simplerisk-minimal: set simplerisk user to run the new command

Author: WolfangAukang

simplerisk-minimal/Dockerfile

@@ -18,8 +18,25 @@ WORKDIR /var/www
 
 SHELL [ "/bin/bash", "-o", "pipefail", "-c" ]
 
-# Install required packages, including MySQL client from Debian repos
-RUN apt-get update &&     apt-get install -y --no-install-recommends         libldap2-dev         libicu-dev         libcap2-bin         libcurl4-gnutls-dev         libpng-dev         libzip-dev         supervisor         cron         ca-certificates         rsyslog         logrotate         curl         default-mysql-client &&     apt-get -y autoremove &&     apt-get -y purge &&     rm -rf /var/lib/apt/lists/*
+#  Install required packages, including MySQL client from Debian repos
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        libldap2-dev \
+        libicu-dev \
+        libcap2-bin \
+        libcurl4-gnutls-dev \
+        libpng-dev \
+        libzip-dev \
+        supervisor \
+        cron \
+        ca-certificates \
+        rsyslog \
+        logrotate \
+        curl \
+        default-mysql-client && \
+    apt-get -y autoremove && \
+    apt-get -y purge && \
+    rm -rf /var/lib/apt/lists/*
 
 # Configure all PHP extensions
 RUN docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu && \
@@ -75,19 +92,18 @@ RUN echo 'upload_max_filesize = 5M' >> /usr/local/etc/php/conf.d/docker-php-uplo
 # Cleanup /var/www/, creating Simplerisk user on www-data group and setting up ownerships
 RUN rm -rf /var/www/html && \
 	useradd -G www-data simplerisk && \
-	chown -R simplerisk:www-data /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \
-	chmod -R 770 /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \
+	mkdir -p /var/log/simplerisk && \
+	mkdir -p /var/log/supervisor && \
+	mkdir -p /var/run/supervisor && \
+	chmod -R 700 /etc/apache2 /var/log/simplerisk /var/run/ /var/www/simplerisk  && \
 	chmod 755 /entrypoint.sh /etc/apache2/foreground.sh && \
-        mkdir -p /var/log/simplerisk && \
-        chown -R simplerisk:www-data /var/log/simplerisk && \
-        mkdir -p /var/log/supervisor && \
-        mkdir -p /var/run/supervisor
+	chown -R simplerisk:www-data /etc/apache2 /var/log/apache2 /var/log/simplerisk /var/log/supervisor /var/run/ /var/www/simplerisk
 
 # Data to save
 VOLUME [ "/var/log", "/etc/apache2/ssl", "/var/www/simplerisk" ]
 
 # Using simplerisk user from here
-#USER simplerisk
+USER simplerisk
 
 # Setting up entrypoint
 ENTRYPOINT [ "/entrypoint.sh" ]

simplerisk-minimal/common/entrypoint.sh

@@ -108,7 +108,7 @@ delete_db(){
 	print_log "db_deletion: prepare" "Performing database deletion"
 
 	# Needed to separate the GRANT statement from the rest because it was providing a syntax error
-	exec_cmd "mysql -u $DB_SETUP_USER -p$DB_SETUP_PASS -h$SIMPLERISK_DB_HOSTNAME -P$SIMPLERISK_DB_PORT <<EOSQL
+	exec_cmd "mysql --skip-ssl -u $DB_SETUP_USER -p$DB_SETUP_PASS -h$SIMPLERISK_DB_HOSTNAME -P$SIMPLERISK_DB_PORT <<EOSQL
 	SET sql_mode = 'ANSI_QUOTES';
 	DROP DATABASE \"${SIMPLERISK_DB_DATABASE}\";
 	USE mysql;
@@ -138,15 +138,15 @@ db_setup(){
 
