Copy secrets with correct ownership instead of symlinking them

Secrets are owned by root and are not world-readable by default, so the frontend cannot access them when it’s not running as root. Not all versions of docker-compose support setting access rights for secrets, so instead of wrangling with them, just copy secrets and re-own them. Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Copy secrets with correct ownership instead of symlinking them
f3b232dd · Andrej Shadura · Sjoerd Simons · 2cad17ab · f3b232dd
Commit f3b232dd authored 3 years ago by Andrej Shadura Committed by Sjoerd Simons 3 years ago
--- a/docker/configure-app.sh
+++ b/docker/configure-app.sh
@@ -15,7 +15,8 @@ done
 # Allow overriding the secret key
 if [ -f /run/secrets/secretkey ]
 then
-    ln -sf /run/secrets/secretkey config/secret.key
+    cp /run/secrets/secretkey config/secret.key
+    chown frontend config/secret.key
 fi

 if [ ! -r config/secret.key ]
@@ -50,11 +51,13 @@ fi
 # Set up msmtp if a configuration is supplied
 if [ -f /run/secrets/msmtprc ]
 then
-    ln -sf /run/secrets/msmtprc /etc/msmtprc
+    cp /run/secrets/msmtprc /etc/msmtprc
+    chown frontend /etc/msmtprc
 fi

 # Set up SSO auth if a configuration is supplied
 if [ -f /run/secrets/ssoauth ]
 then
-    ln -sf /run/secrets/ssoauth config/auth.yml
+    cp /run/secrets/ssoauth config/auth.yml
+    chown frontend config/auth.yml
 fi