From cf3eef7feb0ca5d8bf5e9ca956f490056e774e38 Mon Sep 17 00:00:00 2001 From: Hal Blackburn Date: Sun, 7 Jan 2024 09:22:59 +0000 Subject: [PATCH] fix: use UID 1000 for besu user (#6358) The openjdk-latest Docker image is using UID 1001 for besu, because its base image ubuntu:23.10 now contains a default "ubuntu" user with UID 1000. (This UID change causes the besu user with UID 1001 to not have access to files created for past versions with UID 1000.) We now remove the default ubuntu user and explicitly use UID 1000 when creating the besu user. Signed-off-by: Hal Blackburn --- CHANGELOG.md | 2 ++ docker/openjdk-latest/Dockerfile | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea4b5f915e9..3f0fad70fef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### Breaking Changes - New `EXECUTION_HALTED` error returned if there is an error executing or simulating a transaction, with the reason for execution being halted. Replaces the generic `INTERNAL_ERROR` return code in certain cases which some applications may be checking for [#6343](https://github.com/hyperledger/besu/pull/6343) +- The Besu Docker images with `openjdk-latest` tags since 23.10.3 were incorrectly using UID 1001 instead of 1000 for the container's `besu` user. The user now uses 1000 again. Containers created from or migrated to images using UID 1001 will need to chown their persistent database files to UID 1000 [#6360](https://github.com/hyperledger/besu/pull/6360) ### Deprecations - Forest pruning (`pruning-enabled` options) is deprecated and will be removed soon. To save disk space consider switching to Bonsai data storage format [#6230](https://github.com/hyperledger/besu/pull/6230) @@ -18,6 +19,7 @@ ### Bug fixes - INTERNAL_ERROR from `eth_estimateGas` JSON/RPC calls [#6344](https://github.com/hyperledger/besu/issues/6344) +- Fix Besu Docker images with `openjdk-latest` tags since 23.10.3 using UID 1001 instead of 1000 for the `besu` user [#6360](https://github.com/hyperledger/besu/pull/6360) ## 23.10.3 diff --git a/docker/openjdk-latest/Dockerfile b/docker/openjdk-latest/Dockerfile index 8202718781e..472223cd108 100644 --- a/docker/openjdk-latest/Dockerfile +++ b/docker/openjdk-latest/Dockerfile @@ -6,7 +6,10 @@ RUN apt-get update && \ apt-get install --no-install-recommends -q --assume-yes openjdk-21-jre-headless=21* libjemalloc-dev=5.* adduser=3* && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - adduser --disabled-password --gecos "" --home /opt/besu besu && \ + # Ubuntu 23.10 comes with an "ubuntu" user with uid 1000. We need 1000 for besu. + userdel ubuntu 2>/dev/null || true && rm -rf /home/ubuntu && \ + # Ensure we use a stable UID for besu, as file permissions are tied to UIDs. + adduser --uid 1000 --disabled-password --gecos "" --home /opt/besu besu && \ chown besu:besu /opt/besu && \ chmod 0755 /opt/besu