Permalink
Browse files

Docker: Run fotomat as non-root user. Add -version flag to server and…

… git pre-commit hook to update it.
  • Loading branch information...
aaron42net committed Mar 5, 2016
1 parent bca9e55 commit 50a0c83599c152c3667ff5492d37188b228ed0c0
Showing with 55 additions and 1 deletion.
  1. +2 −1 .gitignore
  2. +7 −0 Dockerfile
  3. +4 −0 cmd/fotomat/main.go
  4. +21 −0 cmd/fotomat/version.go
  5. +21 −0 git-hooks/pre-commit
View
@@ -20,5 +20,6 @@ _cgo_export.*
_testmain.go
*.exe
fotomat
/fotomat
/cmd/fotomat/fotomat
*~
View
@@ -40,6 +40,10 @@ RUN \
GOPATH=/app /usr/local/go/bin/go test -v github.com/die-net/fotomat/cmd/fotomat github.com/die-net/fotomat/thumbnail github.com/die-net/fotomat/format && \
strip /app/bin/fotomat && \
# Add a fotomat user for it to run as, and make filesystem read-only to that user.
useradd -m fotomat -s /bin/bash && \
find / -type d -perm +002 -print0 | xargs -0 chmod o-w && \
# Mark fotomat's dependencies as needed, to avoid autoremoval
ldd /app/bin/fotomat | awk '($2=="=>"&&substr($3,1,11)!="/usr/local/"){print $3}' | \
xargs dpkg -S | cut -d: -f1 | sort -u | xargs apt-get install && \
@@ -51,3 +55,6 @@ RUN \
apt-get autoclean && \
apt-get clean && \
rm -rf /usr/local/go /usr/local/vips /app/pkg /var/lib/apt/lists/*
# Start by default as a non-root user.
USER fotomat
View
@@ -16,6 +16,10 @@ var (
func main() {
flag.Parse()
if *version {
showVersion()
}
// Up to max_threads will be allowed to be blocked in ImageMagick.
poolInit(*maxImageThreads)
View
@@ -0,0 +1,21 @@
package main
import (
"flag"
"fmt"
"os"
)
const (
// Updated by git-hooks/pre-commit
FotomatVersion = "2.0.141"
)
var (
version = flag.Bool("version", false, "Show version and exit.")
)
func showVersion() {
fmt.Println("Fotomat v" + FotomatVersion)
os.Exit(0)
}
View
@@ -0,0 +1,21 @@
#!/usr/bin/env bash
# Updates the patchlevel of FotomatVersion with the count of git commits.
# Enable in the root of the repo: ln -s ../../git-hooks/pre-commit .git/hooks/
set -o errexit
set -o nounset
set -o pipefail
file="cmd/fotomat/version.go"
if [ ! -f "$file" ]; then
echo "pre-commit: Can't find ${file}."
exit 1
fi
version=$(( $( git log --pretty=format:'' | wc -l | tr -d ' ' ) + 1 ))
sed "s/FotomatVersion = \"\([0-9.]*\)\.[0-9]*\"/FotomatVersion = \"\1.${version}\"/" $file > $file.tmp
mv $file.tmp $file
git add $file
echo "Updated $file FotomatVersion to: ${version}"

0 comments on commit 50a0c83

Please sign in to comment.