From 88e3e556a1ded458ea2172cbc329a3ac54470b8b Mon Sep 17 00:00:00 2001
From: Trenton Holmes <797416+stumpylog@users.noreply.github.com>
Date: Tue, 29 Nov 2022 20:05:08 -0800
Subject: [PATCH] Fixes the custom scripts not running as root

---
 docker/docker-entrypoint.sh | 44 +++++++++++++++++++++++++++++++++++++
 docker/docker-prepare.sh    | 43 ------------------------------------
 2 files changed, 44 insertions(+), 43 deletions(-)

diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
index f227e18d8..74e080671 100755
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@@ -77,6 +77,46 @@ nltk_data () {
 
 }
 
+custom_container_init() {
+	# Mostly borrowed from the LinuxServer.io base image
+	# https://github.com/linuxserver/docker-baseimage-ubuntu/tree/bionic/root/etc/cont-init.d
+	local -r custom_script_dir="/custom-cont-init.d"
+	# Tamper checking.
+	# Don't run files which are owned by anyone except root
+	# Don't run files which are writeable by others
+	if [ -d "${custom_script_dir}" ]; then
+		if [ -n "$(/usr/bin/find "${custom_script_dir}" -maxdepth 1 ! -user root)" ]; then
+			echo "**** Potential tampering with custom scripts detected ****"
+			echo "**** The folder '${custom_script_dir}' must be owned by root ****"
+			return 0
+		fi
+		if [ -n "$(/usr/bin/find "${custom_script_dir}" -maxdepth 1 -perm -o+w)" ]; then
+			echo "**** The folder '${custom_script_dir}' or some of contents have write permissions for others, which is a security risk. ****"
+			echo "**** Please review the permissions and their contents to make sure they are owned by root, and can only be modified by root. ****"
+			return 0
+		fi
+
+		# Make sure custom init directory has files in it
+		if [ -n "$(/bin/ls -A "${custom_script_dir}" 2>/dev/null)" ]; then
+			echo "[custom-init] files found in ${custom_script_dir} executing"
+			# Loop over files in the directory
+			for SCRIPT in "${custom_script_dir}"/*; do
+				NAME="$(basename "${SCRIPT}")"
+				if [ -f "${SCRIPT}" ]; then
+					echo "[custom-init] ${NAME}: executing..."
+					/bin/bash "${SCRIPT}"
+					echo "[custom-init] ${NAME}: exited $?"
+				elif [ ! -f "${SCRIPT}" ]; then
+					echo "[custom-init] ${NAME}: is not a file"
+				fi
+			done
+		else
+			echo "[custom-init] no custom files found exiting..."
+		fi
+
+	fi
+}
+
 initialize() {
 
 	# Setup environment from secrets before anything else
@@ -132,6 +172,10 @@ initialize() {
 	set -e
 
 	"${gosu_cmd[@]}" /sbin/docker-prepare.sh
+
+	# Leave this last thing
+	custom_container_init
+
 }
 
 install_languages() {
diff --git a/docker/docker-prepare.sh b/docker/docker-prepare.sh
index a73b5aad9..c3a01ec8d 100755
--- a/docker/docker-prepare.sh
+++ b/docker/docker-prepare.sh
@@ -89,46 +89,6 @@ superuser() {
 	fi
 }
 
-custom_container_init() {
-	# Mostly borrowed from the LinuxServer.io base image
-	# https://github.com/linuxserver/docker-baseimage-ubuntu/tree/bionic/root/etc/cont-init.d
-	local -r custom_script_dir="/custom-cont-init.d"
-	# Tamper checking.
-	# Don't run files which are owned by anyone except root
-	# Don't run files which are writeable by others
-	if [ -d "${custom_script_dir}" ]; then
-		if [ -n "$(/usr/bin/find "${custom_script_dir}" -maxdepth 1 ! -user root)" ]; then
-			echo "**** Potential tampering with custom scripts detected ****"
-			echo "**** The folder '${custom_script_dir}' must be owned by root ****"
-			return 0
-		fi
-		if [ -n "$(/usr/bin/find "${custom_script_dir}" -maxdepth 1 -perm -o+w)" ]; then
-			echo "**** The folder '${custom_script_dir}' or some of contents have write permissions for others, which is a security risk. ****"
-			echo "**** Please review the permissions and their contents to make sure they are owned by root, and can only be modified by root. ****"
-			return 0
-		fi
-
-		# Make sure custom init directory has files in it
-		if [ -n "$(/bin/ls -A "${custom_script_dir}" 2>/dev/null)" ]; then
-			echo "[custom-init] files found in ${custom_script_dir} executing"
-			# Loop over files in the directory
-			for SCRIPT in "${custom_script_dir}"/*; do
-				NAME="$(basename "${SCRIPT}")"
-				if [ -f "${SCRIPT}" ]; then
-					echo "[custom-init] ${NAME}: executing..."
-					/bin/bash "${SCRIPT}"
-					echo "[custom-init] ${NAME}: exited $?"
-				elif [ ! -f "${SCRIPT}" ]; then
-					echo "[custom-init] ${NAME}: is not a file"
-				fi
-			done
-		else
-			echo "[custom-init] no custom files found exiting..."
-		fi
-
-	fi
-}
-
 do_work() {
 	if [[ "${PAPERLESS_DBENGINE}" == "mariadb" ]]; then
 		wait_for_mariadb
@@ -144,9 +104,6 @@ do_work() {
 
 	superuser
 
-	# Leave this last thing
-	custom_container_init
-
 }
 
 do_work