From 4d8610d3228a84e5c72d9c1a19be65fd8929f9c8 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 1 Sep 2018 09:48:28 +0100
Subject: [PATCH] Do not perform privileged operations at runtime

Allow all user-owned directories to be bind-mounted by docker (so we
don't have to know which user we'll be running as at runtime).
---
 Makefile |  2 +-
 build.sh | 26 ++++++++++++++++++++------
 start.sh | 12 +-----------
 3 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/Makefile b/Makefile
index 208990d..8bd77f5 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 
 # Which Roundcube version to install.
-RC_VERSION = 1.3.6
+RC_VERSION = 1.3.7
 
 TARGET = ./build
 
diff --git a/build.sh b/build.sh
index 6f6c5b0..c2bec17 100755
--- a/build.sh
+++ b/build.sh
@@ -64,18 +64,32 @@ rsync -a /tmp/conf/ /etc/
 # Setup Apache.
 /usr/local/bin/setup-apache.sh
 
-# Fix runtime permissions for the Roundcube data directories.
-for d in temp logs ; do
-    chown www-data:www-data /var/www/webmail/$d
-    chmod 700 /var/www/webmail/$d
-done
-
 # Ensure that the startup script is executable.
 chmod 755 /start.sh
 
 # Create config mountpoint
 mkdir -p /etc/roundcube
 
+# Link all plugin configuration files back to /etc/roundcube, so we
+# can provide the entire configuration by bind-mounting a single
+# directory.
+ln -sf /etc/roundcube/config.inc.php /var/www/webmail/config/config.inc.php
+for plugin in $(cd /var/www/webmail/plugins && echo *); do
+    test -d /var/www/webmail/plugins/${plugin} || continue
+    rm -f /var/www/webmail/plugins/${plugin}/config.inc.php
+    ln -sf /etc/roundcube/${plugin}.config.inc.php \
+       /var/www/webmail/plugins/${plugin}/config.inc.php
+done
+
+# Create writable storage mountpoint
+mkdir -p /data
+
+# Fix runtime permissions for the Roundcube data directories.
+for d in temp logs ; do
+    rm -f /var/www/webmail/$d
+    ln -sf /data/$d /var/www/webmail/$d
+done
+
 # Remove packages used for installation.
 apt-get remove -y --purge ${BUILD_PACKAGES}
 apt-get autoremove -y
diff --git a/start.sh b/start.sh
index 266f22b..25df0cd 100755
--- a/start.sh
+++ b/start.sh
@@ -31,19 +31,9 @@ test -n "${DOMAIN}" \
 test -n "${SHARD_ID}" \
     || die "the 'SHARD_ID' environment variable is not defined"
 
-# Install the main Roundcube configuration to TARGET_DIR/config.
+# Verify that the main Roundcube configuration is in place.
 test -e ${CONFIG_DIR}/config.inc.php \
     || die "${CONFIG_DIR}/config.inc.php is missing"
-install -o root -g root -m 644 ${CONFIG_DIR}/config.inc.php ${TARGET_DIR}/config/config.inc.php
-
-# For each known plugin, look for a NAME.config.inc.php file in
-# the config directory: if found, copy it to the plugin directory
-# as plugins/NAME/config.inc.php.
-for p in $(cd ${TARGET_DIR}/plugins && echo *) ; do
-    test -e "${CONFIG_DIR}/${p}.config.inc.php" \
-        && install -o root -g root -m 644 ${CONFIG_DIR}/${p}.config.inc.php \
-                   ${TARGET_DIR}/plugins/${p}/config.inc.php
-done
 
 # Now set up the MySQL database for Roundcube. The current Roundcube
 # version is stored in the database.
-- 
GitLab