mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-11 17:11:16 -05:00
Fix incorrect CurrentUser check for docker rootless (#24435)
Many users report that 1.19 has a regression bug: the rootless image can't start if the UID is not 1000. https://github.com/go-gitea/gitea/issues/23632#issuecomment-1524589213 https://discourse.gitea.io/t/gitea-doesnt-start-after-update-to-1-19/6920/9 The problem is that the IsRunUserMatchCurrentUser logic is fragile, the "SSH" config is not ready when it executes. This PR is just a quick fix for 1.19. For 1.20, we need a clear and stable solution.
This commit is contained in:
parent
7d7ba76c08
commit
d9d3f5234e
1 changed files with 14 additions and 8 deletions
|
@ -282,6 +282,9 @@ func loadCommonSettingsFrom(cfg ConfigProvider) {
|
||||||
loadLogFrom(cfg)
|
loadLogFrom(cfg)
|
||||||
loadServerFrom(cfg)
|
loadServerFrom(cfg)
|
||||||
loadSSHFrom(cfg)
|
loadSSHFrom(cfg)
|
||||||
|
|
||||||
|
mustCurrentRunUserMatch(cfg) // it depends on the SSH config, only non-builtin SSH server requires this check
|
||||||
|
|
||||||
loadOAuth2From(cfg)
|
loadOAuth2From(cfg)
|
||||||
loadSecurityFrom(cfg)
|
loadSecurityFrom(cfg)
|
||||||
loadAttachmentFrom(cfg)
|
loadAttachmentFrom(cfg)
|
||||||
|
@ -314,14 +317,6 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
|
||||||
RunMode = rootSec.Key("RUN_MODE").MustString("prod")
|
RunMode = rootSec.Key("RUN_MODE").MustString("prod")
|
||||||
}
|
}
|
||||||
IsProd = strings.EqualFold(RunMode, "prod")
|
IsProd = strings.EqualFold(RunMode, "prod")
|
||||||
// Does not check run user when the install lock is off.
|
|
||||||
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
|
|
||||||
if installLock {
|
|
||||||
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
|
|
||||||
if !match {
|
|
||||||
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if we run as root
|
// check if we run as root
|
||||||
if os.Getuid() == 0 {
|
if os.Getuid() == 0 {
|
||||||
|
@ -333,6 +328,17 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func mustCurrentRunUserMatch(rootCfg ConfigProvider) {
|
||||||
|
// Does not check run user when the "InstallLock" is off.
|
||||||
|
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
|
||||||
|
if installLock {
|
||||||
|
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
|
||||||
|
if !match {
|
||||||
|
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// CreateOrAppendToCustomConf creates or updates the custom config.
|
// CreateOrAppendToCustomConf creates or updates the custom config.
|
||||||
// Use the callback to set individual values.
|
// Use the callback to set individual values.
|
||||||
func CreateOrAppendToCustomConf(purpose string, callback func(cfg *ini.File)) {
|
func CreateOrAppendToCustomConf(purpose string, callback func(cfg *ini.File)) {
|
||||||
|
|
Loading…
Reference in a new issue