Copy secrets with correct ownership instead of symlinking them

Secrets are owned by root and are not world-readable by default, so the frontend cannot access them when it’s not running as root. Not all versions of docker-compose support setting access rights for secrets, so instead of wrangling with them, just copy secrets and re-own them.

Signed-off-by: Andrej Shadura andrew.shadura@collabora.co.uk

docker/configure-app.sh

@@ -15,7 +15,8 @@ done
 # Allow overriding the secret key
 if [ -f /run/secrets/secretkey ]
 then
-    ln -sf /run/secrets/secretkey config/secret.key
+    cp /run/secrets/secretkey config/secret.key
+    chown frontend config/secret.key
 fi
 
 if [ ! -r config/secret.key ]
@@ -50,11 +51,13 @@ fi
 # Set up msmtp if a configuration is supplied
 if [ -f /run/secrets/msmtprc ]
 then
-    ln -sf /run/secrets/msmtprc /etc/msmtprc
+    cp /run/secrets/msmtprc /etc/msmtprc
+    chown frontend /etc/msmtprc
 fi
 
 # Set up SSO auth if a configuration is supplied
 if [ -f /run/secrets/ssoauth ]
 then
-    ln -sf /run/secrets/ssoauth config/auth.yml
+    cp /run/secrets/ssoauth config/auth.yml
+    chown frontend config/auth.yml
 fi