mirror of
				https://github.com/paperless-ngx/paperless-ngx.git
				synced 2025-10-22 03:16:15 -05:00 
			
		
		
		
	
		
			
				
	
	
		
			45 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			Plaintext
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			45 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			Plaintext
		
	
	
		
			Executable File
		
	
	
	
	
| #!/command/with-contenv /usr/bin/bash
 | |
| # shellcheck shell=bash
 | |
| 
 | |
| declare -r log_prefix="[custom-init]"
 | |
| 
 | |
| # Mostly borrowed from the LinuxServer.io base image
 | |
| # https://github.com/linuxserver/docker-baseimage-ubuntu/tree/bionic/root/etc/cont-init.d
 | |
| declare -r custom_script_dir="/custom-cont-init.d"
 | |
| 
 | |
| # Tamper checking.
 | |
| # Don't run files which are owned by anyone except root
 | |
| # Don't run files which are writeable by others
 | |
| if [ -d "${custom_script_dir}" ]; then
 | |
| 	if [ -n "$(/usr/bin/find "${custom_script_dir}" -maxdepth 1 ! -user root)" ]; then
 | |
| 		echo "${log_prefix} **** Potential tampering with custom scripts detected ****"
 | |
| 		echo "${log_prefix} **** The folder '${custom_script_dir}' must be owned by root ****"
 | |
| 		exit 0
 | |
| 	fi
 | |
| 	if [ -n "$(/usr/bin/find "${custom_script_dir}" -maxdepth 1 -perm -o+w)" ]; then
 | |
| 		echo "${log_prefix} **** The folder '${custom_script_dir}' or some of contents have write permissions for others, which is a security risk. ****"
 | |
| 		echo "${log_prefix} **** Please review the permissions and their contents to make sure they are owned by root, and can only be modified by root. ****"
 | |
| 		exit 0
 | |
| 	fi
 | |
| 
 | |
| 	# Make sure custom init directory has files in it
 | |
| 	if [ -n "$(/bin/ls --almost-all "${custom_script_dir}" 2>/dev/null)" ]; then
 | |
| 		echo "${log_prefix} files found in ${custom_script_dir} executing"
 | |
| 		# Loop over files in the directory
 | |
| 		for SCRIPT in "${custom_script_dir}"/*; do
 | |
| 			NAME="$(basename "${SCRIPT}")"
 | |
| 			if [ -f "${SCRIPT}" ]; then
 | |
| 				echo "${log_prefix} ${NAME}: executing..."
 | |
| 				/command/with-contenv /bin/bash "${SCRIPT}"
 | |
| 				echo "${log_prefix} ${NAME}: exited $?"
 | |
| 			elif [ ! -f "${SCRIPT}" ]; then
 | |
| 				echo "${log_prefix} ${NAME}: is not a file"
 | |
| 			fi
 | |
| 		done
 | |
| 	else
 | |
| 		echo "${log_prefix} no custom files found exiting..."
 | |
| 	fi
 | |
| else
 | |
| 	echo "${log_prefix} ${custom_script_dir} doesn't exist, nothing to do"
 | |
| fi
 | 
