Fix cli-scripts directory permission issue on some platforms.

[WadeBarnes]

Signed-off-by: Wade Barnes wade.barnes@shaw.ca

[WadeBarnes]

@sklump, Would you mind testing this fix to see if it resolves your issue with;

./scripts/manage: line 83: ./cli-scripts/export-wallet.run: Permission denied

A quick test would be to run a ./manage build to rebuild the docker image and then the following;

./manage cli reset

./manage \
  indy-cli create-wallet \
  walletName=endorser_wallet \
  storageType=default \
  storageConfig='{}' \
  storageCredentials='{}' \
  walletSeed=endorser_00000000000000000000201

When prompted for a key just enter key. If the create-wallet script runs to completion successfully you should see the following;

load-plugin library=libindystrgpostgres.so initializer=postgresstorage_init
Plugin has been loaded: "libindystrgpostgres.so"

wallet create endorser_wallet key storage_type=default storage_config={} storage_credentials={}
Enter value for key:

Wallet "endorser_wallet" has been created

wallet open endorser_wallet key storage_credentials={}
Enter value for key:

Wallet "endorser_wallet" has been opened

did new seed=endorser_00000000000000000000201
Did "FmzL6BwFd8rvVytMKiPvxX" has been created with "~FfowF5Jtn8RMJuDhrjdBnQ" verkey

did list
+------------------------+-------------------------+----------+
| Did                    | Verkey                  | Metadata |
+------------------------+-------------------------+----------+
| FmzL6BwFd8rvVytMKiPvxX | ~FfowF5Jtn8RMJuDhrjdBnQ | -        |
+------------------------+-------------------------+----------+

wallet close
Wallet "endorser_wallet" has been closed

wallet detach endorser_wallet
Wallet "endorser_wallet" has been detached

exit

Goodbye...

[swcurran]

Tried it and got the same error - permission denied on line 83. I had manually built the image with --no-cache to make sure I was getting the latest, so I don't think that was an issue. BTW - the build subcommand should probably allow you to use other params, so that you can use --no-cache when it is helpful.

I had also tried the same steps on master and got the same error.

[sklump]

This doesn't fix it just yet.
When I write the output of id to a file in function indy-cli(), the output is:

uid=1001(indy) gid=1001(indy) groups=1001(indy),0(root)

I suspect it may be to do with permissions. But even broadening out the Dockerfile addendum to

RUN mkdir -p \
    $HOME/cli-scripts \
    chmod -R uga+rws $HOME/cli-scripts

does not fix it.

[WadeBarnes]

@sklump, Would you be able to check the permissions inside the running container for me?

Start an indy-cli session (which does not attempt to write a .run file):

$ ./manage indy-cli
indy>

Once the indy> prompt appears open a second terminal and find the running container.

$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
40725d9026eb        von-network-base    "./scripts/manage in…"   8 seconds ago       Up 7 seconds                            von_client_run_cb059adaa7e6

Open a bash shell in the container. The openShell.sh script here makes that easy; WadeBarnes/dev-tools

$ openShell.sh -c von_client_run_cb059adaa7e6

Opening a 'bash' shell to von_client_run_cb059adaa7e6 ...

List the directories and the permissions, specifically the cli-scripts folder:

indy@40725d9026eb:~$ ls -last
total 112
4 drwxrwxrwx 2 root root 4096 Jan  7 15:00 cli-scripts

Collect some user info:

indy@40725d9026eb:~$ whoami
indy

indy@40725d9026eb:~$ id
uid=1001(indy) gid=1001(indy) groups=1001(indy),0(root)

[sklump]

indy@649ed149f93e:~$ ls -last
total 116
...
4 drwxrwxr-x 2 1000 1000 4096 Jan  7 13:18 cli-scripts
...

indy@649ed149f93e:~$ whoami
indy

indy@649ed149f93e:~$ id
uid=1001(indy) gid=1001(indy) groups=1001(indy),0(root)

[WadeBarnes]

Thanks, @sklump. That confirms the permission issue, it's inheriting the permissions from the folder it's mounting.

Two more tests:

1. Run the same tests on a container started with openShell.sh -i von-network-base. This will start a container without mounting your local cli-scripts folder. I'd like to see the differences in the permissions.

2. In your working copy of von-network run ls -last, whoami, and id

[sklump]

openshell requires winpty, I just use the docker primitives to get shells, but output follows:

indy@8ac0acaa176c:~$ ls -last
...
4 drwsrwsrwx 1 indy indy 4096 Jan  7 13:18 cli-scripts
...

note indy (=uid 1001), not root as above

indy@8ac0acaa176c:~$ whoami
indy

indy@8ac0acaa176c:~$ id
uid=1001(indy) gid=1001(indy) groups=1001(indy),0(root)

[WadeBarnes]

Thanks. Thanks for the feedback on openshell, I'll fix that.

[WadeBarnes]

@sklump, what are the results of the second test in #85 (comment)

[WadeBarnes]

The most recent commit adds the shared volume label to the mount. @sklump, could you give this most recent change a try please.

[sklump]

Sadly, same results:
./scripts/manage: line 83: ./cli-scripts/create-wallet.run: Permission denied

[WadeBarnes]

What version of Docker are you running?

[sklump]

Docker version 19.03.5, build 633a0ea838