Created
April 29, 2025 03:54
-
-
Save kusold/27c19bebf2dcf7a8edd1e1264d74789b to your computer and use it in GitHub Desktop.
Attempt at Rootless signal-cli-rest-api entrypoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -x | |
| set -e | |
| [ -z "${SIGNAL_CLI_CONFIG_DIR}" ] && echo "SIGNAL_CLI_CONFIG_DIR environmental variable needs to be set! Aborting!" && exit 1; | |
| # Container is running as root | |
| if [ "$(id -u)" = "0" ]; then | |
| usermod -u ${SIGNAL_CLI_UID} signal-api | |
| groupmod -o -g ${SIGNAL_CLI_GID} signal-api | |
| # Fix permissions to ensure backward compatibility | |
| chown ${SIGNAL_CLI_UID}:${SIGNAL_CLI_GID} -R ${SIGNAL_CLI_CONFIG_DIR} | |
| # | |
| # Show warning on docker exec | |
| cat <<EOF >> /root/.bashrc | |
| echo "WARNING: signal-cli-rest-api runs as signal-api (not as root!)" | |
| echo "Run 'su signal-api' before using signal-cli!" | |
| echo "If you want to use signal-cli directly, don't forget to specify the config directory. e.g: \"signal-cli --config ${SIGNAL_CLI_CONFIG_DIR}\"" | |
| EOF | |
| fi | |
| cap_prefix="-cap_" | |
| caps="$cap_prefix$(seq -s ",$cap_prefix" 0 $(cat /proc/sys/kernel/cap_last_cap))" | |
| # TODO: check mode | |
| if [ "$MODE" = "json-rpc" ] | |
| then | |
| /usr/bin/jsonrpc2-helper | |
| if [ -n "$JAVA_OPTS" ] ; then | |
| echo "export JAVA_OPTS='$JAVA_OPTS'" >> /etc/default/supervisor | |
| fi | |
| if [ ! "$(id -u)" = "0" ]; then | |
| echo "Creating alternate log location" | |
| mkdir -p /logs | |
| sed -i 's;/var/log/;/log/;g' /etc/supervisor/conf.d/signal-cli-json-rpc-1.conf | |
| fi | |
| service supervisor start | |
| supervisorctl start all | |
| fi | |
| export HOST_IP=$(hostname -I | awk '{print $1}') | |
| # Start API as signal-api user | |
| if [ "$(id -u)" = "0" ]; then | |
| exec setpriv --reuid=${SIGNAL_CLI_UID} --regid=${SIGNAL_CLI_GID} --init-groups --inh-caps=$caps signal-cli-rest-api -signal-cli-config=${SIGNAL_CLI_CONFIG_DIR} | |
| else | |
| echo "Running in Rootless Mode" | |
| # Exec is required otherwise signal-cli-rest-api doesn't listen for SIGTERM | |
| exec signal-cli-rest-api -signal-cli-config=${SIGNAL_CLI_CONFIG_DIR} | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment