From 8a13eb1cd33437c86b460f1e65e0a731a8d6f64f Mon Sep 17 00:00:00 2001
From: Sylvain <sylvain@sleede.com>
Date: Tue, 7 Jun 2022 15:12:07 +0200
Subject: [PATCH] (bug) when installing fab-manager as non-root user, most of
 the resulting installation directories were owned by root

---
 .dockerignore                 |  1 +
 CHANGELOG.md                  |  2 ++
 Dockerfile                    | 17 +++++------------
 scripts/use-relative-paths.sh | 30 +++++++++++++++++++++++++++++
 setup/docker-compose.yml      | 36 +++++++++++++++++------------------
 setup/setup.sh                |  9 +++++++--
 setup/upgrade.sh              |  1 +
 7 files changed, 64 insertions(+), 32 deletions(-)
 create mode 100755 scripts/use-relative-paths.sh

diff --git a/.dockerignore b/.dockerignore
index 11faf34e4..541c72155 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -42,6 +42,7 @@ Dockerfile
 docker-compose*
 test
 .env
+.docker
 
 # Docs
 *.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 84bc29528..a49992ffb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,8 +4,10 @@
 
 - Updated sidekiq-unique-jobs to 7.1.23 to get rid of Sidekiq's default_worker_options deprecation warning
 - Allow moving with arrows in the setup script's inputs
+- Fix a bug: when installing fab-manager as non-root user, most of the resulting installation directories were owned by root
 - Fix a bug: unable to edit OIDC provider
 - Fix a bug: list of OIDC scopes are loading indefinitely
+- [TODO DEPLOY] `\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/scripts/use-relative-paths.sh | bash`
 
 ## v5.4.3 2022 June 6
 
diff --git a/Dockerfile b/Dockerfile
index ac0e61f7c..58e638276 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -63,6 +63,7 @@ COPY yarn.lock /usr/src/app/yarn.lock
 RUN yarn install
 
 # Clean up build deps, cached packages and temp files
+USER root
 RUN apk del .build-deps && \
     yarn cache clean && \
     rm -rf /tmp/* \
@@ -71,23 +72,15 @@ RUN apk del .build-deps && \
            /usr/lib/ruby/gems/*/cache/*
 
 # Web app
-RUN mkdir -p /usr/src/app/config && \
-    mkdir -p /usr/src/app/invoices && \
-    mkdir -p /usr/src/app/payment_schedules && \
-    mkdir -p /usr/src/app/exports && \
-    mkdir -p /usr/src/app/imports && \
-    mkdir -p /usr/src/app/log && \
-    mkdir -p /usr/src/app/public/uploads && \
-    mkdir -p /usr/src/app/public/packs && \
-    mkdir -p /usr/src/app/accounting && \
-    mkdir -p /usr/src/app/proof_of_identity_files && \
-    mkdir -p /usr/src/app/tmp/sockets && \
+USER fabmanager
+RUN mkdir -p /usr/src/app/tmp/sockets && \
     mkdir -p /usr/src/app/tmp/pids
 
+# Copy source files
 COPY docker/database.yml /usr/src/app/config/database.yml
 COPY . /usr/src/app
 
