diff --git a/build.gradle b/build.gradle index 3cd1afc6..73ecb894 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,6 @@ plugins { id 'java' - id 'org.springframework.boot' version '3.2.2' + id 'org.springframework.boot' version '3.2.3' id 'io.spring.dependency-management' version '1.1.3' id 'org.springdoc.openapi-gradle-plugin' version '1.8.0' id "io.swagger.swaggerhub" version "1.3.2" @@ -87,26 +87,26 @@ spotless { dependencies { //security updates - implementation 'ch.qos.logback:logback-classic:1.4.14' - implementation 'ch.qos.logback:logback-core:1.4.14' - implementation 'org.springframework:spring-webmvc:6.1.3' + implementation 'ch.qos.logback:logback-classic:1.5.3' + implementation 'ch.qos.logback:logback-core:1.5.3' + implementation 'org.springframework:spring-webmvc:6.1.4' implementation("io.github.pixee:java-security-toolkit:1.1.2") implementation 'org.yaml:snakeyaml:2.2' - implementation 'org.springframework.boot:spring-boot-starter-web:3.2.2' - implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.2' + implementation 'org.springframework.boot:spring-boot-starter-web:3.2.3' + implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.3' if (System.getenv('DOCKER_ENABLE_SECURITY') != 'false') { - implementation 'org.springframework.boot:spring-boot-starter-security:3.2.2' + implementation 'org.springframework.boot:spring-boot-starter-security:3.2.3' implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE' - implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.2" + implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.3" //2.2.x requires rebuild of DB file.. need migration path implementation "com.h2database:h2:2.1.214" } - testImplementation 'org.springframework.boot:spring-boot-starter-test:3.2.2' + testImplementation 'org.springframework.boot:spring-boot-starter-test:3.2.3' // Batik implementation 'org.apache.xmlgraphics:batik-all:1.17' @@ -149,7 +149,7 @@ dependencies { implementation 'org.bouncycastle:bcprov-jdk18on:1.77' implementation 'org.bouncycastle:bcpkix-jdk18on:1.77' - implementation 'org.springframework.boot:spring-boot-starter-actuator:3.2.2' + implementation 'org.springframework.boot:spring-boot-starter-actuator:3.2.3' implementation 'io.micrometer:micrometer-core:1.12.3' implementation group: 'com.google.zxing', name: 'core', version: '3.5.2' // https://mvnrepository.com/artifact/org.commonmark/commonmark @@ -160,7 +160,7 @@ dependencies { implementation 'com.fathzer:javaluator:3.0.3' - developmentOnly("org.springframework.boot:spring-boot-devtools:3.2.2") + developmentOnly("org.springframework.boot:spring-boot-devtools:3.2.3") compileOnly 'org.projectlombok:lombok:1.18.30' annotationProcessor 'org.projectlombok:lombok:1.18.28' } diff --git a/scripts/init-without-ocr.sh b/scripts/init-without-ocr.sh index 4673b9dd..64e6dab0 100644 --- a/scripts/init-without-ocr.sh +++ b/scripts/init-without-ocr.sh @@ -10,14 +10,20 @@ if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: - fi umask "$UMASK" || true -echo "Setting permissions and ownership for necessary directories..." -chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true -chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true + if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then apk add --no-cache calibre@testing fi /scripts/download-security-jar.sh -# Run the main command -exec su-exec stirlingpdfuser "$@" \ No newline at end of file +echo "Setting permissions and ownership for necessary directories..." +if chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar; then + chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true + # If chown succeeds, execute the command as stirlingpdfuser + exec su-exec stirlingpdfuser "$@" +else + # If chown fails, execute the command without changing the user context + echo "[WARN] Chown failed, running as host user" + exec "$@" +fi diff --git a/scripts/init.sh b/scripts/init.sh index 1b298e16..f06527d0 100644 --- a/scripts/init.sh +++ b/scripts/init.sh @@ -24,12 +24,6 @@ if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: - fi umask "$UMASK" || true -echo "Setting permissions and ownership for necessary directories..." -chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true -chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true - - - # Check if TESSERACT_LANGS environment variable is set and is not empty if [[ -n "$TESSERACT_LANGS" ]]; then @@ -50,9 +44,16 @@ if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then apk add --no-cache calibre@testing fi - - /scripts/download-security-jar.sh -# Run the main command and switch to stirling user for rest of run -exec su-exec stirlingpdfuser "$@" \ No newline at end of file +echo "Setting permissions and ownership for necessary directories..." +# Attempt to change ownership of directories and files +if chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar; then + chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true + # If chown succeeds, execute the command as stirlingpdfuser + exec su-exec stirlingpdfuser "$@" +else + # If chown fails, execute the command without changing the user context + echo "[WARN] Chown failed, running as host user" + exec "$@" +fi