diff --git a/hosting/couchdb/Dockerfile b/hosting/couchdb/Dockerfile index b4dbdd36dc..6dbf2be08b 100644 --- a/hosting/couchdb/Dockerfile +++ b/hosting/couchdb/Dockerfile @@ -1,5 +1,10 @@ # Modified from https://github.com/apache/couchdb-docker/blob/main/3.2.1/Dockerfile -FROM node:20-slim +# +# Everything in this `base` image is adapted from the official `couchdb` image's +# Dockerfile. Only modifications related to upgrading from Debian bullseye to +# bookworm have been included. The `runner` image contains Budibase's +# customisations to the image, e.g. adding Clouseau. +FROM node:20-slim AS base # Add CouchDB user account to make sure the IDs are assigned consistently RUN groupadd -g 5984 -r couchdb && useradd -u 5984 -d /opt/couchdb -g couchdb couchdb @@ -15,13 +20,12 @@ RUN set -ex; \ ; \ rm -rf /var/lib/apt/lists/* -# grab gosu for easy step-down from root and tini for signal handling and zombie reaping +# grab tini for signal handling and zombie reaping # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 RUN set -eux; \ apt-get update; \ - apt-get install -y --no-install-recommends gosu tini; \ + apt-get install -y --no-install-recommends tini; \ rm -rf /var/lib/apt/lists/*; \ - gosu nobody true; \ tini --version # http://docs.couchdb.org/en/latest/install/unix.html#installing-the-apache-couchdb-packages @@ -89,7 +93,9 @@ VOLUME /opt/couchdb/data # 4369: Erlang portmap daemon (epmd) # 9100: CouchDB cluster communication port EXPOSE 5984 4369 9100 -# CMD ["/opt/couchdb/bin/couchdb"] +CMD ["/opt/couchdb/bin/couchdb"] + +FROM base as runner ENV COUCHDB_USER admin ENV COUCHDB_PASSWORD admin diff --git a/hosting/couchdb/docker-entrypoint.sh b/hosting/couchdb/docker-entrypoint.sh index 8d6456d577..bd709b7b73 100755 --- a/hosting/couchdb/docker-entrypoint.sh +++ b/hosting/couchdb/docker-entrypoint.sh @@ -114,8 +114,9 @@ EOWARN fi if [ "$(id -u)" = '0' ]; then - exec gosu couchdb "$@" + export HOME=$(echo ~couchdb) + exec setpriv --reuid=couchdb --regid=couchdb --clear-groups "$@" fi fi -exec "$@" +exec "$@" \ No newline at end of file diff --git a/hosting/single/Dockerfile b/hosting/single/Dockerfile index f89967cb0b..a928766541 100644 --- a/hosting/single/Dockerfile +++ b/hosting/single/Dockerfile @@ -38,7 +38,7 @@ COPY packages/worker/pm2.config.js packages/worker/pm2.config.js COPY packages/string-templates packages/string-templates -FROM budibase/couchdb as runner +FROM budicouch as runner ARG TARGETARCH ENV TARGETARCH $TARGETARCH #TARGETBUILD can be set to single (for single docker image) or aas (for azure app service)