diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 369501e..5a11f64 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -43,16 +43,18 @@ jobs: token=$(curl -sX GET \ "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fprowlarr%3Apull" \ | jq -r '.token') - multidigest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/manifests/${tag}" \ - | jq -r 'first(.manifests[].digest)') - digest=$(curl -s \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer ${token}" \ - "https://ghcr.io/v2/${image}/manifests/${multidigest}" \ - | jq -r '.config.digest') + multidigest=$(curl -s \ + --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Accept: application/vnd.oci.image.index.v1+json" \ + --header "Authorization: Bearer ${token}" \ + "https://ghcr.io/v2/${image}/manifests/${tag}") + multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}") + digest=$(curl -s \ + --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ + --header "Accept: application/vnd.oci.image.manifest.v1+json" \ + --header "Authorization: Bearer ${token}" \ + "https://ghcr.io/v2/${image}/manifests/${multidigest}" \ + | jq -r '.config.digest') image_info=$(curl -sL \ --header "Authorization: Bearer ${token}" \ "https://ghcr.io/v2/${image}/blobs/${digest}") diff --git a/Dockerfile b/Dockerfile index 229576a..613e507 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 # set version label ARG BUILD_DATE diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 49b6ea7..e623205 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 # set version label ARG BUILD_DATE diff --git a/README.md b/README.md index cbfc0fb..89b3bc3 100755 --- a/README.md +++ b/README.md @@ -77,6 +77,10 @@ Setup info can be found [here](https://wikijs.servarr.com/prowlarr/quick-start-g This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -129,6 +133,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | | `-v /config` | Database and Prowlarr configs | | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) @@ -292,6 +297,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **12.12.24:** - Rebase to Alpine 3.21. * **25.05.24:** - Rebase to Alpine 3.20. * **20.03.24:** - Rebase to Alpine 3.19. * **06.06.23:** - Rebase nightly to Alpine 3.18. diff --git a/readme-vars.yml b/readme-vars.yml index 7f36782..8f1e3f1 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -25,6 +25,7 @@ param_usage_include_ports: true param_ports: - {external_port: "9696", internal_port: "9696", port_desc: "The port for the Prowlarr web UI"} readonly_supported: true +nonroot_supported: true # application setup block app_setup_block_enabled: true app_setup_block: | @@ -76,6 +77,7 @@ init_diagram: | "prowlarr:nightly" <- Base Images # changelog changelogs: + - {date: "12.12.24:", desc: "Rebase to Alpine 3.21."} - {date: "25.05.24:", desc: "Rebase to Alpine 3.20."} - {date: "20.03.24:", desc: "Rebase to Alpine 3.19."} - {date: "06.06.23:", desc: "Rebase nightly to Alpine 3.18."} diff --git a/root/etc/s6-overlay/s6-rc.d/init-prowlarr-config/run b/root/etc/s6-overlay/s6-rc.d/init-prowlarr-config/run index b8276e3..d5019c1 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-prowlarr-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-prowlarr-config/run @@ -3,7 +3,8 @@ mkdir -p /run/prowlarr-temp -# permissions -lsiown -R abc:abc \ - /config \ - /run/prowlarr-temp +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + lsiown -R abc:abc \ + /config \ + /run/prowlarr-temp +fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-prowlarr/run b/root/etc/s6-overlay/s6-rc.d/svc-prowlarr/run index d81f672..44e472f 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-prowlarr/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-prowlarr/run @@ -1,7 +1,14 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -exec \ - s6-notifyoncheck -d -n 300 -w 1000 \ - cd /app/prowlarr/bin s6-setuidgid abc /app/prowlarr/bin/Prowlarr \ - -nobrowser -data=/config +if [[ -n ${LSIO_NON_ROOT_USER} ]]; then + exec \ + s6-notifyoncheck -d -n 300 -w 1000 \ + cd /app/prowlarr/bin /app/prowlarr/bin/Prowlarr \ + -nobrowser -data=/config +else + exec \ + s6-notifyoncheck -d -n 300 -w 1000 \ + cd /app/prowlarr/bin s6-setuidgid abc /app/prowlarr/bin/Prowlarr \ + -nobrowser -data=/config +fi