File tree 2 files changed +17
-17
lines changed
2 files changed +17
-17
lines changed Original file line number Diff line number Diff line change @@ -8,19 +8,21 @@ ENV CRYFS_FRONTEND="noninteractive" \
88 CRYFS_FRONTEND=noninteractive \
99 CRYFS_NO_UPDATE_CHECK=true \
1010 TINI_SUBREAPER="" \
11- DEBIAN_FRONTEND=noninteractive
12- RUN apt-get update && apt-get --no-install-recommends install -y build-essential
11+ DEBIAN_FRONTEND=noninteractive \
12+ CRYFS_LOCAL_STATE_DIR=/data
13+ VOLUME [ "/encrypted" , "/decrypted" , "/data" ]
14+ RUN apt-get update --no-install-recommends && apt-get upgrade --no-install-recommends -y
15+ # && apt-get --no-install-recommends install -y build-essential
1316RUN apt-get --no-install-recommends install cryfs fuse tini -y &&\
1417 useradd -s /usr/sbin/nologin -m secretfs && passwd -d secretfs &&\
1518 echo 'nonroot ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers &&\
1619 echo user_allow_other >> /etc/fuse.conf &&\
1720 apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
1821WORKDIR /app
19- VOLUME [ "/encrypted" , "/decrypted" ]
20-
2122COPY run.sh /usr/bin/run.sh
2223RUN chmod +x /usr/bin/run.sh
2324USER nobody:nobody
25+
2426# Set the entrypoint and default command
2527ENTRYPOINT ["/usr/bin/tini" , "-g" , "--" ]
2628CMD ["/usr/bin/run.sh" ]
Original file line number Diff line number Diff line change 11#! /bin/bash
22set -e
3-
4- ENC_PATH=/encrypted
5- DEC_PATH=/decrypted
3+ set -o nounset
4+ declare -r ENC_PATH=/encrypted
5+ declare -r DEC_PATH=/decrypted
66
77# Define colors
8- RED=' \033[0;31m'
9- GREEN=' \033[0;32m'
10- YELLOW=' \033[0;33m'
11- BLUE=' \033[0;34m'
12- RESET=' \033[0m'
8+ declare -r RED=' \033[0;31m'
9+ declare -r GREEN=' \033[0;32m'
10+ declare -r YELLOW=' \033[0;33m'
11+ declare -r BLUE=' \033[0;34m'
12+ declare -r RESET=' \033[0m'
1313
1414# Debug function with colorized output
1515debug () {
@@ -62,19 +62,17 @@ function sighup_handler {
6262trap sigterm_handler SIGINT SIGTERM
6363trap sighup_handler SIGHUP
6464
65- debug " $( mask_string " $PASSWD " ) "
66-
6765_user=" $( id -u -n) "
6866_uid=" $( id -u) "
6967debug " Running as $_user with UID: $_uid "
70-
68+ sleep infinity
7169unset pid
7270if [ ! -z " $PASSWD " ; then
73- debug " mounting ${ENC_PATH} on ${DEC_PATH} "
71+ info " mounting ${ENC_PATH} on ${DEC_PATH} with password: " $( mask_string " $PASSWD " , " * " ) " "
7472 echo " ${PASSWD} " | cryfs -o ${MOUNT_OPTIONS} -f " ${ENC_PATH} " " ${DEC_PATH} " & pid=($! )
7573else
7674 cryfs ${ENCFS_OPTS} -o ${MOUNT_OPTIONS} -f " ${ENC_PATH} " " ${DEC_PATH} " & pid=($! )
77- info " mounting ${ENC_PATH} on ${DEC_PATH} "
75+ info " mounting ${ENC_PATH} on ${DEC_PATH} without password "
7876fi
7977wait " ${pid} "
8078
You can’t perform that action at this time.
0 commit comments