-# Volumes
+# Volumes (the folders are created by setup.sh)
 VOLUME /usr/src/app/invoices
 VOLUME /usr/src/app/payment_schedules
 VOLUME /usr/src/app/exports
diff --git a/scripts/use-relative-paths.sh b/scripts/use-relative-paths.sh
new file mode 100755
index 000000000..8cd2775a6
--- /dev/null
+++ b/scripts/use-relative-paths.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+# This script changes the paths in the docker-compose.yml file to use relative paths
+# Previously, we were using ${PWD} to get the path to the current directory, but this
+# caused issues when running a script from a different directory with "docker-compose -f".
+
+config()
+{
+  echo "Checking docker-compose file... "
+    FABMANAGER_PATH=$(pwd)
+    if [ ! -w "$FABMANAGER_PATH/docker-compose.yml" ]; then
+      echo "Fab-manager's docker-compose.yml file not found or not writable."
+      echo "Please run this script from the installation folder, and as a user having write access on docker-compose.yml"
+      exit 1
+    fi
+}
+
+rename()
+{
+  echo "Renaming paths... "
+  sed -i.bak "s/\${PWD}/\./g" "$FABMANAGER_PATH/docker-compose.yml"
+}
+
+proceed()
+{
+  config
+  rename
+}
+
+proceed "$@"
diff --git a/setup/docker-compose.yml b/setup/docker-compose.yml
index ce3ab3ccd..af9005c38 100644
--- a/setup/docker-compose.yml
+++ b/setup/docker-compose.yml
@@ -6,18 +6,18 @@ services:
       RAILS_ENV: production
       RACK_ENV: production
     env_file:
-      - ${PWD}/config/env
+      - ./config/env
     volumes:
-      - ${PWD}/public/packs:/usr/src/app/public/packs
-      - ${PWD}/public/uploads:/usr/src/app/public/uploads
-      - ${PWD}/invoices:/usr/src/app/invoices
-      - ${PWD}/payment_schedules:/usr/src/app/payment_schedules
-      - ${PWD}/exports:/usr/src/app/exports
-      - ${PWD}/imports:/usr/src/app/imports
-      - ${PWD}/proof_of_identity_files:/usr/src/app/proof_of_identity_files
-      - ${PWD}/log:/var/log/supervisor
-      - ${PWD}/plugins:/usr/src/app/plugins
-      - ${PWD}/accounting:/usr/src/app/accounting
+      - ./public/packs:/usr/src/app/public/packs
+      - ./public/uploads:/usr/src/app/public/uploads
+      - ./invoices:/usr/src/app/invoices
+      - ./payment_schedules:/usr/src/app/payment_schedules
+      - ./exports:/usr/src/app/exports
+      - ./imports:/usr/src/app/imports
+      - ./proof_of_identity_files:/usr/src/app/proof_of_identity_files
+      - ./log:/var/log/supervisor
+      - ./plugins:/usr/src/app/plugins
+      - ./accounting:/usr/src/app/accounting
     depends_on:
       - postgres
       - redis
@@ -27,7 +27,7 @@ services:
   postgres:
     image: postgres:9.6
     volumes:
-      - ${PWD}/postgresql:/var/lib/postgresql/data
+      - ./postgresql:/var/lib/postgresql/data
     restart: always
     environment:
       POSTGRES_HOST_AUTH_METHOD: trust
@@ -41,14 +41,14 @@ services:
         soft: -1
         hard: -1
     volumes:
-      - ${PWD}/elasticsearch/config:/usr/share/elasticsearch/config
-      - ${PWD}/elasticsearch:/usr/share/elasticsearch/data
+      - ./elasticsearch/config:/usr/share/elasticsearch/config
+      - ./elasticsearch:/usr/share/elasticsearch/data
     restart: always
 
   redis:
     image: redis:6-alpine
     volumes:
-      - ${PWD}/redis:/data
+      - ./redis:/data
     restart: always
 
   nginx:
@@ -57,9 +57,9 @@ services:
       - "80:80"
       - "443:443"
     volumes:
-      - ${PWD}/config/nginx:/etc/nginx/conf.d
-      - ${PWD}/letsencrypt/etc:/etc/letsencrypt
-      - ${PWD}/log:/var/log/nginx
+      - ./config/nginx:/etc/nginx/conf.d
+      - ./letsencrypt/etc:/etc/letsencrypt
+      - ./log:/var/log/nginx
     volumes_from:
       - fabmanager:ro
     links:
diff --git a/setup/setup.sh b/setup/setup.sh
index dea618d9a..3447d2642 100755
--- a/setup/setup.sh
+++ b/setup/setup.sh
@@ -174,10 +174,15 @@ prepare_files()
   read -rp "Continue? (Y/n) " confirm </dev/tty
   if [[ "$confirm" = "n" ]]; then exit 1; fi
 
-  elevate_cmd mkdir -p "$FABMANAGER_PATH/config"
+  elevate_cmd mkdir -p "$FABMANAGER_PATH"
   elevate_cmd chown -R "$(whoami):$(whoami)" "$FABMANAGER_PATH"
 
-  mkdir -p "$FABMANAGER_PATH/elasticsearch/config"
+  # create folders before starting the containers, otherwise root will own them
+  local folders=(accounting config elasticsearch/config exports imports invoices log payment_schedules plugins postgresql \
+  proof_of_identity_files public/packs public/uploads)
+  for folder in "${folders[@]}"; do
+    mkdir -p "$FABMANAGER_PATH/$folder"
+  done
 
   # Fab-manager environment variables
   \curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/setup/env.example > "$FABMANAGER_PATH/config/env"
diff --git a/setup/upgrade.sh b/setup/upgrade.sh
index 0557556e4..eb82a20e1 100644
--- a/setup/upgrade.sh
+++ b/setup/upgrade.sh
@@ -221,6 +221,7 @@ compile_assets()
   fi
   PG_NET_ID=$(docker inspect "$PG_ID" -f "{{json .NetworkSettings.Networks }}" | jq -r '.[] .NetworkID')
   clean_env_file
+  mkdir -p public/new_packs
   # shellcheck disable=SC2068
   if ! docker run --user "$(id -u):$(id -g)" --rm --env-file ./config/env ${ENV_ARGS[@]} --link "$PG_ID" --net "$PG_NET_ID" -v "${PWD}/public/new_packs:/usr/src/app/public/packs" "$IMAGE" bundle exec rake assets:precompile; then
     restore_tag