mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2024-12-21 19:08:24 +01:00
dep bumps and nonroot bypass (#910)
* dep bumps and nonroot bypass * log changing
This commit is contained in:
parent
9cc7a49d12
commit
95d9d85ca2
22
build.gradle
22
build.gradle
@ -1,6 +1,6 @@
|
||||
plugins {
|
||||
id 'java'
|
||||
id 'org.springframework.boot' version '3.2.2'
|
||||
id 'org.springframework.boot' version '3.2.3'
|
||||
id 'io.spring.dependency-management' version '1.1.3'
|
||||
id 'org.springdoc.openapi-gradle-plugin' version '1.8.0'
|
||||
id "io.swagger.swaggerhub" version "1.3.2"
|
||||
@ -87,26 +87,26 @@ spotless {
|
||||
|
||||
dependencies {
|
||||
//security updates
|
||||
implementation 'ch.qos.logback:logback-classic:1.4.14'
|
||||
implementation 'ch.qos.logback:logback-core:1.4.14'
|
||||
implementation 'org.springframework:spring-webmvc:6.1.3'
|
||||
implementation 'ch.qos.logback:logback-classic:1.5.3'
|
||||
implementation 'ch.qos.logback:logback-core:1.5.3'
|
||||
implementation 'org.springframework:spring-webmvc:6.1.4'
|
||||
|
||||
implementation("io.github.pixee:java-security-toolkit:1.1.2")
|
||||
|
||||
implementation 'org.yaml:snakeyaml:2.2'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-web:3.2.2'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.2'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-web:3.2.3'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.2.3'
|
||||
|
||||
if (System.getenv('DOCKER_ENABLE_SECURITY') != 'false') {
|
||||
implementation 'org.springframework.boot:spring-boot-starter-security:3.2.2'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-security:3.2.3'
|
||||
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.2.RELEASE'
|
||||
implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.2"
|
||||
implementation "org.springframework.boot:spring-boot-starter-data-jpa:3.2.3"
|
||||
|
||||
//2.2.x requires rebuild of DB file.. need migration path
|
||||
implementation "com.h2database:h2:2.1.214"
|
||||
}
|
||||
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test:3.2.2'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test:3.2.3'
|
||||
|
||||
// Batik
|
||||
implementation 'org.apache.xmlgraphics:batik-all:1.17'
|
||||
@ -149,7 +149,7 @@ dependencies {
|
||||
|
||||
implementation 'org.bouncycastle:bcprov-jdk18on:1.77'
|
||||
implementation 'org.bouncycastle:bcpkix-jdk18on:1.77'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-actuator:3.2.2'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-actuator:3.2.3'
|
||||
implementation 'io.micrometer:micrometer-core:1.12.3'
|
||||
implementation group: 'com.google.zxing', name: 'core', version: '3.5.2'
|
||||
// https://mvnrepository.com/artifact/org.commonmark/commonmark
|
||||
@ -160,7 +160,7 @@ dependencies {
|
||||
|
||||
implementation 'com.fathzer:javaluator:3.0.3'
|
||||
|
||||
developmentOnly("org.springframework.boot:spring-boot-devtools:3.2.2")
|
||||
developmentOnly("org.springframework.boot:spring-boot-devtools:3.2.3")
|
||||
compileOnly 'org.projectlombok:lombok:1.18.30'
|
||||
annotationProcessor 'org.projectlombok:lombok:1.18.28'
|
||||
}
|
||||
|
@ -10,14 +10,20 @@ if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -
|
||||
fi
|
||||
umask "$UMASK" || true
|
||||
|
||||
echo "Setting permissions and ownership for necessary directories..."
|
||||
chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true
|
||||
chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true
|
||||
|
||||
if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then
|
||||
apk add --no-cache calibre@testing
|
||||
fi
|
||||
|
||||
/scripts/download-security-jar.sh
|
||||
|
||||
# Run the main command
|
||||
echo "Setting permissions and ownership for necessary directories..."
|
||||
if chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar; then
|
||||
chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true
|
||||
# If chown succeeds, execute the command as stirlingpdfuser
|
||||
exec su-exec stirlingpdfuser "$@"
|
||||
else
|
||||
# If chown fails, execute the command without changing the user context
|
||||
echo "[WARN] Chown failed, running as host user"
|
||||
exec "$@"
|
||||
fi
|
||||
|
@ -24,12 +24,6 @@ if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -
|
||||
fi
|
||||
umask "$UMASK" || true
|
||||
|
||||
echo "Setting permissions and ownership for necessary directories..."
|
||||
chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true
|
||||
chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true
|
||||
|
||||
|
||||
|
||||
|
||||
# Check if TESSERACT_LANGS environment variable is set and is not empty
|
||||
if [[ -n "$TESSERACT_LANGS" ]]; then
|
||||
@ -50,9 +44,16 @@ if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then
|
||||
apk add --no-cache calibre@testing
|
||||
fi
|
||||
|
||||
|
||||
|
||||
/scripts/download-security-jar.sh
|
||||
|
||||
# Run the main command and switch to stirling user for rest of run
|
||||
echo "Setting permissions and ownership for necessary directories..."
|
||||
# Attempt to change ownership of directories and files
|
||||
if chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar; then
|
||||
chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar || true
|
||||
# If chown succeeds, execute the command as stirlingpdfuser
|
||||
exec su-exec stirlingpdfuser "$@"
|
||||
else
|
||||
# If chown fails, execute the command without changing the user context
|
||||
echo "[WARN] Chown failed, running as host user"
|
||||
exec "$@"
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user