From 0622f409d358fecee80d8e10baee6a130bbbba20 Mon Sep 17 00:00:00 2001 From: Hal Blackburn Date: Tue, 9 Jan 2024 18:54:44 +0000 Subject: [PATCH] fix: use UID 1000 for besu user (#6358) (#6360) The openjdk-latest Docker image is using UID 1001 for besu, because its base image ubuntu:23.10 now contains a default "ubuntu" user with UID 1000. (This UID change causes the besu user with UID 1001 to not have access to files created for past versions with UID 1000.) We now remove the default ubuntu user and explicitly use UID 1000 when creating the besu user. Signed-off-by: Hal Blackburn --- CHANGELOG.md | 2 ++ docker/openjdk-latest/Dockerfile | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea4b5f915e..3f0fad70fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### Breaking Changes - New `EXECUTION_HALTED` error returned if there is an error executing or simulating a transaction, with the reason for execution being halted. Replaces the generic `INTERNAL_ERROR` return code in certain cases which some applications may be checking for [#6343](https://github.com/hyperledger/besu/pull/6343) +- The Besu Docker images with `openjdk-latest` tags since 23.10.3 were incorrectly using UID 1001 instead of 1000 for the container's `besu` user. The user now uses 1000 again. Containers created from or migrated to images using UID 1001 will need to chown their persistent database files to UID 1000 [#6360](https://github.com/hyperledger/besu/pull/6360) ### Deprecations - Forest pruning (`pruning-enabled` options) is deprecated and will be removed soon. To save disk space consider switching to Bonsai data storage format [#6230](https://github.com/hyperledger/besu/pull/6230) @@ -18,6 +19,7 @@ ### Bug fixes - INTERNAL_ERROR from `eth_estimateGas` JSON/RPC calls [#6344](https://github.com/hyperledger/besu/issues/6344) +- Fix Besu Docker images with `openjdk-latest` tags since 23.10.3 using UID 1001 instead of 1000 for the `besu` user [#6360](https://github.com/hyperledger/besu/pull/6360) ## 23.10.3 diff --git a/docker/openjdk-latest/Dockerfile b/docker/openjdk-latest/Dockerfile index 8202718781..472223cd10 100644 --- a/docker/openjdk-latest/Dockerfile +++ b/docker/openjdk-latest/Dockerfile @@ -6,7 +6,10 @@ RUN apt-get update && \ apt-get install --no-install-recommends -q --assume-yes openjdk-21-jre-headless=21* libjemalloc-dev=5.* adduser=3* && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - adduser --disabled-password --gecos "" --home /opt/besu besu && \ + # Ubuntu 23.10 comes with an "ubuntu" user with uid 1000. We need 1000 for besu. + userdel ubuntu 2>/dev/null || true && rm -rf /home/ubuntu && \ + # Ensure we use a stable UID for besu, as file permissions are tied to UIDs. + adduser --uid 1000 --disabled-password --gecos "" --home /opt/besu besu && \ chown besu:besu /opt/besu && \ chmod 0755 /opt/besu