diff --git a/Dockerfile b/Dockerfile index 8480962..58e0ed3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 # set version label ARG BUILD_DATE diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 6fb3ae4..febd333 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 # set version label ARG BUILD_DATE diff --git a/README.md b/README.md index badc223..b0fba68 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,10 @@ For more information please see the [official documentation](https://docs.requar This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -140,6 +144,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-v /config` | Persistent config files | | `-v /data` | Where Wiki.js data is stored. | | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) @@ -303,6 +308,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **18.01.25:** - Rebase to Alpine 3.21. * **01.06.24:** - Rebase to Alpine 3.20. * **23.12.23:** - Rebase to Alpine 3.19. * **25.08.22:** - Rebase to Alpine 3.18. diff --git a/readme-vars.yml b/readme-vars.yml index 72deef1..d77f8b8 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -30,6 +30,7 @@ opt_param_env_vars: - {env_var: "DB_USER", env_value: "", desc: "DB username (postgres only)"} - {env_var: "DB_PASS", env_value: "", desc: "DB password (postgres only)"} readonly_supported: true +nonroot_supported: true # application setup block app_setup_block_enabled: true app_setup_block: | @@ -81,6 +82,7 @@ init_diagram: | "wikijs:latest" <- Base Images # changelog changelogs: + - {date: "18.01.25:", desc: "Rebase to Alpine 3.21."} - {date: "01.06.24:", desc: "Rebase to Alpine 3.20."} - {date: "23.12.23:", desc: "Rebase to Alpine 3.19."} - {date: "25.08.22:", desc: "Rebase to Alpine 3.18."} diff --git a/root/etc/s6-overlay/s6-rc.d/init-wikijs-config/run b/root/etc/s6-overlay/s6-rc.d/init-wikijs-config/run index d897f67..63c9947 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wikijs-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wikijs-config/run @@ -9,11 +9,13 @@ if [[ ! -f "/config/config.yml" ]]; then cp /defaults/config.yml /config/config.yml fi -# permissions -lsiown -R abc:abc \ - /config +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + # permissions + lsiown -R abc:abc \ + /config -if grep -qe ' /data ' /proc/mounts; then - lsiown abc:abc \ - /data + if grep -qe ' /data ' /proc/mounts; then + lsiown abc:abc \ + /data + fi fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wikijs/run b/root/etc/s6-overlay/s6-rc.d/svc-wikijs/run index db6831a..358b08b 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-wikijs/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-wikijs/run @@ -3,6 +3,12 @@ export CONFIG_FILE="/config/config.yml" -exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 3000" \ - cd /app/wiki s6-setuidgid abc /usr/bin/node server +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 3000" \ + cd /app/wiki s6-setuidgid abc /usr/bin/node server +else + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 3000" \ + cd /app/wiki /usr/bin/node server +fi