Conversation

scribblemaniac
Copy link
Contributor

@scribblemaniac scribblemaniac commented Feb 22, 2024

This fixes a minor issue in the documentation for SSH Container Passthrough for non-rootless installs. The non-rootless Dockerfile and docker-compose do not set USER/user instructions so docker exec will run as root by default. While running as root, gitea commands will refuse to execute, breaking these approaches. For containers built with the rootless instructions, docker exec will run as git by default so this is not necessary in that case.

This issue was already discussed in #19065, but it does not appear this part of the issue was ever added to the documentation.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 22, 2024
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 22, 2024
@6543
Copy link
Member

6543 commented Feb 22, 2024

isn't that only valid for the rootles containers?

@scribblemaniac
Copy link
Contributor Author

No. The docker exec command is run in the container as the same user that the build the container if no -u argument is provided. The rootless containers are built as git (not root) so they don't default to root, so they don't need this. The root containers are built as root (not git), so it docker exec defaults to root, so they need this.

With root image:

# id command output when starting the container
$ docker run --entrypoint id gitea/gitea:1.21.5
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
# id command output when execing into an existing container
$ docker exec gitea id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

With rootless image:

# id command output when starting the container
$ docker run --entrypoint id gitea/gitea:1.21.5-rootless
uid=1000(git) gid=1000(git) groups=1000(git)
# id command output when execing into an existing container
$ docker exec gitea_rootless id
uid=1000(git) gid=1000(git) groups=1000(git)

The only reason the gitea server even starts with the root configuration is because it is run with su-exec git here. But docker exec does not use the entrypoint script, so it won't do that automatically like it does for docker run.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Apr 3, 2024
@techknowlogick techknowlogick added backport/v1.20 This PR should be backported to Gitea 1.20 backport/v1.21 This PR should be backported to Gitea 1.21 backport/v1.22 This PR should be backported to Gitea 1.22 skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. labels Apr 3, 2024
@techknowlogick techknowlogick merged commit b28d3a4 into go-gitea:main Apr 3, 2024
25 of 26 checks passed
@GiteaBot GiteaBot added this to the 1.23.0 milestone Apr 3, 2024
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Apr 3, 2024
…gitea#29314)

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in go-gitea#19065, but it does not appear this
part of the issue was ever added to the documentation.
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Apr 3, 2024
…gitea#29314)

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in go-gitea#19065, but it does not appear this
part of the issue was ever added to the documentation.
techknowlogick pushed a commit that referenced this pull request Apr 3, 2024
) (#30258)

Backport #29314 by @scribblemaniac

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in #19065, but it does not appear this
part of the issue was ever added to the documentation.

Co-authored-by: scribblemaniac <[email protected]>
techknowlogick pushed a commit that referenced this pull request Apr 3, 2024
) (#30259)

Backport #29314 by @scribblemaniac

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in #19065, but it does not appear this
part of the issue was ever added to the documentation.

Co-authored-by: scribblemaniac <[email protected]>
zjjhot added a commit to zjjhot/gitea that referenced this pull request Apr 3, 2024
* giteaofficial/main:
  Refactor "dump" sub-command (go-gitea#30240)
  Add -u git to docs when using docker exec with root installation (go-gitea#29314)
  Show 12 lines in markup code preview (go-gitea#30255)
  Fixes go-gitea#27605: inline math blocks can't be preceeded/followed by alphanumerical characters (go-gitea#30175)
  Render embedded code preview by permlink in markdown (go-gitea#30234)
  Fix missing 0 prefix of GPG key id (go-gitea#30245)
  Fix spacing in issue navbar (go-gitea#30238)
  Add unique index for project_issue to prevent duplicate data (go-gitea#30190)
  [skip ci] Updated translations via Crowdin
  Refactor commit signature parser (go-gitea#30228)
  Refactor dropzone (go-gitea#30232)
  Remove scheduled action tasks if the repo is archived (go-gitea#30224)
  Refactor file view & render (go-gitea#30227)
  Refactor DeleteInactiveUsers, fix bug and add tests (go-gitea#30206)
  [skip ci] Updated licenses and gitignores
  Add `/options/license` and `/options/gitignore` to `.ignore` (go-gitea#30219)
@GiteaBot
Copy link
Contributor

GiteaBot commented Apr 3, 2024

I was unable to create a backport for 1.22. @scribblemaniac, please send one manually. 🍵

go run ./contrib/backport 29314
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added the backport/manual No power to the bots! Create your backport yourself! label Apr 3, 2024
lunny pushed a commit that referenced this pull request Apr 3, 2024
) (#30264)

Backport #29314 by @scribblemaniac

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in #19065, but it does not appear this
part of the issue was ever added to the documentation.

Co-authored-by: scribblemaniac <[email protected]>
@scribblemaniac
Copy link
Contributor Author

I was unable to create a backport for 1.22. @scribblemaniac, please send one manually. 🍵

I'm assuming this is a bug with the bot. It appears to have been backported to 1.22 just fine in #30259.

@lunny lunny added the backport/done All backports for this PR have been created label Apr 5, 2024
@techknowlogick
Copy link
Member

@scribblemaniac yup, all is well, nothing more needed for you to do. Thanks for the PR :)

AvengerMoJo pushed a commit to AvengerMoJo/gitea that referenced this pull request Apr 8, 2024
…gitea#29314)

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in go-gitea#19065, but it does not appear this
part of the issue was ever added to the documentation.
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Jul 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created backport/manual No power to the bots! Create your backport yourself! backport/v1.20 This PR should be backported to Gitea 1.20 backport/v1.21 This PR should be backported to Gitea 1.21 backport/v1.22 This PR should be backported to Gitea 1.22 lgtm/need 1 This PR needs approval from one additional maintainer to be merged. modifies/docs size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants