From 586bfe44c456e928c107fe4fd7622d4db71b0cbb Mon Sep 17 00:00:00 2001 From: kalaksi Date: Sun, 26 Jul 2020 12:43:31 +0300 Subject: [PATCH] Add a mechanism for getting files placed in tftp root Useful for raspberry pi 4 --- Dockerfile | 8 ++++++-- README.md | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3dba579..11ba782 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ RUN apk add --no-cache --virtual syslinux_with_deps syslinux && \ ln -s ../pxelinux.cfg /tftpboot/syslinux/pxelinux.cfg && \ apk del syslinux_with_deps +# Default configuration that can be overridden COPY pxelinux.cfg /tftpboot/pxelinux.cfg EXPOSE 1069/udp @@ -26,5 +27,8 @@ VOLUME /tftpboot/boot # The daemon doesn't seem to work if container is not run as root, but it still drops the root # privileges with the -u option. # Note that the main process still runs as root, but files are being served as non-root. -ENTRYPOINT ["in.tftpd"] -CMD ["-L", "-vvv", "-u", "ftp", "--secure", "--address", "0.0.0.0:1069", "/tftpboot"] +CMD set -eu ;\ + # Some devices such as the Raspberry Pi 4 expect files to be available directly in the TFTP root, so + # use a boot directory with the special name "root" to have it's contents copied to the TFTP root directory. + [ -d /tftpboot/boot/root ] && cp -a /tftpboot/boot/root/* /tftpboot ;\ + exec in.tftpd -L -vvv -u ftp --secure --address 0.0.0.0:1069 /tftpboot diff --git a/README.md b/README.md index c34c867..c87181b 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ This container runs a TFTP server with a prepopulated ```/tftpboot``` directory ### Why use this container? **Simply put, this container has been written with simplicity and security in mind.** -Surprisingly, _many_ community containers run unnecessarily with root privileges by default and don't provide help for dropping unneeded CAPabilities either. +Many community containers run unnecessarily with root privileges by default and don't provide help for dropping unneeded CAPabilities either. Additionally, overly complex shell scripts and unofficial base images make it harder to verify the source and keep images up-to-date. To remedy the situation, these images have been written with security, simplicity and overall quality in mind.