From 5d27e5950f947033c247b4bccfea331ee2f8ca66 Mon Sep 17 00:00:00 2001 From: Quinn Damerell Date: Mon, 11 Nov 2024 08:52:09 -0800 Subject: [PATCH] Attempting to fix the network permissions issue. --- Dockerfile | 1 + homeway/CHANGELOG.md | 4 ++++ homeway/Dockerfile | 20 ++++++++++++++------ homeway/apparmor.txt | 15 +++++++++++++-- homeway/config.yaml | 2 +- homeway/run.sh | 11 ----------- 6 files changed, 33 insertions(+), 20 deletions(-) delete mode 100644 homeway/run.sh diff --git a/Dockerfile b/Dockerfile index d0ca682..12e0dd2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,5 +42,6 @@ RUN ${VENV_DIR}/bin/pip3 install --require-virtualenv --no-cache-dir -q "zstanda # For docker, we use our homeway_standalone_docker host to handle the runtime setup and launch of the serivce. WORKDIR ${REPO_DIR} + # Use the full path to the venv, we msut use this [] notation for our ctlc handler to work in the contianer ENTRYPOINT ["/root/homeway-env/bin/python", "-m", "homeway_standalone_docker"] diff --git a/homeway/CHANGELOG.md b/homeway/CHANGELOG.md index 8e39314..5942f8d 100644 --- a/homeway/CHANGELOG.md +++ b/homeway/CHANGELOG.md @@ -1,6 +1,10 @@ +## 1.5.3 + +- 🪲 Attempting to fix a network permissions error. + ## 1.5.2 - 🪲 Adding debug logging to help hunt a bug with the connection stability. diff --git a/homeway/Dockerfile b/homeway/Dockerfile index c80879f..b68a10e 100644 --- a/homeway/Dockerfile +++ b/homeway/Dockerfile @@ -14,8 +14,9 @@ COPY requirements.txt / RUN pip install --no-cache-dir --disable-pip-version-check -r requirements.txt # Install the optional pacakges for zstandard compression. The extra packages are required for the zstandard python pip install to build. +# Note we don't isntall PY 3 so it doesn't exit and we don't accitentally use it instaed of the base image python. # hadolint ignore=DL3018,DL3019,DL3059 -RUN apk add zstd python3 python3-dev gcc zlib-dev musl-dev libffi-dev +RUN apk add zstd python3-dev gcc zlib-dev musl-dev libffi-dev # THIS VERSION STRING MUST STAY IN SYNC with Compression.ZStandardPipPackageString RUN pip install --no-cache-dir -q "zstandard>=0.21.0,<0.23.0" @@ -27,12 +28,19 @@ COPY . ./ # Helpful for debugging. RUN ls +RUN whoami -# Set the run script exectuable. -RUN chmod a+x /app/run.sh - -# Create a command to launch the run script. -CMD [ "/app/run.sh" ] +# +# Since we are running in a docker container, there's no need for dynamic configs. +# The repo root is /app, as we define in our Dockerfile +# The storage root it the Home Assistant docker mapped dir, /data/ +# Note that all of the data is stored in this flat dir, the config, storage data, and logs. +# +# This is the json config, that's base64 encoded and sent as an argument. +# { "VersionFileDir":"/app", "AddonDataRootDir":"/data", "StorageDir":"/data", "LogsDir":"/data", "IsRunningInHaAddonEnv":true } +# +# Note if we every move past "python3", we need to update apparmor. +CMD [ "python3", "-m", "homeway_linuxhost", "eyAiVmVyc2lvbkZpbGVEaXIiOiIvYXBwIiwgIkFkZG9uRGF0YVJvb3REaXIiOiIvZGF0YSIsICJTdG9yYWdlRGlyIjoiL2RhdGEiLCAiTG9nc0RpciI6Ii9kYXRhIiwgIklzUnVubmluZ0luSGFBZGRvbkVudiI6dHJ1ZSB9" ] # Build arguments ARG BUILD_ARCH diff --git a/homeway/apparmor.txt b/homeway/apparmor.txt index 828bcc5..f0d0c87 100644 --- a/homeway/apparmor.txt +++ b/homeway/apparmor.txt @@ -1,12 +1,19 @@ +# This file has been taken from the Home Assistant addon dev package +# https://developers.home-assistant.io/docs/add-ons/presentation#apparmor +# From the default template config, ADDON_SLUG needs to be replaced with "homeway" + #include -profile ADDON_SLUG flags=(attach_disconnected,mediate_deleted) { +profile homeway flags=(attach_disconnected,mediate_deleted) { #include # Capabilities file, signal (send) set=(kill,term,int,hup,cont), + # Allow all network traffic + network, + # S6-Overlay /init ix, /bin/** ix, @@ -19,6 +26,7 @@ profile ADDON_SLUG flags=(attach_disconnected,mediate_deleted) { /etc/cont-finish.d/** rwix, /run/{,**} rwk, /dev/tty rw, + /app/** rw, # Bashio /usr/lib/bashio/** ix, @@ -34,7 +42,10 @@ profile ADDON_SLUG flags=(attach_disconnected,mediate_deleted) { #include # Receive signals from S6-Overlay - signal (receive) peer=*_ADDON_SLUG, + signal (receive) peer=*_homeway, + + # Allow all network traffic + network, # Access to options.json and other files within your addon /data/** rw, diff --git a/homeway/config.yaml b/homeway/config.yaml index 9734637..af82f2c 100644 --- a/homeway/config.yaml +++ b/homeway/config.yaml @@ -38,4 +38,4 @@ image: ghcr.io/homewayio/homeway/{arch} # Note when this version number changes, we must make a release to start a docker container build immediately, since HA will start looking for the new version. # Basically: Make the final commit -> test and check lint actions (if a docker change, push to docker-test to ensure it builds) -> bump the version number -> create GitHub release. # UPDATE THE CHANGE LOG! -version: 1.5.2 +version: 1.5.3 diff --git a/homeway/run.sh b/homeway/run.sh deleted file mode 100644 index 3bf6595..0000000 --- a/homeway/run.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/with-contenv bashio - -# Since we are running in a docker container, there's no need for dynamic configs. -# The repo root is /app, as we define in our Dockerfile -# The storage root it the Home Assistant docker mapped dir, /data/ -# Note that all of the data is stored in this flat dir, the config, storage data, and logs. - -# This is the json config, that's base64 encoded and sent as an argument. -# { "VersionFileDir":"/app", "AddonDataRootDir":"/data", "StorageDir":"/data", "LogsDir":"/data", "IsRunningInHaAddonEnv":true } - -python3 -m homeway_linuxhost eyAiVmVyc2lvbkZpbGVEaXIiOiIvYXBwIiwgIkFkZG9uRGF0YVJvb3REaXIiOiIvZGF0YSIsICJTdG9yYWdlRGlyIjoiL2RhdGEiLCAiTG9nc0RpciI6Ii9kYXRhIiwgIklzUnVubmluZ0luSGFBZGRvbkVudiI6dHJ1ZSB9 \ No newline at end of file