From 47598768d672dd1623abb822753317ddcc6c570c Mon Sep 17 00:00:00 2001 From: Gagan Trivedi Date: Fri, 15 Dec 2023 15:26:31 +0530 Subject: [PATCH] fix(Dockerfile): setup gnupg correctly for nobody (#3167) --- api/Dockerfile | 4 +++- api/sse/sse_service.py | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/api/Dockerfile b/api/Dockerfile index 62593298479c..0e7382b4bc40 100644 --- a/api/Dockerfile +++ b/api/Dockerfile @@ -31,7 +31,9 @@ RUN if [ "${TARGETARCH}" != "amd64" ]; then apt-get update && apt-get install -y # Install GnuPG(and import private key) if secret file exists RUN --mount=type=secret,id=sse_pgp_pkey if [ -f /run/secrets/sse_pgp_pkey ]; then \ - apt-get update && apt-get install -y gnupg && gpg --import /run/secrets/sse_pgp_pkey; fi; + apt-get update && apt-get install -y gnupg && gpg --import /run/secrets/sse_pgp_pkey; \ + mv /root/.gnupg /app/; \ + chown -R nobody /app/.gnupg ; fi; # Copy the python venv from step 2 diff --git a/api/sse/sse_service.py b/api/sse/sse_service.py index d17a97c3adcd..3e15b116dc51 100644 --- a/api/sse/sse_service.py +++ b/api/sse/sse_service.py @@ -10,6 +10,8 @@ from sse import tasks from sse.dataclasses import SSEAccessLogs +GNUPG_HOME = "/app/.gnupg" + def _sse_enabled(get_project_from_first_arg=lambda obj: obj.project): """ @@ -52,7 +54,7 @@ def send_environment_update_message_for_environment(environment): def stream_access_logs() -> Generator[SSEAccessLogs, None, None]: - gpg = gnupg.GPG() + gpg = gnupg.GPG(gnupghome=GNUPG_HOME) bucket = boto3.resource("s3").Bucket(settings.AWS_SSE_LOGS_BUCKET_NAME) for log_file in bucket.objects.all():