HumHub - social network software
-
@girish Actually, I just thought of something. If the modules folder is symlinked and the app is expecting to write to the modules folder in /app/code, it will error right? I imagine it wouldn't just look at the actual folder in /app/data. The trouble here is there is a "module store" of sorts built right into the app.
-
@atrilahiji maybe you can symlink /app/code/modules to /app/data/modules and that way it will become writable.
To give a high level idea, let's say humhub app comes with some default modules. Then, in Dockerfile, you would move them to some other location like:
RUN mv /app/code/modules /app/code/modules_orig && ln -s /app/data/modules /app/code/modulesThen in start.sh:
mkdir -p /app/code/modules cp -r /app/code/modules_orig/* /app/data/modulesIn many apps, instead of the blind copy above, we try to symlink each "module". So, there will be a symlink from /app/data/modules/x to /app/code/modules_orig/x . This sometimes works or not depending on the app. But hopefully you get the idea!
-
@girish my confusion here is if the app still tries to write to /app/code/modules it would hit permissions issues no?
-
@girish Running into issues here: https://docs.humhub.org/docs/admin/installation/#file-permissions
There appears to be no way to configure where Hubhub looks for those files, so it will just keep trying to write to the symlink in /app/code and fail. In fact, you cant even get the site to load after installation without having the assets directory writable. This is something it has to do on startup. I can still make an update script for this, but I think it will have to sit in /app/data just based on how this was written. Unless I'm missing something?
-
@atrilahiji said in HumHub - social network software:
if the app still tries to write to /app/code/modules it would hit permissions issues no?
no, that should not be the case (at least when the symlinked dir has proper permissions for this).
-
-
@atrilahiji Never stop never stopping! You're doing great!
-
@fbartels Sure thing: https://git.atridad.dev/alt-ron/cloudron-humhub-app/-/tree/harden-app-code
Thanks! I'm convinced this is 1) impossible or 2) something so simple yet I have not noticed it somehow
-
@atrilahiji for me this works with
➜ cloudron-humhub-app git:(harden-app-code) git rev-parse --short HEAD 0b5df1cSteps I tried:
- Install app (in debug mode, but only so that i could override and start the
start.shmanually) - finished Humhub installation
- went into admin and selected modules
- installed a module
- activated a module
- no php error can be seen
- Install app (in debug mode, but only so that i could override and start the
-
-
@atrilahiji no, no changes at all. maybe some leftovers from a previous installation of yours?
Yes, you can run
cloudron install --debugwhere then the init script is not run. you then need to exec into the app and run it manually. -
@fbartels Oh weird yeah that works... no clue why it wouldn't work if the start.sh is run normally during an install...
IDK if you saw the same error but if I don't start in debug mode and switch to Recovery Mode, running start.sh results in a permission error for PHP again.
EDIT: Nvm I think I figured it out... -
@atrilahiji the modules directory does not exist at all in
/app/codeand then it fails at creating it in the first place. You have to prepare this in a similar way to https://git.atridad.dev/alt-ron/cloudron-humhub-app/-/blob/harden-app-code/Dockerfile#L78-80 where the folder symlink needs to already be created during docker build and then in start.sh you need to make sure that the folder and its default contents exist.
