set app permissions only after install

Dockerfile

@@ -22,20 +22,14 @@ RUN \
 	tar && \
  echo "**** install heimdall ****" && \
  mkdir -p \
-	/var/www/localhost/heimdall && \
+	/heimdall && \
  if [ -z ${HEIMDALL_RELEASE+x} ]; then \
 	HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
 	| awk '/tag_name/{print $4;exit}' FS='[""]'); \
  fi && \
  curl -o \
- /tmp/heimdall.tar.gz -L \
+ /heimdall/heimdall.tar.gz -L \
 	"https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
- tar xf \
- /tmp/heimdall.tar.gz -C \
-	/var/www/localhost/heimdall --strip-components=1 && \
- echo "**** configure nginx ****" && \
- echo -e '\n# Heimdall user authorization\nfastcgi_param  PHP_AUTH_USER $remote_user;\nfastcgi_param  PHP_AUTH_PW $http_authorization;' >> \
-	/etc/nginx/fastcgi_params && \
  echo "**** cleanup ****" && \
  rm -rf \
 	/tmp/*

Dockerfile.aarch64

@@ -22,20 +22,14 @@ RUN \
 	tar && \
  echo "**** install heimdall ****" && \
  mkdir -p \
-	/var/www/localhost/heimdall && \
+	/heimdall && \
  if [ -z ${HEIMDALL_RELEASE+x} ]; then \
 	HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
 	| awk '/tag_name/{print $4;exit}' FS='[""]'); \
  fi && \
  curl -o \
- /tmp/heimdall.tar.gz -L \
+ /heimdall/heimdall.tar.gz -L \
 	"https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
- tar xf \
- /tmp/heimdall.tar.gz -C \
-	/var/www/localhost/heimdall --strip-components=1 && \
- echo "**** configure nginx ****" && \
- echo -e '\n# Heimdall user authorization\nfastcgi_param  PHP_AUTH_USER $remote_user;\nfastcgi_param  PHP_AUTH_PW $http_authorization;' >> \
-        /etc/nginx/fastcgi_params && \
  echo "**** cleanup ****" && \
  rm -rf \
 	/tmp/*

Dockerfile.armhf

@@ -22,20 +22,14 @@ RUN \
 	tar && \
  echo "**** install heimdall ****" && \
  mkdir -p \
-	/var/www/localhost/heimdall && \
+	/heimdall && \
  if [ -z ${HEIMDALL_RELEASE+x} ]; then \
 	HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
 	| awk '/tag_name/{print $4;exit}' FS='[""]'); \
  fi && \
  curl -o \
- /tmp/heimdall.tar.gz -L \
+ /heimdall/heimdall.tar.gz -L \
 	"https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
- tar xf \
- /tmp/heimdall.tar.gz -C \
-	/var/www/localhost/heimdall --strip-components=1 && \
- echo "**** configure nginx ****" && \
- echo -e '\n# Heimdall user authorization\nfastcgi_param  PHP_AUTH_USER $remote_user;\nfastcgi_param  PHP_AUTH_PW $http_authorization;' >> \
-        /etc/nginx/fastcgi_params && \
  echo "**** cleanup ****" && \
  rm -rf \
 	/tmp/*

README.md

@@ -174,6 +174,7 @@ Below are the instructions for updating containers:
 
 ## Versions
 
+* **26.03.19:** - Install Heimdall during container start to prevent delayed start due to overlayfs bug with recursive chown.
 * **23.03.19:** - Switching to new Base images, shift to arm32v7 tag.
 * **15.03.19:** - Clarify docker image tags in readme.
 * **22.02.19:** - Rebasing to alpine 3.9.

readme-vars.yml

@@ -49,6 +49,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "26.03.19:", desc: "Install Heimdall during container start to prevent delayed start due to overlayfs bug with recursive chown." }
   - { date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag." }
   - { date: "15.03.19:", desc: "Clarify docker image tags in readme." }
   - { date: "22.02.19:", desc: "Rebasing to alpine 3.9." }

root/etc/cont-init.d/50-config

@@ -2,7 +2,19 @@
 
 # make our folders
 mkdir -p \
-	/config/www/{backgrounds,icons,avatars,SupportedApps}
+	/config/www/{backgrounds,icons,avatars,SupportedApps} \
+	/var/www/localhost/heimdall
+
+# install heimdall if necessary
+[[ -f /heimdall/heimdall.tar.gz ]] && \
+ echo "New container detected, installing Heimdall" && \
+ tar xf \
+ 	/heimdall/heimdall.tar.gz -C \
+	/var/www/localhost/heimdall --strip-components=1 && \
+ echo -e '\n# Heimdall user authorization\nfastcgi_param  PHP_AUTH_USER $remote_user;\nfastcgi_param  PHP_AUTH_PW $http_authorization;' >> \
+	/etc/nginx/fastcgi_params && \
+ rm -rf /heimdall && \
+ chown -R abc:abc /var/www/localhost/heimdall
 
 # create symlinks
 
@@ -23,11 +35,32 @@ done
 # copy .env if not exists
 [[ ! -f /config/www/.env ]] && \
   cp /var/www/localhost/heimdall/.env.example /config/www/.env && \
+  echo "Creating app key. This may take a while on slower systems" && \
   php /var/www/localhost/heimdall/artisan key:generate
 # set queue driver to database
 sed -i 's/QUEUE_DRIVER=sync/QUEUE_DRIVER=database/' /config/www/.env
 
+# function to randomly sample 5 files for their owner and only chown if not abc
+chowner () {
+files=(${1}/*)
+for i in {1..5}; do
+        user=$(stat -c '%U' $(printf "%s\n" "${files[RANDOM % ${#files[@]}]}"))
+        if [ "${user}" != "abc" ]; then
+                chown -R abc:abc ${1}
+                break
+        fi
+done
+}
+
 # permissions
-chown -R abc:abc \
-	/config \
-	/var/www/localhost/heimdall
+echo "Setting permissions"
+abc_dirs=( \
+/config \
+)
+for i in "${abc_dirs[@]}"; do
+        if [ "$(ls -A ${i})" ]; then
+                chowner ${i}
+        else
+                chown -R abc:abc ${i}
+        fi
+done