Set password with envsubst to support slash in ADMIN_PASSWORD

this fixes #32 Also note that VOLUME /fuseki is now ensured to be empty on first start, its population from Dockerfile test seems to be a change in later Docker versions. Note that it is no longer possible to override the admin password on second start after shiro.ini exists.
stain · May 25, 2021 · 7c4b9f2 · 7c4b9f2
1 parent ec9ebef
commit 7c4b9f2
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/jena-fuseki/Dockerfile b/jena-fuseki/Dockerfile
@@ -44,7 +44,6 @@ LABEL org.opencontainers.image.licenses "(Apache-2.0 AND (GPL-2.0 WITH Classpath
 LABEL org.opencontainers.image.authors "Apache Jena Fuseki by https://jena.apache.org/; this image by https://orcid.org/0000-0001-9842-9718"
 
 # Config and data
-VOLUME /fuseki
 ENV FUSEKI_BASE /fuseki
 
 
@@ -87,6 +86,11 @@ RUN chmod 755 $FUSEKI_HOME/load.sh $FUSEKI_HOME/tdbloader $FUSEKI_HOME/tdbloader
 
 # Where we start our server from
 WORKDIR $FUSEKI_HOME
+
+# Make sure we start with empty /fuseki
+RUN rm -rf $FUSEKI_BASE
+VOLUME $FUSEKI_BASE
+
 EXPOSE 3030
 ENTRYPOINT ["/usr/bin/tini", "--", "/docker-entrypoint.sh"]
 CMD ["/jena-fuseki/fuseki-server"]

diff --git a/jena-fuseki/docker-entrypoint.sh b/jena-fuseki/docker-entrypoint.sh
@@ -39,7 +39,8 @@ fi
 # $ADMIN_PASSWORD only modifies if ${ADMIN_PASSWORD}
 # is in shiro.ini
 if [ -n "$ADMIN_PASSWORD" ] ; then
-  envsubst "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \
+  export ADMIN_PASSWORD
+  envsubst '${ADMIN_PASSWORD}' < "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \
     mv "$FUSEKI_BASE/shiro.ini.$$" "$FUSEKI_BASE/shiro.ini"
   unset ADMIN_PASSWORD # Don't keep it in memory
   export ADMIN_PASSWORD

diff --git a/jena-fuseki/shiro.ini b/jena-fuseki/shiro.ini
@@ -19,15 +19,15 @@ ssl.enabled = false
 
 plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
 #iniRealm=org.apache.shiro.realm.text.IniRealm
-iniRealm.credentialsMatcher = org.apache.shiro.authc.credential.SimpleCredentialsMatcher
+iniRealm.credentialsMatcher = $plainMatcher
 
 #localhost=org.apache.jena.fuseki.authz.LocalhostFilter
 
 [users]
 # Implicitly adds "iniRealm =  org.apache.shiro.realm.text.IniRealm"
 # The admin password will be replaced by value of ADMIN_PASSWORD
 # variable by docker-entrypoint.sh on FIRST start up.
-admin=${ADMIN_PASSWORD:-pw123}
+admin=${ADMIN_PASSWORD}
 
 [roles]