 	print_log "initial_setup:info" "Applying changes to MySQL database... (MySQL error will be printed to console as guidance)"
 	# Using sql_mode = ANSI_QUOTES to avoid using backticks
-	exec_cmd "mysql -u $DB_SETUP_USER -p$DB_SETUP_PASS -h$SIMPLERISK_DB_HOSTNAME -P$SIMPLERISK_DB_PORT <<EOSQL
+	exec_cmd "mysql --skip-ssl -u $DB_SETUP_USER -p$DB_SETUP_PASS -h$SIMPLERISK_DB_HOSTNAME -P$SIMPLERISK_DB_PORT <<EOSQL
 	SET sql_mode = 'ANSI_QUOTES';
 	CREATE DATABASE \"${SIMPLERISK_DB_DATABASE}\";
 	USE \"${SIMPLERISK_DB_DATABASE}\";
 	\. ${SCHEMA_FILE}
 	CREATE USER \"${SIMPLERISK_DB_USERNAME}\"@\"%\" IDENTIFIED BY \"${SIMPLERISK_DB_PASSWORD}\";
 EOSQL" "Was not able to apply settings on database. Check error above. Exiting."
 	# Needed to separate the GRANT statement from the rest because it was providing a syntax error
-	exec_cmd "mysql -u $DB_SETUP_USER -p$DB_SETUP_PASS -h$SIMPLERISK_DB_HOSTNAME -P$SIMPLERISK_DB_PORT <<EOSQL
+	exec_cmd "mysql --skip-ssl -u $DB_SETUP_USER -p$DB_SETUP_PASS -h$SIMPLERISK_DB_HOSTNAME -P$SIMPLERISK_DB_PORT <<EOSQL
 	SET sql_mode = 'ANSI_QUOTES';
 	GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER ON \"${SIMPLERISK_DB_DATABASE}\".* TO \"${SIMPLERISK_DB_USERNAME}\"@\"%\";
 EOSQL" "Was not able to apply settings on database. Check error above. Exiting."

simplerisk-minimal/generate_dockerfile.sh

@@ -2,7 +2,6 @@
 
 set -euo pipefail
 
-readonly MYSQL_KEY_URL='https://repo.mysql.com/RPM-GPG-KEY-mysql-2023'
 SCRIPT_LOCATION="$(dirname "$(readlink -f "$0")")"
 readonly SCRIPT_LOCATION
 
@@ -41,7 +40,7 @@ WORKDIR /var/www
 
 SHELL [ "/bin/bash", "-o", "pipefail", "-c" ]
 
-# Install required packages, including MySQL client from Debian repos
+#  Install required packages, including MySQL client from Debian repos
 RUN apt-get update && \\
     apt-get install -y --no-install-recommends \\
         libldap2-dev \\
@@ -125,19 +124,18 @@ RUN echo 'upload_max_filesize = 5M' >> /usr/local/etc/php/conf.d/docker-php-uplo
 # Cleanup /var/www/, creating Simplerisk user on www-data group and setting up ownerships
 RUN rm -rf /var/www/html && \\
 	useradd -G www-data simplerisk && \\
-	chown -R simplerisk:www-data /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \\
-	chmod -R 770 /var/www/simplerisk /etc/apache2 /var/run/ /var/log/apache2 && \\
+	mkdir -p /var/log/simplerisk && \\
+	mkdir -p /var/log/supervisor && \\
+	mkdir -p /var/run/supervisor && \\
+	chmod -R 700 /etc/apache2 /var/log/simplerisk /var/run/ /var/www/simplerisk  && \\
 	chmod 755 /entrypoint.sh /etc/apache2/foreground.sh && \\
-        mkdir -p /var/log/simplerisk && \\
-        chown -R simplerisk:www-data /var/log/simplerisk && \\
-        mkdir -p /var/log/supervisor && \\
-        mkdir -p /var/run/supervisor
+	chown -R simplerisk:www-data /etc/apache2 /var/log/apache2 /var/log/simplerisk /var/log/supervisor /var/run/ /var/www/simplerisk
 
 # Data to save
 VOLUME [ "/var/log", "/etc/apache2/ssl", "/var/www/simplerisk" ]
 
 # Using simplerisk user from here
-#USER simplerisk
+USER simplerisk
 
 # Setting up entrypoint
 ENTRYPOINT [ "/entrypoint.sh" ]