From 8c58048169af3833270c9b334691c621566f48ec Mon Sep 17 00:00:00 2001
From: dek <dek@iono.me>
Date: Sat, 3 Nov 2018 01:50:30 +0100
Subject: [PATCH] docker : cleanup and fixes

- run as dedicated user instead of root
- avoid running sed on a already existing config.yaml
- fix typo in sed command for db line
---
 Dockerfile    |  9 ++++++---
 docker-run.sh | 24 +++++++++++-------------
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d9a43f9..e8c0efd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,9 +8,12 @@ RUN apk add --no-cache \
       py3-attrs \
       py3-bcrypt \
       py3-cffi \
-      ca-certificates \
- && pip3 install -r requirements.txt
+      ca-certificates &&\
+    pip3 install -r requirements.txt &&\
+    mkdir -p /data /var/log/maubot &&\
+    adduser -D maubot &&\
+    chown -R maubot: /opt/maubot /data /var/log/maubot
 
 VOLUME /data
-
+USER maubot
 CMD ["/opt/maubot/docker-run.sh"]
diff --git a/docker-run.sh b/docker-run.sh
index 424953a..9fd4725 100755
--- a/docker-run.sh
+++ b/docker-run.sh
@@ -2,21 +2,19 @@
 
 cd /opt/maubot
 
-# Replace database path in config.
-sed -i "s#sqlite:///maubot.db#sqlite:////data/maubot.db#" /data/config.yaml
-sed -i "s#- ./plugins#- /data/plugins#" /data/config.yaml
-sed -i "s#upload: ./plugins#upload: /data/plugins#" /data/config.yaml
-sed -i "s#trash: ./trash#trash: /data/trash#" /data/config.yaml
-sed -i "s#db: ./plugins#trash: /data/dbs#" /data/config.yaml
-sed -i "s#./logs/maubot.log#/var/log/maubot/maubot.log#" /data/config.yaml
-
-mkdir -p /var/log/maubot /data/plugins /data/trash /data/dbs
-
-# Check that database is in the right state
-alembic -x config=/data/config.yaml upgrade head
+mkdir -p /data/plugins /data/trash /data/dbs
 
 if [ ! -f /data/config.yaml ]; then
-	cp example-config.yaml /data/config.yaml
+    cp example-config.yaml /data/config.yaml
+
+    # Replace database path in example config.
+    sed -i "s#sqlite:///maubot.db#sqlite:////data/maubot.db#" /data/config.yaml
+    sed -i "s#- ./plugins#- /data/plugins#" /data/config.yaml
+    sed -i "s#upload: ./plugins#upload: /data/plugins#" /data/config.yaml
+    sed -i "s#trash: ./trash#trash: /data/trash#" /data/config.yaml
+    sed -i "s#db: ./plugins#db: /data/dbs#" /data/config.yaml
+    sed -i "s#./logs/maubot.log#/var/log/maubot/maubot.log#" /data/config.yaml
+
 	echo "Config file not found. Example config copied to /data/config.yaml"
 	echo "Please modify the config file to your liking and restart the container."
 	exit