TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 16:40:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect CurrentUser check for docker rootless (#24435)

Browse Source 
Many users report that 1.19 has a regression bug: the rootless image
can't start if the UID is not 1000.

https://github.com/go-gitea/gitea/issues/23632#issuecomment-1524589213


https://discourse.gitea.io/t/gitea-doesnt-start-after-update-to-1-19/6920/9


The problem is that the IsRunUserMatchCurrentUser logic is fragile, the
"SSH" config is not ready when it executes.

This PR is just a quick fix for 1.19. For 1.20, we need a clear and
stable solution.
This commit is contained in:
wxiaoguang
2023-04-30 11:47:04 +08:00
committed by GitHub
parent 7d7ba76c08
commit d9d3f5234e
1 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
modules/setting/setting.go
View File

@@ -282,6 +282,9 @@ func loadCommonSettingsFrom(cfg ConfigProvider) {
loadLogFrom(cfg) loadLogFrom(cfg)
loadServerFrom(cfg) loadServerFrom(cfg)
loadSSHFrom(cfg) loadSSHFrom(cfg)
mustCurrentRunUserMatch(cfg) // it depends on the SSH config, only non-builtin SSH server requires this check
loadOAuth2From(cfg) loadOAuth2From(cfg)
loadSecurityFrom(cfg) loadSecurityFrom(cfg)
loadAttachmentFrom(cfg) loadAttachmentFrom(cfg)
@@ -314,14 +317,6 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
RunMode = rootSec.Key("RUN_MODE").MustString("prod") RunMode = rootSec.Key("RUN_MODE").MustString("prod")
} }
IsProd = strings.EqualFold(RunMode, "prod") IsProd = strings.EqualFold(RunMode, "prod")
// Does not check run user when the install lock is off.
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
if installLock {
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
if !match {
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
}
}
// check if we run as root // check if we run as root
if os.Getuid() == 0 { if os.Getuid() == 0 {
@@ -333,6 +328,17 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
} }
} }
func mustCurrentRunUserMatch(rootCfg ConfigProvider) {
// Does not check run user when the "InstallLock" is off.
installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
if installLock {
currentUser, match := IsRunUserMatchCurrentUser(RunUser)
if !match {
log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
}
}
}
// CreateOrAppendToCustomConf creates or updates the custom config. // CreateOrAppendToCustomConf creates or updates the custom config.
// Use the callback to set individual values. // Use the callback to set individual values.
func CreateOrAppendToCustomConf(purpose string, callback func(cfg *ini.File)) { func CreateOrAppendToCustomConf(purpose string, callback func(cfg *ini.File)) {