From bdf4a01b3b9ee605372b6023f45f2cf34519e345 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 19:00:03 +0100 Subject: [PATCH] Create OS user for tomcat directly instead of individual apps using it --- apk/vmmgr | 2 +- build/usr/lib/python3.6/lxcbuild/imagebuilder.py | 3 +-- .../mifosx/lxc/etc/services.d/.s6-svscan/finish | 2 +- .../lxc/etc/services.d/{mifosx => tomcat}/run | 2 +- lxc-apps/mifosx/lxcfile | 8 +++----- lxc-apps/motech/lxcfile | 6 ++---- lxc-apps/opendatakit/opendatakit.lxcfile | 6 ++---- lxc-apps/sigmah/lxcfile | 6 ++---- lxc-shared/alpine3.9-tomcat7/lxcfile | 12 +++++++++--- lxc-shared/alpine3.9-tomcat8.5/lxcfile | 14 ++++++++++---- 10 files changed, 32 insertions(+), 29 deletions(-) rename lxc-apps/mifosx/lxc/etc/services.d/{mifosx => tomcat}/run (76%) diff --git a/apk/vmmgr b/apk/vmmgr index 7c25d22..2d3890f 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 7c25d22d4146033cfb1e0775d06912b5c8f77e73 +Subproject commit 2d3890fd51bdaedb09c3d3742e7a58545f370244 diff --git a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py index 8d5300b..eba6b29 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -5,7 +5,6 @@ import shutil import subprocess import sys -from enum import Enum from lxcmgr import lxcmgr from lxcmgr.paths import LXC_STORAGE_DIR from lxcmgr.pkgmgr import PkgMgr @@ -16,7 +15,7 @@ class ImageExistsError(Exception): class ImageNotFoundError(Exception): pass -class BuildType(Enum): +class BuildType: NORMAL = 1 FORCE = 2 SCRATCH = 3 diff --git a/lxc-apps/mifosx/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/mifosx/lxc/etc/services.d/.s6-svscan/finish index a78e381..8f35248 100755 --- a/lxc-apps/mifosx/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/mifosx/lxc/etc/services.d/.s6-svscan/finish @@ -1,3 +1,3 @@ #!/bin/execlineb -P -foreground { s6-svwait -d -t 3000 mifosx } +foreground { s6-svwait -d -t 3000 tomcat } diff --git a/lxc-apps/mifosx/lxc/etc/services.d/mifosx/run b/lxc-apps/mifosx/lxc/etc/services.d/tomcat/run similarity index 76% rename from lxc-apps/mifosx/lxc/etc/services.d/mifosx/run rename to lxc-apps/mifosx/lxc/etc/services.d/tomcat/run index 62728af..35cee30 100755 --- a/lxc-apps/mifosx/lxc/etc/services.d/mifosx/run +++ b/lxc-apps/mifosx/lxc/etc/services.d/tomcat/run @@ -2,5 +2,5 @@ cd /srv/tomcat fdmove -c 2 1 -s6-setuidgid mifosx +s6-setuidgid tomcat catalina.sh run diff --git a/lxc-apps/mifosx/lxcfile b/lxc-apps/mifosx/lxcfile index ed41b0d..4923bbb 100644 --- a/lxc-apps/mifosx/lxcfile +++ b/lxc-apps/mifosx/lxcfile @@ -16,11 +16,6 @@ RUN EOF # Download Java library dependencies wget http://central.maven.org/maven2/org/drizzle/jdbc/drizzle-jdbc/1.4/drizzle-jdbc-1.4.jar -O /srv/tomcat/lib/drizzle-jdbc-1.4.jar - # Create OS user - addgroup -S -g 8080 mifosx - adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g mifosx -G mifosx mifosx - chown -R mifosx:mifosx /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work - # Cleanup apk --no-cache del wget rm -rf /tmp/fineractplatform-18.03.01.RELEASE /tmp/mifosx.zip @@ -35,6 +30,9 @@ RUN EOF cd /srv/tomcat/webapps/ROOT/scripts/ patch -p0