adjust tests and allow other users

2026-04-03 00:31:35 -07:00 · 2025-12-21 00:42:35 +00:00
parent 0889741864
commit f9b724931f
11 changed files with 614 additions and 163 deletions
--- a/install/production-filesystem/entrypoint.d/10-mounts.py
+++ b/install/production-filesystem/entrypoint.d/10-mounts.py
@@ -1,5 +1,20 @@
 #!/usr/bin/env python3

+"""
+Mount Diagnostic Tool
+
+Analyzes container mount points for permission issues, persistence risks, and performance problems.
+
+TODO: Future Enhancements (Roadmap Step 3 & 4)
+1. Text-based Output: Replace emoji status indicators (✅, ❌) with plain text (e.g., [OK], [FAIL])
+   to ensure compatibility with all terminal types and logging systems.
+2. OverlayFS/Copy-up Support: Improve detection logic for filesystems like Synology's OverlayFS
+   where files may appear writable but fail on specific operations (locking, mmap).
+3. Root-to-User Context: Ensure this tool remains accurate when the container starts as root
+   to fix permissions and then drops privileges to the 'netalertx' user. The check should
+   reflect the *effective* permissions of the application user.
+"""
+
 import os
 import sys
 from dataclasses import dataclass
@@ -80,7 +95,21 @@ def _resolve_writeable_state(target_path: str) -> bool:
        seen.add(current)

        if os.path.exists(current):
-            return os.access(current, os.W_OK)
+            if not os.access(current, os.W_OK):
+                return False
+            
+            # OverlayFS/Copy-up check: Try to actually write a file to verify
+            if os.path.isdir(current):
+                test_file = os.path.join(current, f".netalertx_write_test_{os.getpid()}")
+                try:
+                    with open(test_file, "w") as f:
+                        f.write("test")
+                    os.remove(test_file)
+                    return True
+                except OSError:
+                    return False
+            
+            return True

        parent_dir = os.path.dirname(current)
        if not parent_dir or parent_dir == current:
--- a/install/production-filesystem/entrypoint.d/15-first-run-config.sh
+++ b/install/production-filesystem/entrypoint.d/15-first-run-config.sh
@@ -7,7 +7,7 @@ if [ ! -f "${NETALERTX_CONFIG}/app.conf" ]; then
        >&2 echo "ERROR: Failed to create config directory ${NETALERTX_CONFIG}"
        exit 1
    }
-    install -m 600 -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} /app/back/app.conf "${NETALERTX_CONFIG}/app.conf" || {
+    install -m 600 /app/back/app.conf "${NETALERTX_CONFIG}/app.conf" || {
        >&2 echo "ERROR: Failed to deploy default config to ${NETALERTX_CONFIG}/app.conf"
        exit 2
    }
--- a/install/production-filesystem/entrypoint.d/30-apply-conf-override.sh
+++ b/install/production-filesystem/entrypoint.d/30-apply-conf-override.sh
@@ -13,9 +13,7 @@ mkdir -p "$(dirname "$NETALERTX_CONFIG")" || {
 rm -f "$OVERRIDE_FILE"

 # Check if APP_CONF_OVERRIDE is set
-if [ -z "$APP_CONF_OVERRIDE" ]; then
-    >&2 echo "APP_CONF_OVERRIDE is not set. Skipping override config file creation."
-else
+if [ -n "$APP_CONF_OVERRIDE" ]; then
    # Save the APP_CONF_OVERRIDE env variable as a JSON file
    echo "$APP_CONF_OVERRIDE" > "$OVERRIDE_FILE" || {
        >&2 echo "ERROR: Failed to write override config to $OVERRIDE_FILE"
--- a/install/production-filesystem/entrypoint.sh
+++ b/install/production-filesystem/entrypoint.sh
@@ -50,8 +50,7 @@ fi
 RED='\033[1;31m'
 GREY='\033[90m'
 RESET='\033[0m'
-printf "%s" "${RED}"
-echo '
+NAX='
 _   _      _    ___  _           _  __   __
 | \ | |    | |  / _ \| |         | | \ \ / /
 |  \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / 
@@ -60,13 +59,12 @@ echo '
 \_| \_/\___|\__\_| |_/_|\___|_|   \__\/   \/
 '

-printf "%s" "${RESET}"
+printf "%b%s%b" "${RED}" "${NAX}" "${RESET}"
 echo '   Network intruder and presence detector. 
   https://netalertx.com

 '
 set -u
-
 FAILED_STATUS=""
 echo "Startup pre-checks"
 for script in "${ENTRYPOINT_CHECKS}"/*; do
@@ -123,7 +121,6 @@ fi
 # Set APP_CONF_OVERRIDE based on GRAPHQL_PORT if not already set
 if [ -n "${GRAPHQL_PORT:-}" ] && [ -z "${APP_CONF_OVERRIDE:-}" ]; then
    export APP_CONF_OVERRIDE='{"GRAPHQL_PORT":"'"${GRAPHQL_PORT}"'"}'
-    echo "Setting APP_CONF_OVERRIDE to $APP_CONF_OVERRIDE"
 fi


@@ -283,15 +280,6 @@ add_service "${SYSTEM_SERVICES}/start-php-fpm.sh" "php-fpm83"
 add_service "${SYSTEM_SERVICES}/start-nginx.sh" "nginx"
 add_service "${SYSTEM_SERVICES}/start-backend.sh" "python3"

-################################################################################
-# Development Mode Debug Switch
-################################################################################
-# If NETALERTX_DEBUG=1, skip automatic service restart on failure
-# Useful for devcontainer debugging where individual services need to be debugged
-if [ "${NETALERTX_DEBUG:-0}" -eq 1 ]; then
-	echo "NETALERTX_DEBUG is set to 1, will not shut down other services if one fails."
-fi
-
 ################################################################################
 # Service Monitoring Loop (Production Mode)
 ################################################################################