From 244da65ac326adc40eaac845d854d1fc5ff99ff5 Mon Sep 17 00:00:00 2001
From: MaxWaldorf <tigrou40@hotmail.com>
Date: Mon, 29 Jul 2024 16:28:37 +0200
Subject: [PATCH] fix guacd permissions on extensions and enhance pid tracking

---
 Dockerfile                          | 13 +++++++------
 filefs/etc/supervisord.conf         |  2 ++
 filefs/usr/local/bin/_startup.sh    |  2 +-
 scripts/guacd/wrapper_supervisor.sh |  6 +++---
 4 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 85ee026..3e015cd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -196,16 +196,10 @@ ENV TZ=UTC
 # Copy build artifacts into this stage
 COPY --from=builder ${PREFIX_DIR} ${PREFIX_DIR}
 
-# Add user guacd
-RUN groupadd guacd && \
-useradd -s /bin/false -g guacd guacd
-
 # Set working DIR
 RUN mkdir -p /config
 RUN mkdir -p ${GUACAMOLE_HOME}/extensions ${GUACAMOLE_HOME}/extensions-available ${GUACAMOLE_HOME}/lib
 RUN mkdir /docker-entrypoint-initdb.d
-RUN chown guacd:guacd -R ${PREFIX_DIR}
-RUN chown guacd:guacd -R ${GUACAMOLE_HOME}
 WORKDIR ${GUACAMOLE_HOME}
 
 # Bring runtime environment up to date and install runtime dependencies
@@ -230,6 +224,12 @@ RUN apk add --no-cache                \
 
 RUN apk add --no-cache -X https://dl-cdn.alpinelinux.org/alpine/edge/testing gosu
 
+# Add user guacd
+RUN groupadd guacd && \
+useradd -s /bin/false -g guacd guacd
+RUN chown guacd:guacd -R ${PREFIX_DIR}
+RUN chown guacd:guacd -R ${GUACAMOLE_HOME}
+
 # Install tomcat
 RUN mkdir ${CATALINA_HOME}
 ADD https://dlcdn.apache.org/tomcat/tomcat-9/v${TOMCAT_VER}/bin/apache-tomcat-${TOMCAT_VER}.tar.gz /tmp/
@@ -306,6 +306,7 @@ ENV PATH=/usr/lib/postgresql/${PG_MAJOR}/bin:$PATH
 ENV GUACAMOLE_HOME=/config/guacamole
 ENV CATALINA_PID=${CATALINA_HOME}/tomcat.pid
 ENV POSTGRES_PID=/config/postgresql/postmaster.pid
+ENV GUACD_PID=/config/guacamole/guacd.pid
 
 # Copy files
 COPY filefs /
diff --git a/filefs/etc/supervisord.conf b/filefs/etc/supervisord.conf
index 60337c7..4a1efe8 100644
--- a/filefs/etc/supervisord.conf
+++ b/filefs/etc/supervisord.conf
@@ -2,6 +2,8 @@
 nodaemon=true
 user=root
 loglevel = info
+pidfile = /tmp/supervisord.pid
+logfile = /tmp/supervisord.log
 
 [program:postgresql]
 command=/scripts/postgres/wrapper_supervisor.sh
diff --git a/filefs/usr/local/bin/_startup.sh b/filefs/usr/local/bin/_startup.sh
index 1ab1f5a..6190d04 100644
--- a/filefs/usr/local/bin/_startup.sh
+++ b/filefs/usr/local/bin/_startup.sh
@@ -54,5 +54,5 @@ fi
 
 # enable extensions
 for i in $(echo "$EXTENSIONS" | tr "," " "); do
-  cp ${GUACAMOLE_HOME}/extensions-available/guacamole-${i}-${GUAC_VER}.jar ${GUACAMOLE_HOME}/extensions
+  cp -p ${GUACAMOLE_HOME}/extensions-available/guacamole-${i}-${GUAC_VER}.jar ${GUACAMOLE_HOME}/extensions
 done
diff --git a/scripts/guacd/wrapper_supervisor.sh b/scripts/guacd/wrapper_supervisor.sh
index a137807..ded15f0 100644
--- a/scripts/guacd/wrapper_supervisor.sh
+++ b/scripts/guacd/wrapper_supervisor.sh
@@ -10,12 +10,12 @@ function shutdown()
 date
 echo "Starting Guacd"
 
-/opt/guacamole/sbin/guacd -b 0.0.0.0 -L $GUACD_LOG_LEVEL -f
+/opt/guacamole/sbin/guacd -b 0.0.0.0 -L $GUACD_LOG_LEVEL -p /config/guacamole/guacd.pid -f
 
 sleep 5
 
 # Allow any signal which would kill a process to stop GUACD
 trap shutdown HUP INT QUIT ABRT KILL ALRM TERM TSTP SIGTERM SIGINT
 
-echo "Waiting for `pgrep -f guacd`"
-wait `pgrep -f guacd`
\ No newline at end of file
+echo "Waiting for `cat $GUACD_PID`"
+wait `cat $GUACD_PID`
\ No newline at end of file