[Friendica] Fixing redis session handling and run_as #11872

nupplaphil · 2022-02-15T22:15:34Z

I accidentally introduced two major bugs :(

Partly reverted the behavior for run_as and explicit export the two missing environment variables
Using expr "${REDIS_HOST}" : "/" 1>/dev/null; to be /bin/sh compatible

btw I copied the Redis behavior from https://github.com/nextcloud/docker/blob/master/docker-entrypoint.sh#L60 , which is a /bin/sh script as well
--> shouldn't it get fixed there as well?

yosifkit · 2022-02-16T01:13:43Z

There's still some rough edges with $1 and $@ in the run_as. I'd suggest simplifying it by installing a tiny tool meant only for stepping down from root in the same way that docker run --user does, like gosu (or su-exec) via apt/apk.

run_as() {
  set -- sh -c "cd /var/www/html; $*"
  if [ "$(id -u)" -eq 0 ]; then
    set -- gosu www-data "$@"
  fi
  "$@"
}

github-actions · 2022-02-16T20:49:59Z

Diff for 01a2635:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 7b99dd0..13ac988 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -4,45 +4,45 @@ GitFetch: refs/heads/stable
 
 Tags: 2021.09-apache, 2021.09
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2021.09/apache
 
 Tags: 2021.09-fpm
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2021.09/fpm
 
 Tags: 2021.09-fpm-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2021.09/fpm-alpine
 
 Tags: 2022.02-apache, apache, stable-apache, 2022.02, latest, stable
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2022.02/apache
 
 Tags: 2022.02-fpm, fpm, stable-fpm
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2022.02/fpm
 
 Tags: 2022.02-fpm-alpine, fpm-alpine, stable-fpm-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2022.02/fpm-alpine
 
 Tags: 2022.05-dev-apache, dev-apache, 2022.05-dev, dev
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2022.05-dev/apache
 
 Tags: 2022.05-dev-fpm, dev-fpm
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2022.05-dev/fpm
 
 Tags: 2022.05-dev-fpm-alpine, dev-fpm-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 6edd78174b1a6de7610146c092c7a316d435f527
+GitCommit: c9965262bb3dfae91189bad8f9cfb6f4fe805800
 Directory: 2022.05-dev/fpm-alpine
diff --git a/friendica_2021.09-fpm-alpine/Dockerfile b/friendica_2021.09-fpm-alpine/Dockerfile
index df75eaa..a297278 100644
--- a/friendica_2021.09-fpm-alpine/Dockerfile
+++ b/friendica_2021.09-fpm-alpine/Dockerfile
@@ -81,7 +81,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install APCu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_2021.09-fpm-alpine/entrypoint.sh b/friendica_2021.09-fpm-alpine/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_2021.09-fpm-alpine/entrypoint.sh
+++ b/friendica_2021.09-fpm-alpine/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else
diff --git a/friendica_2021.09-fpm/Dockerfile b/friendica_2021.09-fpm/Dockerfile
index 0421b17..8f7395d 100644
--- a/friendica_2021.09-fpm/Dockerfile
+++ b/friendica_2021.09-fpm/Dockerfile
@@ -95,7 +95,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install apcu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_2021.09-fpm/entrypoint.sh b/friendica_2021.09-fpm/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_2021.09-fpm/entrypoint.sh
+++ b/friendica_2021.09-fpm/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else
diff --git a/friendica_2021.09/Dockerfile b/friendica_2021.09/Dockerfile
index d10b6b3..1c44e67 100644
--- a/friendica_2021.09/Dockerfile
+++ b/friendica_2021.09/Dockerfile
@@ -95,7 +95,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install apcu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_2021.09/entrypoint.sh b/friendica_2021.09/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_2021.09/entrypoint.sh
+++ b/friendica_2021.09/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else
diff --git a/friendica_dev-fpm-alpine/Dockerfile b/friendica_dev-fpm-alpine/Dockerfile
index 2a9d914..9894226 100644
--- a/friendica_dev-fpm-alpine/Dockerfile
+++ b/friendica_dev-fpm-alpine/Dockerfile
@@ -81,7 +81,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install APCu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_dev-fpm-alpine/entrypoint.sh b/friendica_dev-fpm-alpine/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_dev-fpm-alpine/entrypoint.sh
+++ b/friendica_dev-fpm-alpine/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else
diff --git a/friendica_dev-fpm/Dockerfile b/friendica_dev-fpm/Dockerfile
index 8a6917e..83c3355 100644
--- a/friendica_dev-fpm/Dockerfile
+++ b/friendica_dev-fpm/Dockerfile
@@ -95,7 +95,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install apcu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_dev-fpm/entrypoint.sh b/friendica_dev-fpm/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_dev-fpm/entrypoint.sh
+++ b/friendica_dev-fpm/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else
diff --git a/friendica_dev/Dockerfile b/friendica_dev/Dockerfile
index db618f1..a6a967f 100644
--- a/friendica_dev/Dockerfile
+++ b/friendica_dev/Dockerfile
@@ -95,7 +95,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install apcu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_dev/entrypoint.sh b/friendica_dev/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_dev/entrypoint.sh
+++ b/friendica_dev/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else
diff --git a/friendica_stable-fpm-alpine/Dockerfile b/friendica_stable-fpm-alpine/Dockerfile
index 3862c63..a13605b 100644
--- a/friendica_stable-fpm-alpine/Dockerfile
+++ b/friendica_stable-fpm-alpine/Dockerfile
@@ -81,7 +81,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install APCu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_stable-fpm-alpine/entrypoint.sh b/friendica_stable-fpm-alpine/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_stable-fpm-alpine/entrypoint.sh
+++ b/friendica_stable-fpm-alpine/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else
diff --git a/friendica_stable-fpm/Dockerfile b/friendica_stable-fpm/Dockerfile
index bb581e5..54fb188 100644
--- a/friendica_stable-fpm/Dockerfile
+++ b/friendica_stable-fpm/Dockerfile
@@ -95,7 +95,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install apcu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_stable-fpm/entrypoint.sh b/friendica_stable-fpm/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_stable-fpm/entrypoint.sh
+++ b/friendica_stable-fpm/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else
diff --git a/friendica_stable/Dockerfile b/friendica_stable/Dockerfile
index 60a0b8e..2a150a7 100644
--- a/friendica_stable/Dockerfile
+++ b/friendica_stable/Dockerfile
@@ -95,7 +95,7 @@ RUN set -ex; \
 # pecl will claim success even if one install fails, so we need to perform each install separately
     pecl install apcu-5.1.21; \
     pecl install memcached-3.1.5; \
-    pecl install redis-5.3.6; \
+    pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
diff --git a/friendica_stable/entrypoint.sh b/friendica_stable/entrypoint.sh
index bb723fb..87dcbe2 100755
--- a/friendica_stable/entrypoint.sh
+++ b/friendica_stable/entrypoint.sh
@@ -3,11 +3,11 @@ set -eu
 
 # run an command with the www-data user
 run_as() {
+  set -- sh -c "cd /var/www/html; $*"
   if [ "$(id -u)" -eq 0 ]; then
-    su -p www-data -s /bin/sh -c "$1"
-  else
-    sh -c "$1"
+    set -- gosu www-data "$@"
   fi
+  "$@"
 }
 
 # checks if the the first parameter is greater than the second parameter
@@ -20,11 +20,11 @@ version_greater() {
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
 file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    var="$1"
+    fileVar="${var}_FILE"
+    def="${2:-}"
+    varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
     if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
         echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
         exit 1
@@ -49,7 +49,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then
       file_env REDIS_PW
       echo 'session.save_handler = redis'
       # check if redis host is an unix socket path
-      if [ "${REDIS_HOST:0:1}" = "/" ]; then
+      if expr "${REDIS_HOST}" : "/" 1>/dev/null; then
         if [ -n "${REDIS_PW+x}" ]; then
           echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_PW}\""
         else

Relevant Maintainers:

friendica: @friendica @nupplaphil

[Friendica] Fixing redis session handling and run_as

5fdaecc

github-actions bot added the library/friendica label Feb 15, 2022

This was referenced Feb 15, 2022

console.php dbstructure update fails to launch upon container upgrade from 2021.09 to 2022.02 friendica/docker#195

Closed

error in redis configuration - versionning change friendica/docker#196

Closed

nupplaphil mentioned this pull request Feb 16, 2022

Replace su with gosu friendica/docker#198

Merged

[Friendica] Using gosu at run_as()

01a2635

yosifkit merged commit 516c5b8 into docker-library:master Feb 17, 2022

nupplaphil deleted the friendica branch February 17, 2022 06:19

kikito mentioned this pull request Mar 1, 2022

bump Kong to 2.8.0 #11955

Closed

sampaiodiego mentioned this pull request Mar 31, 2022

Update rocket.chat #12160

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Friendica] Fixing redis session handling and run_as #11872

[Friendica] Fixing redis session handling and run_as #11872

nupplaphil commented Feb 15, 2022 •

edited

Loading

yosifkit commented Feb 16, 2022

github-actions bot commented Feb 16, 2022

[Friendica] Fixing redis session handling and run_as #11872

[Friendica] Fixing redis session handling and run_as #11872

Conversation

nupplaphil commented Feb 15, 2022 • edited Loading

yosifkit commented Feb 16, 2022

github-actions bot commented Feb 16, 2022

nupplaphil commented Feb 15, 2022 •

edited

Loading