Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nginx-image for openSUSE:Factory checked in at 2026-06-17 16:23:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nginx-image (Old) and /work/SRC/openSUSE:Factory/.nginx-image.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nginx-image" Wed Jun 17 16:23:49 2026 rev:45 rq:1359924 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/nginx-image/nginx-image.changes 2026-06-15 19:52:07.465257486 +0200 +++ /work/SRC/openSUSE:Factory/.nginx-image.new.1981/nginx-image.changes 2026-06-17 16:24:44.311172807 +0200 @@ -1,0 +2,15 @@ +Wed Jun 17 08:04:52 UTC 2026 - SUSE Update Bot <[email protected]> + +- support unprivileged operation + +------------------------------------------------------------------- +Tue Jun 16 20:28:07 UTC 2026 - SUSE Update Bot <[email protected]> + +- fixes for 1.7 (better launcher config; adding synchronizer) + +------------------------------------------------------------------- +Tue Jun 16 19:54:52 UTC 2026 - SUSE Update Bot <[email protected]> + +- do not rm /run in the build stage + +------------------------------------------------------------------- New: ---- 40-unprivileged-mode.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ 40-unprivileged-mode.sh ++++++ #!/bin/sh set -e CURRENT_UID=$(id -u) if [ "$CURRENT_UID" -gt "0" ]; then echo "$0: Running as unprivileged user (UID: $CURRENT_UID). Configuring for unprivileged mode (Port 8080)." CONF_FILES="/etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf" for FILE in $CONF_FILES; do if [ -w "$FILE" ]; then if grep -q "listen .*80;" "$FILE"; then echo "Changing port 80 to 8080 in $FILE" sed 's/listen\s*80;/listen 8080;/g' "$FILE" > /tmp/client_temp/nginx_swap.conf && \ cat /tmp/client_temp/nginx_swap.conf > "$FILE" && \ rm -f /tmp/client_temp/nginx_swap.conf fi if [ "$FILE" = "/etc/nginx/nginx.conf" ]; then echo "Redirecting NGINX temp paths and setting PID to /tmp in $FILE" sed -e '/^user/d' \ -e 's,^#\?\s*pid\s\+.*;$,pid /var/run/nginx/nginx.pid;,' \ -e '/http {/a \ client_body_temp_path /tmp/client_temp;\n proxy_temp_path /tmp/proxy_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;' \ "$FILE" > /tmp/client_temp/nginx_ultra.conf && \ cat /tmp/client_temp/nginx_ultra.conf > "$FILE" && \ rm -f /tmp/client_temp/nginx_ultra.conf echo "$0: Removed 'user' directive and updated PID path." fi fi done echo "$0: Listening on port 8080." fi (No newline at EOF) ++++++ Dockerfile ++++++ --- /var/tmp/diff_new_pack.sHAhni/_old 2026-06-17 16:24:45.095205567 +0200 +++ /var/tmp/diff_new_pack.sHAhni/_new 2026-06-17 16:24:45.099205735 +0200 @@ -25,7 +25,7 @@ RUN set -euo pipefail; \ export PERMCTL_ALLOW_INSECURE_MODE_IF_NO_PROC=1; \ - zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends curl gawk nginx findutils envsubst + zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends curl gawk nginx findutils envsubst sed grep # sanity check that the version from the tag is equal to the version of nginx that we expect RUN set -euo pipefail; \ [ "$(rpm --root /target -q --qf '%{version}' nginx | \ @@ -36,7 +36,7 @@ t=$(mktemp -d); mv /target/usr/lib/sysimage/rpm/Packages.db $t; rpmdb --rebuilddb --dbpath=$t; \ rm /target/usr/lib/sysimage/rpm/*.db && mv $t/Packages.db /target/usr/lib/sysimage/rpm/; \ rm -rf {/target,}/var/log/{alternatives.log,lastlog,suseconnect.log,tallylog,zypper.log,zypp/history,YaST2}; \ - rm -rf {/target,}/run/*; \ + rm -rf /target/run/*; \ rm -f {/target,}/etc/{shadow-,group-,passwd-,.pwd.lock}; \ rm -f {/target,}/usr/lib/sysimage/rpm/.rpm.lock; \ rm -f {/target,}/var/lib/zypp/AnonymousUniqueId; \ @@ -68,10 +68,10 @@ EXPOSE 80/tcp RUN set -euo pipefail; mkdir /docker-entrypoint.d -COPY [1-3]0-*.sh /docker-entrypoint.d/ +COPY [1-4]0-*.sh /docker-entrypoint.d/ COPY docker-entrypoint.sh /usr/local/bin COPY index.html /srv/www/htdocs/ RUN set -euo pipefail; chmod +x /docker-entrypoint.d/*.sh /usr/local/bin/docker-entrypoint.sh -RUN set -euo pipefail; install -d -o nginx -g nginx -m 750 /var/log/nginx; ln -sf /dev/stdout /var/log/nginx/access.log; ln -sf /dev/stderr /var/log/nginx/error.log +RUN set -euo pipefail; set -euo pipefail; mkdir -p /var/cache/nginx /var/run/nginx /tmp/client_temp /tmp/proxy_temp /tmp/fastcgi_temp /tmp/uwsgi_temp /tmp/scgi_temp; ln -sf /dev/stdout /var/log/nginx/access.log; ln -sf /dev/stderr /var/log/nginx/error.log; chown -R nginx:nginx /var/cache/nginx /etc/nginx /var/run/nginx /var/log/nginx /tmp/client_temp /tmp/proxy_temp /tmp/fastcgi_temp /tmp/uwsgi_temp /tmp/scgi_temp; STOPSIGNAL SIGQUIT ++++++ README.md ++++++ --- /var/tmp/diff_new_pack.sHAhni/_old 2026-06-17 16:24:45.139207406 +0200 +++ /var/tmp/diff_new_pack.sHAhni/_new 2026-06-17 16:24:45.143207573 +0200 @@ -42,6 +42,13 @@ listen 80; ``` +## Running nginx as a non-root user +To run the image as a less privileged user using the `nginx` user, do the following: +```ShellSession +$ podman run -it --user nginx --rm -p 8080:8080 -v /path/to/html/:/srv/www/htdocs/:Z registry.opensuse.org/opensuse/nginx:1.31 +``` +**Note:** When running as the `nginx` user the default port is 8080. + ## Environment variables ### NGINX_ENTRYPOINT_QUIET_LOGS
