From c7b73b487b071989a4c43e251dd7f9e6206dd9b0 Mon Sep 17 00:00:00 2001 From: Andrew Ferrazzutti Date: Fri, 28 Mar 2025 19:32:12 -0400 Subject: [PATCH] Replace pointless RUN chown with COPY --chown UID/GID ownership of top-level directories isn't preserved by COPY, so set the desired ownership with COPY --chown instead. --- docker/Dockerfile-workers | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docker/Dockerfile-workers b/docker/Dockerfile-workers index bf63365d34..a7f576184d 100644 --- a/docker/Dockerfile-workers +++ b/docker/Dockerfile-workers @@ -26,9 +26,7 @@ FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS deps_base rm /etc/nginx/sites-enabled/default && \ # have nginx log to stderr/out ln -sf /dev/stdout /var/log/nginx/access.log && \ - ln -sf /dev/stderr /var/log/nginx/error.log && \ - # allow nginx user to write to http-*-temp-path dirs - chown www-data /var/lib/nginx + ln -sf /dev/stderr /var/log/nginx/error.log # --link-mode=copy silences a warning as uv isn't able to do hardlinks between its cache # (mounted as --mount=type=cache) and the target directory. @@ -56,7 +54,8 @@ FROM $FROM COPY --from=deps_base /usr/lib/nginx /usr/lib/nginx COPY --from=deps_base /etc/nginx /etc/nginx COPY --from=deps_base /var/log/nginx /var/log/nginx - COPY --from=deps_base /var/lib/nginx /var/lib/nginx + # chown to allow non-root user to write to http-*-temp-path dirs + COPY --from=deps_base --chown=www-data:root /var/lib/nginx /var/lib/nginx # Copy Synapse worker, nginx and supervisord configuration template files COPY ./docker/conf-workers/* /conf/