mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-12-23 03:19:03 +00:00
Fix persistent folder check within containers
The previous persistent folder check worked by checking if a file exists. If you used a bind-mount, then this file is not there. But when using a docker/podman volume those files are copied, and caused the container to not start. This change checks the `/proc/self/mountinfo` for a specific patern to see if the data folder is persistent or not. Fixes #2622
This commit is contained in:
parent
f1a67663d1
commit
9a787dd105
@ -181,14 +181,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }}
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -250,7 +242,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
{% if package_arch_target is defined %}
|
||||
COPY --from=build /app/target/{{ package_arch_target }}/release/vaultwarden .
|
||||
{% else %}
|
||||
|
@ -84,14 +84,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN cargo build --features ${DB} --release
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -124,7 +116,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -78,14 +78,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -116,7 +108,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -84,14 +84,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -124,7 +116,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -78,14 +78,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -116,7 +108,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -104,14 +104,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -148,7 +140,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -78,14 +78,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -120,7 +112,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -104,14 +104,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -148,7 +140,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -78,14 +78,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -120,7 +112,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -104,14 +104,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -153,7 +145,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -80,14 +80,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -122,7 +114,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -104,14 +104,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -153,7 +145,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -80,14 +80,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -122,7 +114,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -104,14 +104,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -148,7 +140,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -78,14 +78,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -120,7 +112,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -104,14 +104,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -148,7 +140,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
@ -78,14 +78,6 @@ RUN touch src/main.rs
|
||||
# hadolint ignore=DL3059
|
||||
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
|
||||
|
||||
# Create a special empty file which we check within the application.
|
||||
# If this file exists, then we exit Vaultwarden to prevent data loss when someone forgets to use volumes.
|
||||
# If you really really want to use volatile storage you can set the env `I_REALLY_WANT_VOLATILE_STORAGE=true`
|
||||
# This file should disappear if a volume is mounted on-top of this using a docker volume.
|
||||
# We run this in the build image and copy it over, because the runtime image could be missing some executables.
|
||||
# hadolint ignore=DL3059
|
||||
RUN touch /vaultwarden_docker_persistent_volume_check
|
||||
|
||||
######################## RUNTIME IMAGE ########################
|
||||
# Create a new stage with a minimal image
|
||||
# because we already have a binary built
|
||||
@ -120,7 +112,6 @@ EXPOSE 3012
|
||||
# and the binary from the "build" stage to the current stage
|
||||
WORKDIR /
|
||||
COPY --from=vault /web-vault ./web-vault
|
||||
COPY --from=build /vaultwarden_docker_persistent_volume_check /data/vaultwarden_docker_persistent_volume_check
|
||||
COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
|
||||
|
||||
COPY docker/healthcheck.sh /healthcheck.sh
|
||||
|
48
src/main.rs
48
src/main.rs
@ -61,6 +61,11 @@ use std::{
|
||||
thread,
|
||||
};
|
||||
|
||||
use tokio::{
|
||||
fs::File,
|
||||
io::{AsyncBufReadExt, BufReader},
|
||||
};
|
||||
|
||||
#[macro_use]
|
||||
mod error;
|
||||
mod api;
|
||||
@ -89,7 +94,7 @@ async fn main() -> Result<(), Error> {
|
||||
|
||||
let extra_debug = matches!(level, LF::Trace | LF::Debug);
|
||||
|
||||
check_data_folder();
|
||||
check_data_folder().await;
|
||||
check_rsa_keys().unwrap_or_else(|_| {
|
||||
error!("Error creating keys, exiting...");
|
||||
exit(1);
|
||||
@ -286,7 +291,7 @@ fn create_dir(path: &str, description: &str) {
|
||||
create_dir_all(path).expect(&err_msg);
|
||||
}
|
||||
|
||||
fn check_data_folder() {
|
||||
async fn check_data_folder() {
|
||||
let data_folder = &CONFIG.data_folder();
|
||||
let path = Path::new(data_folder);
|
||||
if !path.exists() {
|
||||
@ -299,9 +304,10 @@ fn check_data_folder() {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
let persistent_volume_check_file = format!("{data_folder}/vaultwarden_docker_persistent_volume_check");
|
||||
let check_file = Path::new(&persistent_volume_check_file);
|
||||
if check_file.exists() && std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err() {
|
||||
if is_running_in_docker()
|
||||
&& std::env::var("I_REALLY_WANT_VOLATILE_STORAGE").is_err()
|
||||
&& !docker_data_folder_is_persistent(data_folder).await
|
||||
{
|
||||
error!(
|
||||
"No persistent volume!\n\
|
||||
########################################################################################\n\
|
||||
@ -314,6 +320,38 @@ fn check_data_folder() {
|
||||
}
|
||||
}
|
||||
|
||||
/// Detect when using Docker or Podman the DATA_FOLDER is either a bind-mount or a volume created manually.
|
||||
/// If not created manually, then the data will not be persistent.
|
||||
/// A none persistent volume in either Docker or Podman is represented by a 64 alphanumerical string.
|
||||
/// If we detect this string, we will alert about not having a persistent self defined volume.
|
||||
/// This probably means that someone forgot to add `-v /path/to/vaultwarden_data/:/data`
|
||||
async fn docker_data_folder_is_persistent(data_folder: &str) -> bool {
|
||||
if let Ok(mountinfo) = File::open("/proc/self/mountinfo").await {
|
||||
// Since there can only be one mountpoint to the DATA_FOLDER
|
||||
// We do a basic check for this mountpoint surrounded by a space.
|
||||
let data_folder_match = if data_folder.starts_with('/') {
|
||||
format!(" {data_folder} ")
|
||||
} else {
|
||||
format!(" /{data_folder} ")
|
||||
};
|
||||
let mut lines = BufReader::new(mountinfo).lines();
|
||||
while let Some(line) = lines.next_line().await.unwrap_or_default() {
|
||||
// Only execute a regex check if we find the base match
|
||||
if line.contains(&data_folder_match) {
|
||||
let re = regex::Regex::new(r"/volumes/[a-z0-9]{64}/_data /").unwrap();
|
||||
if re.is_match(&line) {
|
||||
return false;
|
||||
}
|
||||
// If we did found a match for the mountpoint, but not the regex, then still stop searching.
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
// In all other cases, just assume a true.
|
||||
// This is just an informative check to try and prevent data loss.
|
||||
true
|
||||
}
|
||||
|
||||
fn check_rsa_keys() -> Result<(), crate::error::Error> {
|
||||
// If the RSA keys don't exist, try to create them
|
||||
let priv_path = CONFIG.private_rsa_key();
|
||||
|
Loading…
Reference in New Issue
Block a user