Fix: 비밀번호 반영 못하던 오류 수정

sonjaehyuk · sonjaehyuk · commit 3cd556bd95b8 · 2025-09-13T17:57:52.000+09:00
diff --git a/README.md b/README.md
@@ -327,8 +327,15 @@ docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset
 
 Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.
 
+## Example for podman
+
+```shell
+podman build -t code-server-fedora . --build-arg VERSION="1.0.1" --build-arg BUILD_DATE="2025.09.12" --build-arg CODE_RELEASE="4.103.2"
+```
+
 ## Versions
 
+* **1.0.1:** - Fedora42로 전환. rust 개발 환경을 기본으로 추가.
 * **10.08.25:** - Let server listen on both ipv4 and ipv6.
 * **03.06.25:** - Allow setting PWA name using env var `PWA_APPNAME`.
 * **13.10.24:** - Only chown config folder when change to ownership or new install is detected.
diff --git a/container-root/usr/local/bin/start-code-server b/container-root/usr/local/bin/start-code-server
@@ -1,14 +1,59 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
+# Load file-based secrets: support envs like FILE__PASSWORD=/path
+load_file_envs() {
+  while IFS='=' read -r name value; do
+    if [[ $name == FILE__* ]]; then
+      key="${name#FILE__}"
+      if [[ -f "$value" ]]; then
+        export "${key}=$(<"$value")"
+      fi
+    fi
+  done < <(env)
+}
+
+load_file_envs
+
 # Ensure required directories and ownership exist for logging and data
 mkdir -p /config/{extensions,data,workspace,.ssh}
 mkdir -p /config/.local/share/code-server/coder-logs
 
-# If running as root, fix ownership and perms, then drop privileges
+# If running as root, align user IDs, sudo and permissions, then drop privileges
 if [[ "${EUID}" -eq 0 ]]; then
-  chown -R 911:911 /config || true
+  # Map user/group ids if provided
+  CURRENT_UID=$(id -u abc)
+  CURRENT_GID=$(id -g abc)
+  TARGET_UID=${PUID:-$CURRENT_UID}
+  TARGET_GID=${PGID:-$CURRENT_GID}
+
+  if [[ "$CURRENT_GID" != "$TARGET_GID" ]]; then
+    EXISTING_GROUP=$(getent group "$TARGET_GID" | cut -d: -f1 || true)
+    if [[ -n "${EXISTING_GROUP}" ]]; then
+      usermod -g "$EXISTING_GROUP" abc
+    else
+      groupmod -g "$TARGET_GID" abc
+    fi
+  fi
+
+  if [[ "$CURRENT_UID" != "$TARGET_UID" ]]; then
+    usermod -u "$TARGET_UID" abc
+  fi
+
+  # Configure sudo access if requested
+  if [[ -n "${SUDO_PASSWORD_HASH:-}" || -n "${SUDO_PASSWORD:-}" ]]; then
+    usermod -aG wheel abc || true
+    if [[ -n "${SUDO_PASSWORD_HASH:-}" ]]; then
+      echo "abc:${SUDO_PASSWORD_HASH}" | chpasswd -e
+    elif [[ -n "${SUDO_PASSWORD:-}" ]]; then
+      echo "abc:${SUDO_PASSWORD}" | chpasswd
+    fi
+  fi
+
+  # Fix ownership and perms for config
+  chown -R $(id -u abc):$(id -g abc) /config || true
   chmod 700 /config/.ssh || true
+
   # Drop to user abc to run code-server
   exec runuser -u abc -- "$0" "$@"
 fi
diff --git a/usage_example.container b/usage_example.container
@@ -0,0 +1,19 @@
+[Unit]
+Description=code-server
+
+[Container]
+Image=localhost/code-server-fedora:latest
+Environment=TZ=Asia/Seoul
+Environment=PUID=%U
+Environment=PGID=%G
+Environment=DEFAULT_WORKSPACE=/config/workspace
+Environment=PWA_APPNAME=code-server
+Volume=%h/.local/share/code-server/config:/config:Z 
+Volume=%h/.config/containers/secrets:/run/secrets:ro,Z
+# abc 유저의 비밀번호이자 code-server의 비밀번호
+Environment=FILE__PASSWORD=/run/secrets/code_server
+# abc 유저의 sudo 비밀번호
+Environment=FILE__SUDO_PASSWORD=/run/secrets/code_server
+
+[Install]
+WantedBy=default.target
