-
-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After dump of certificates is there anyway to have script change either owner (chown) and/or mode (chmod)? #130
Comments
Maybe adding a flag to change permissions of the cert and key ? Currently it wirtes with static permissions at least for v2. Didin't look further into it. traefik-certs-dumper/dumper/v2/dumper.go Line 58 in 1e5c66d
traefik-certs-dumper/dumper/v2/dumper.go Line 76 in 1e5c66d
traefik-certs-dumper/dumper/v2/dumper.go Line 88 in 1e5c66d
|
I was able to change the permissions via the "--post-hook" option: |
is it possible to go even further and execute a script with --post-hook? every time I try to execute a bash script it stops parsing when it encounters a firs space in the command. For example my script file (named posthook.sh) is: it always fails at scp. Also I did add scp to the container by modifying entrypoint: from apk add jq to apk add jq openssh-client. edit: the scp command by itself works flawlessly when executed inside the container (I have known_hosts and keys mapped inside the container) |
If someone comes across this and doesn't want tmpfile=$(mktemp)
cat <<EOF >$tmpfile
chown -R $UID:$(id -g) /shared/certs
kill 1
EOF
docker run --rm \
-v $tmpfile:/tmp/chownme \
ldez/traefik-certs-dumper file \
--source /data/acme.json \
--dest /shared/certs \
--watch --post-hook "sh /tmp/chownme"
rm $tmpfile (Of course, you'd need additional The reason for the heredoc'd script is that passing in The I'd also love an option to set the ownership of files generated after running this--but until then, I hope this workaround is useful to someone else~ |
Perhaps this is more of a request rather than a bug, however it would be great to have option to set owner:group and/or mode.
My usage case is running Collabora docker that inserts the certificates however the certs either need to be owned by the lool:lool user or have 644 permission (both the cert and key).
Thanks for considering this.
The text was updated successfully, but these errors were encountered: