Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use UID 1000 for besu user (#6358) #6360

Merged
merged 1 commit into from
Jan 9, 2024
Merged

fix: use UID 1000 for besu user (#6358) #6360

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
fix: use UID 1000 for besu user (#6358) 
The openjdk-latest Docker image is using UID 1001 for besu, because its
base image ubuntu:23.10 now contains a default "ubuntu" user with UID
1000. (This UID change causes the besu user with UID 1001 to not have
access to files created for past versions with UID 1000.)

We now remove the default ubuntu user and explicitly use UID 1000 when
creating the besu user.

Signed-off-by: Hal Blackburn <hwtb2@cam.ac.uk>
  • Loading branch information
@h4l
h4l committed Jan 9, 2024
commit cf3eef7feb0ca5d8bf5e9ca956f490056e774e38
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

### Breaking Changes
- New `EXECUTION_HALTED` error returned if there is an error executing or simulating a transaction, with the reason for execution being halted. Replaces the generic `INTERNAL_ERROR` return code in certain cases which some applications may be checking for [#6343](https://github.com/hyperledger/besu/pull/6343)
- The Besu Docker images with `openjdk-latest` tags since 23.10.3 were incorrectly using UID 1001 instead of 1000 for the container's `besu` user. The user now uses 1000 again. Containers created from or migrated to images using UID 1001 will need to chown their persistent database files to UID 1000 [#6360](https://github.com/hyperledger/besu/pull/6360)

### Deprecations
- Forest pruning (`pruning-enabled` options) is deprecated and will be removed soon. To save disk space consider switching to Bonsai data storage format [#6230](https://github.com/hyperledger/besu/pull/6230)
Expand All @@ -18,6 +19,7 @@

### Bug fixes
- INTERNAL_ERROR from `eth_estimateGas` JSON/RPC calls [#6344](https://github.com/hyperledger/besu/issues/6344)
- Fix Besu Docker images with `openjdk-latest` tags since 23.10.3 using UID 1001 instead of 1000 for the `besu` user [#6360](https://github.com/hyperledger/besu/pull/6360)

## 23.10.3

Expand Down
5 changes: 4 additions & 1 deletion docker/openjdk-latest/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@ RUN apt-get update && \
apt-get install --no-install-recommends -q --assume-yes openjdk-21-jre-headless=21* libjemalloc-dev=5.* adduser=3* && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
adduser --disabled-password --gecos "" --home /opt/besu besu && \
# Ubuntu 23.10 comes with an "ubuntu" user with uid 1000. We need 1000 for besu.
userdel ubuntu 2>/dev/null || true && rm -rf /home/ubuntu && \
# Ensure we use a stable UID for besu, as file permissions are tied to UIDs.
adduser --uid 1000 --disabled-password --gecos "" --home /opt/besu besu && \
chown besu:besu /opt/besu && \
chmod 0755 /opt/besu

Expand Down
Loading