diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2023-04-30 11:47:04 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-29 23:47:04 -0400 |
| commit | d9d3f5234e45e25e3fbb922b65082770e49a58de (patch) | |
| tree | 2033e78079445dba7f26c821b51d6ceabc505572 | |
| parent | 7d7ba76c08b6f9d1d9f6fdaa945f73c243e260f9 (diff) | |
| download | gitea-d9d3f5234e45e25e3fbb922b65082770e49a58de.tar.gz gitea-d9d3f5234e45e25e3fbb922b65082770e49a58de.zip | |
Fix incorrect CurrentUser check for docker rootless (#24435)
Many users report that 1.19 has a regression bug: the rootless image
can't start if the UID is not 1000.
https://github.com/go-gitea/gitea/issues/23632#issuecomment-1524589213
https://discourse.gitea.io/t/gitea-doesnt-start-after-update-to-1-19/6920/9
The problem is that the IsRunUserMatchCurrentUser logic is fragile, the
"SSH" config is not ready when it executes.
This PR is just a quick fix for 1.19. For 1.20, we need a clear and
stable solution.
| -rw-r--r-- | modules/setting/setting.go | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 87b1e2797f..dfe8dcfa1c 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -282,6 +282,9 @@ func loadCommonSettingsFrom(cfg ConfigProvider) { loadLogFrom(cfg) loadServerFrom(cfg) loadSSHFrom(cfg) + + mustCurrentRunUserMatch(cfg) // it depends on the SSH config, only non-builtin SSH server requires this check + loadOAuth2From(cfg) loadSecurityFrom(cfg) loadAttachmentFrom(cfg) @@ -314,14 +317,6 @@ func loadRunModeFrom(rootCfg ConfigProvider) { RunMode = rootSec.Key("RUN_MODE").MustString("prod") } IsProd = strings.EqualFold(RunMode, "prod") - // Does not check run user when the install lock is off. - installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false) - if installLock { - currentUser, match := IsRunUserMatchCurrentUser(RunUser) - if !match { - log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser) - } - } // check if we run as root if os.Getuid() == 0 { @@ -333,6 +328,17 @@ func loadRunModeFrom(rootCfg ConfigProvider) { } } +func mustCurrentRunUserMatch(rootCfg ConfigProvider) { + // Does not check run user when the "InstallLock" is off. + installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false) + if installLock { + currentUser, match := IsRunUserMatchCurrentUser(RunUser) + if !match { + log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser) + } + } +} + // CreateOrAppendToCustomConf creates or updates the custom config. // Use the callback to set individual values. func CreateOrAppendToCustomConf(purpose string, callback func(cfg *ini.File)) { |