diff --git a/Dockerfile b/Dockerfile index 471fb87b..9e9b9b76 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,14 +9,11 @@ ARG TARGETOS ARG TARGETARCH ARG TARGETVARIANT -# CI system should set this to a hash or git revision of the build directory and it's contents to -# ensure consistent cache updates. -ARG BUILD_FILES_REV=1 RUN --mount=target=/build,source=build \ - REV=${BUILD_FILES_REV} TARGET=${TARGETARCH}${TARGETVARIANT} /build/run.sh install-packages + TARGET=${TARGETARCH}${TARGETVARIANT} /build/run.sh install-packages RUN --mount=target=/build,source=build \ - REV=${BUILD_FILES_REV} /build/run.sh setup-user + /build/run.sh setup-user COPY --chmod=644 files/sudoers* /etc/sudoers.d diff --git a/build/alpine/install-packages.sh b/build/alpine/install-packages.sh index 393f3177..28a1a5b1 100755 --- a/build/alpine/install-packages.sh +++ b/build/alpine/install-packages.sh @@ -26,9 +26,11 @@ apk add --no-cache -U \ zstd \ nfs-utils \ libpcap \ - libwebp + libwebp \ + libcap # Patched knockd curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-alpine-amd64.tar.gz tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz ln -s /usr/local/sbin/knockd /usr/sbin/knockd +setcap cap_net_raw=ep /usr/local/sbin/knockd diff --git a/build/ol/install-packages.sh b/build/ol/install-packages.sh index f3126447..82f87abe 100755 --- a/build/ol/install-packages.sh +++ b/build/ol/install-packages.sh @@ -46,3 +46,4 @@ bash /build/ol/install-gosu.sh curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz ln -s /usr/local/sbin/knockd /usr/sbin/knockd +setcap cap_net_raw=ep /usr/local/sbin/knockd diff --git a/build/ubuntu/install-packages.sh b/build/ubuntu/install-packages.sh index 91c97ab0..5c4657d9 100755 --- a/build/ubuntu/install-packages.sh +++ b/build/ubuntu/install-packages.sh @@ -35,4 +35,5 @@ apt-get clean curl -fsSL -o /tmp/knock.tar.gz https://github.com/Metalcape/knock/releases/download/0.8.1/knock-0.8.1-$TARGET.tar.gz tar -xf /tmp/knock.tar.gz -C /usr/local/ && rm /tmp/knock.tar.gz ln -s /usr/local/sbin/knockd /usr/sbin/knockd +setcap cap_net_raw=ep /usr/local/sbin/knockd find /usr/lib -name 'libpcap.so.0.8' -execdir cp '{}' libpcap.so.1 \; diff --git a/docs/misc/autopause-autostop/autopause.md b/docs/misc/autopause-autostop/autopause.md index bd426bed..dcc78089 100644 --- a/docs/misc/autopause-autostop/autopause.md +++ b/docs/misc/autopause-autostop/autopause.md @@ -38,6 +38,8 @@ The following environment variables define the behaviour of auto-pausing: describes period of the daemonized state machine, that handles the pausing of the process (resuming is done independently) - `AUTOPAUSE_KNOCK_INTERFACE`, default `eth0`
Describes the interface passed to the `knockd` daemon. If the default interface does not work, run the `ifconfig` command inside the container and derive the interface receiving the incoming connection from its output. The passed interface must exist inside the container. Using the loopback interface (`lo`) does likely not yield the desired results. +- `AUTOPAUSE_SUDO`, default "true" + specifies if the knockd service should be run via sudo in order to elevate its privileges !!! tip diff --git a/files/auto/autopause-daemon.sh b/files/auto/autopause-daemon.sh index e10bf184..bed3e150 100644 --- a/files/auto/autopause-daemon.sh +++ b/files/auto/autopause-daemon.sh @@ -45,7 +45,11 @@ if isTrue "${DEBUG_AUTOPAUSE}"; then knockdArgs+=(-D) fi -sudo /usr/local/sbin/knockd "${knockdArgs[@]}" +if isTrue "${AUTOPAUSE_SUDO:-true}"; then + sudo /usr/local/sbin/knockd "${knockdArgs[@]}" +else + /usr/local/sbin/knockd "${knockdArgs[@]}" +fi if [ $? -ne 0 ] ; then logAutopause "Failed to start knockd daemon." logAutopause "Probable cause: Unable to attach to interface \"$AUTOPAUSE_KNOCK_INTERFACE\"."