Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix docker-compose dexidp startup #316

Merged
merged 1 commit into from Jan 10, 2022
Merged

Fix docker-compose dexidp startup #316

merged 1 commit into from Jan 10, 2022

Conversation

haydentherapper
Copy link
Contributor

There was some change in the last year to use a non-root
user for the Dex image. This causes permission issues
when mounting files, since the non-root user cannot
access the mount. The workaround is to run as root,
which should be fine for development.

See dexidp/dex#1649

Signed-off-by: Hayden Blauzvern hblauzvern@google.com

@haydentherapper
Fix docker-compose dexidp startup
3197389 
There was some change in the last year to use a non-root
user for the Dex image. This causes permission issues
when mounting files, since the non-root user cannot
access the mount. The workaround is to run as root,
which should be fine for development.

See dexidp/dex#1649

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
cpanato
cpanato reviewed Jan 6, 2022
View reviewed changes
docker-compose.yml
@@ -47,6 +47,7 @@ services:
- ct_server
dex-idp:
image: dexidp/dex:v2.30.0
user: root
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if we change the location of the config file to a tmp directory?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried this out too, I get permission issues with any directory. For example, if I mount ./config/dex to /tmp, the default user can't access /tmp. When I shell into the image without mounting a file, I'm able to access /tmp though, so I assume this is from the docker process that mounts the directory overriding the directory permissions.

@haydentherapper
Copy link
Contributor Author

@mattmoor Could we get this merged?

bobcallaway
bobcallaway approved these changes Jan 10, 2022
View reviewed changes
Copy link
Member

@bobcallaway bobcallaway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nothing against the fix, just wish it wasn't required...

@mattmoor
Copy link
Member

I'm also curious if we can find a way to not need this (do we in prod?), but I'm unfamiliar with docker compose to be of any real help.

@mattmoor mattmoor merged commit d890471 into sigstore:main Jan 10, 2022
@haydentherapper
Copy link
Contributor Author

In prod, we load the config in directly, i.e

data:
  config.yaml: |
    issuer: https://oauth2.sigstore.dev/auth
    ...

I'll look at making that change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato left review comments

@bobcallaway bobcallaway bobcallaway approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@haydentherapper @mattmoor @bobcallaway @cpanato