这是indexloc提供的服务,不要输入任何密码
Skip to content

[mod] container: refactor entrypoint script #4793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2025
Merged

[mod] container: refactor entrypoint script #4793

merged 1 commit into from
May 20, 2025

Conversation

@inetol
Copy link
Member

@inetol inetol commented May 16, 2025
edited
Loading

That entrypoint is prone to screw things up, especially with permission handling. The new script handles initialization better and fixes some issues like delayed settings update via ENVs and timestamp overwriting, also adjusts what should be copied into the container.

This is the first step on making searxng user exec by default.

Latest CI: https://github.com/inetol/searxng/actions/runs/15134094471

Related #4721 (comment)

@inetol inetol force-pushed the refactor-entrypoint branch 2 times, most recently from 0e6b57c to 3f397bf Compare May 17, 2025 20:37
@inetol inetol marked this pull request as ready for review May 17, 2025 20:43
@inetol inetol requested a review from unixfox May 17, 2025 20:45
@inetol
[mod] container: refactor entrypoint script
1da2d14 
That entrypoint is prone to screw things up, especially with permission handling. The new script handles initialization better and fixes some issues like delayed settings update via ENVs and timestamp overwriting, also adjusts what should be copied into the container.

Related searxng#4721 (comment)
@inetol inetol force-pushed the refactor-entrypoint branch from 3f397bf to 1da2d14 Compare May 17, 2025 21:01
return42
return42 reviewed May 18, 2025
View reviewed changes
container/entrypoint.sh
@@ -0,0 +1,166 @@
#!/bin/sh
Copy link
Member

@return42 return42 May 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of what type needs an docker-entry script to be? In the past (if I remember correctly) we used dash from alpine.

searxng/docs/admin/installation-docker.rst

Line 24 in 86373e7

- Alpine's ``/bin/sh`` is :man:`dash`

Since most distros today install bash

searxng/docs/admin/installation-docker.rst

Lines 142 to 144 in 86373e7

.. sidebar:: Bashism
- `A tale of two shells: bash or dash <https://lwn.net/Articles/343924/>`_

and having bash and sh (dash) scripts in this repo makes writing scripts unneeded complicated ..

searxng/docs/admin/installation-docker.rst

Lines 145 to 146 in 86373e7

- `How to make bash scripts work in dash <http://mywiki.wooledge.org/Bashism>`_
- `Checking for Bashisms <https://dev.to/bowmanjd/writing-bash-scripts-that-are-not-only-bash-checking-for-bashisms-and-testing-with-dash-1bli>`_

I would recommend to use bash whenever possible.

I suspect bash can be added here (?) ..

searxng/container/base.yml

Lines 6 to 14 in 86373e7

packages:
- wolfi-baselayout
- ca-certificates-bundle
- busybox
- python-3.13
# healthcheck
- wget
# uwsgi
- mailcap

Copy link
Member Author

@inetol inetol May 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here is ash, which is the shell provided by busybox. We don't require the use of bash, since we don't fiddle around inside the entrypoint. As it's a script that is only going to run in a container, we can save on interoperability.

inetol
inetol commented May 20, 2025
View reviewed changes
Copy link
Member Author

@inetol inetol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI reports OK. (updated link)
Exec under Docker/Podman OK.

@inetol inetol merged commit 749de82 into searxng:master May 20, 2025
7 checks passed
@inetol inetol deleted the refactor-entrypoint branch May 20, 2025 09:49
@unixfox
Copy link
Contributor

unixfox commented May 20, 2025

hello @inetol, I would recommend you to try your future changes on https://github.com/searxng/searxng-docker too because it was obvious that this PR broke the project.

I am not against changing how things work, but maybe we could have done it a bit less harsh. Maybe by giving a head up/warning to everyone like 2-3 weeks in advance to remove the cap_drop and cap_add.

Thanks :).

return42 added a commit to return42/searxng that referenced this pull request Jun 3, 2025
@return42
[doc] fix typo and add missing help of the docker entrypoint script
d7952af 
container/entrypoint.sh
  before PR-4793 [1] there was a -h option which is used to generate
  documentation from [2]

docs/dev/result_types/main_result.rst
  Fix typo: MainResult is the type for the default.html template

[1] searxng#4793
[2] https://github.com/searxng/searxng/blob/d63bdcd773b/docs/admin/installation-docker.rst?plain=1#L190

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
@return42 return42 mentioned this pull request Jun 3, 2025
Closed
return42 pushed a commit to return42/searxng that referenced this pull request Jun 25, 2025
[docs] Docker's entrypoint.sh does no longer have an help option -h
630a4fa 
The new Docker entrypoint.sh script implemented in PR:

- searxng#4793

does no longer have a `-h` option [1].  When building the `make docs` a warming
is shown::

  WARNING: Unexpected return code 2 from command Command(command=('../container/entrypoint.sh', '-h') .. (output='../container/entrypoint.sh: 152: SEARXNG_VERSION: parameter not set')

[1] https://github.com/searxng/searxng/pull/4793/files#diff-694a402a03e8de5aa227b1c0294ffdc072b6bac09b4dcbe144dc7d97d4e07159L35

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
@return42 return42 mentioned this pull request Jun 25, 2025
Merged
return42 pushed a commit that referenced this pull request Jun 25, 2025
@return42
[docs] Docker's entrypoint.sh does no longer have an help option -h
776ac0a 
The new Docker entrypoint.sh script implemented in PR:

- #4793

does no longer have a `-h` option [1].  When building the `make docs` a warming
is shown::

  WARNING: Unexpected return code 2 from command Command(command=('../container/entrypoint.sh', '-h') .. (output='../container/entrypoint.sh: 152: SEARXNG_VERSION: parameter not set')

[1] https://github.com/searxng/searxng/pull/4793/files#diff-694a402a03e8de5aa227b1c0294ffdc072b6bac09b4dcbe144dc7d97d4e07159L35

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Bnyro pushed a commit to Bnyro/searxng that referenced this pull request Jun 25, 2025
@Bnyro
[docs] Docker's entrypoint.sh does no longer have an help option -h
e343675 
The new Docker entrypoint.sh script implemented in PR:

- searxng#4793

does no longer have a `-h` option [1].  When building the `make docs` a warming
is shown::

  WARNING: Unexpected return code 2 from command Command(command=('../container/entrypoint.sh', '-h') .. (output='../container/entrypoint.sh: 152: SEARXNG_VERSION: parameter not set')

[1] https://github.com/searxng/searxng/pull/4793/files#diff-694a402a03e8de5aa227b1c0294ffdc072b6bac09b4dcbe144dc7d97d4e07159L35

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@return42 return42 return42 left review comments

@unixfox unixfox Awaiting requested review from unixfox

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@inetol @unixfox @return42