Fix volume permissions: entrypoint chowns /data to uid 1000, run app as non-root
This commit is contained in:
@@ -2,7 +2,7 @@ FROM python:3.12-slim
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
RUN apt-get update && apt-get install -y ffmpeg && rm -rf /var/lib/apt/lists/*
|
||||
RUN apt-get update && apt-get install -y ffmpeg gosu && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY backend/requirements.txt ./backend/requirements.txt
|
||||
RUN pip install --no-cache-dir -r backend/requirements.txt && pip install --no-cache-dir -U yt-dlp
|
||||
@@ -11,4 +11,5 @@ COPY backend/ ./backend/
|
||||
|
||||
EXPOSE 8000
|
||||
|
||||
ENTRYPOINT ["/app/backend/entrypoint.sh"]
|
||||
CMD ["uvicorn", "backend.main:app", "--host", "0.0.0.0", "--port", "8000"]
|
||||
|
||||
3
backend/entrypoint.sh
Executable file
3
backend/entrypoint.sh
Executable file
@@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
chown -R 1000:1000 /data 2>/dev/null || true
|
||||
exec gosu 1000:1000 "$@"
|
||||
@@ -462,8 +462,10 @@ def start_download(
|
||||
|
||||
file_path = None
|
||||
stream_index = 0
|
||||
output_lines: list[str] = []
|
||||
for line in process.stdout:
|
||||
line = line.strip()
|
||||
output_lines.append(line)
|
||||
if re.search(r"\[download\] Destination:", line):
|
||||
stream_index += 1
|
||||
m = re.search(r"\[download\]\s+([\d.]+)%", line)
|
||||
@@ -480,7 +482,10 @@ def start_download(
|
||||
resolution = detect_resolution(file_path) if file_path else None
|
||||
on_complete(download_id, file_path, resolution)
|
||||
else:
|
||||
on_error(download_id, f"yt-dlp exited with code {process.returncode}")
|
||||
tail = "\n".join(output_lines[-20:]) if output_lines else "(no output)"
|
||||
import logging
|
||||
logging.getLogger(__name__).error("yt-dlp failed (code %d):\n%s", process.returncode, tail)
|
||||
on_error(download_id, f"yt-dlp exited with code {process.returncode}:\n{tail}")
|
||||
|
||||
thread = threading.Thread(target=_run_download, daemon=True)
|
||||
thread.start()
|
||||
|
||||
Reference in New Issue
Block a user