switch user with -a, docker adds entrypoint script, #876

docker/Dockerfile

@@ -0,0 +1,56 @@
+FROM --platform=$BUILDPLATFORM rust:1.53.0-buster AS build
+
+ARG TARGETARCH
+
+RUN apt-get update && apt-get install -y build-essential curl musl-tools
+
+WORKDIR /root/shadowsocks-rust
+
+ADD . .
+
+RUN rustup install nightly && rustup default nightly && \
+    case "$TARGETARCH" in \
+        "386") \
+        RUST_TARGET="i686-unknown-linux-musl" \
+        MUSL="i686-linux-musl" \
+    ;; \
+    "amd64") \
+        RUST_TARGET="x86_64-unknown-linux-musl" \
+        MUSL="x86_64-linux-musl" \
+    ;; \
+    "arm64") \
+        RUST_TARGET="aarch64-unknown-linux-musl" \
+        MUSL="aarch64-linux-musl" \
+    ;; \
+    *) \
+        echo "Doesn't support $TARGETARCH architecture" \
+        exit 1 \
+    ;; \
+    esac && \
+    wget -qO- "https://musl.cc/$MUSL-cross.tgz" | tar -xzC /root/ && \
+    CC=/root/$MUSL-cross/bin/$MUSL-gcc && \
+    rustup target add $RUST_TARGET && \
+    RUSTFLAGS="-C linker=$CC" CC=$CC cargo build --target "$RUST_TARGET" --release --features "local-tun local-redir armv8 neon" && \
+    mv target/$RUST_TARGET/release/ss* target/release/
+
+FROM alpine:3.14 AS sslocal
+
+COPY --from=build /root/shadowsocks-rust/target/release/sslocal /usr/bin
+COPY --from=build /root/shadowsocks-rust/examples/config.json /etc/shadowsocks-rust/
+COPY --from=build /root/shadowsocks-rust/docker/docker-entrypoint.sh /
+
+USER nobody
+
+ENTRYPOINT [ "/docker-entrypoint.sh" ]
+CMD [ "sslocal", "--log-without-time", "-c", "/etc/shadowsocks-rust/config.json" ]
+
+FROM alpine:3.14 AS ssserver
+
+COPY --from=build /root/shadowsocks-rust/target/release/ssserver /usr/bin
+COPY --from=build /root/shadowsocks-rust/examples/config.json /etc/shadowsocks-rust/
+COPY --from=build /root/shadowsocks-rust/docker/docker-entrypoint.sh /
+
+USER nobody
+
+ENTRYPOINT [ "/docker-entrypoint.sh" ]
+CMD [ "ssserver", "--log-without-time", "-c", "/etc/shadowsocks-rust/config.json" ]

docker/Dockerfile.v2ray

@@ -0,0 +1,16 @@
+FROM ghcr.io/shadowsocks/ssserver-rust:latest
+
+USER root
+
+RUN cd /tmp && \
+    TAG=$(wget -qO- https://api.github.com/repos/shadowsocks/v2ray-plugin/releases/latest | grep tag_name | cut -d '"' -f4) && \
+    wget https://github.com/shadowsocks/v2ray-plugin/releases/download/$TAG/v2ray-plugin-linux-amd64-$TAG.tar.gz && \
+    tar -xf *.gz && \
+    rm *.gz && \
+    mv v2ray* /usr/bin/v2ray-plugin && \
+    chmod +x /usr/bin/v2ray-plugin
+
+USER nobody
+
+ENTRYPOINT [ "/docker-entrypoint.sh" ]
+CMD [ "ssserver", "--log-without-time", "-c", "/etc/shadowsocks-rust/config.json" ]

docker/docker-entrypoint.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+# vim:sw=4:ts=4:et
+
+set -e
+
+if [ -z "${SS_ENTRYPOINT_QUIET_LOGS:-}" ]; then
+    exec 3>&1
+else
+    exec 3>/dev/null
+fi
+
+if [ "$1" = "sslocal" -o "$1" = "ssserver" -o "$1" = "ssmanager" -o "$1" = "ssservice" ]; then
+    if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then
+        echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration"
+
+        echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/"
+        find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do
+            case "$f" in
+                *.sh)
+                    if [ -x "$f" ]; then
+                        echo >&3 "$0: Launching $f";
+                        "$f"
+                    else
+                        # warn on shell scripts without exec bit
+                        echo >&3 "$0: Ignoring $f, not executable";
+                    fi
+                    ;;
+                *) echo >&3 "$0: Ignoring $f";;
+            esac
+        done
+
+        echo >&3 "$0: Configuration complete; ready for start up"
+    else
+        echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration"
+    fi
+fi
+
+exec "$@"