From 2752ae43f07db686658961c05f79d58f8c1da9e5 Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Tue, 7 Apr 2026 14:20:04 +0200
Subject: [PATCH 1/2] Split image build setup between root and www-data actions

---
 Dockerfile               | 20 ++++++++------
 setup_app.sh             | 29 +++++++++++++++++++++
 setup.sh => setup_sys.sh | 56 +++++++++++++++++-----------------------
 3 files changed, 64 insertions(+), 41 deletions(-)
 create mode 100644 setup_app.sh
 rename setup.sh => setup_sys.sh (64%)

diff --git a/Dockerfile b/Dockerfile
index c0f50bd..ff00131 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,7 +23,7 @@ EORUN
 
 # Build supercronic
 FROM golang:trixie AS supercronic
-ADD https://github.com/aptible/supercronic.git#v0.2.44 src
+ADD https://github.com/aptible/supercronic.git#v0.2.44 /go/src/
 WORKDIR /go/src
 RUN <<EORUN
 set -eux
@@ -43,7 +43,7 @@ LABEL org.opencontainers.image.authors="colisee@hotmail.com"
 # Copy entrypoint scripts
 COPY --chmod=0755 bin /usr/local/bin/
 
-# Create cron jobs
+# Copy cron jobs
 COPY --chown=www-data:www-data --chmod=0755 \
      lb-jobs-cron /config/
 
@@ -59,16 +59,20 @@ COPY --from=upstream \
      --chown=www-data:root --chmod=0775 \
      /upstream/ /var/www/html/
 
-# Update and install required debian packages
+# Customize the system environment
 ENV DEBIAN_FRONTEND=noninteractive
-RUN --mount=type=bind,source=setup.sh,target=/tmp/setup.sh <<EORUN
-bash /tmp/setup.sh
+RUN --mount=type=bind,source=setup_sys.sh,target=/tmp/setup_sys.sh <<EORUN
+bash /tmp/setup_sys.sh
 EORUN
 
-# Environment
-USER       www-data
-WORKDIR    /
+# Customize the image environment
+USER       www-data:root
 VOLUME     /config
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 CMD        ["apache2-foreground"]
 EXPOSE     8080
+
+# Customize the application environment
+RUN --mount=type=bind,source=setup_app.sh,target=/tmp/setup_app.sh <<EORUN
+bash /tmp/setup_app.sh
+EORUN
diff --git a/setup_app.sh b/setup_app.sh
new file mode 100644
index 0000000..62c4ff0
--- /dev/null
+++ b/setup_app.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# vim: set expandtab ts=2 sw=2 ai :
+
+set -e
+set -u
+set -o pipefail
+trap 'echo "Exit status $? at line $LINENO from: $BASH_COMMAND"' ERR
+
+PS4='+ ${BASH_SOURCE:-}:${FUNCNAME[0]:-}:L${LINENO:-}:   '
+set -x
+
+if [ -f /var/www/html/composer.json ]; then
+  sed \
+    -i /var/www/html/composer.json \
+    -e "s:\(.*\)nickdnk/graph-sdk\(.*\)7.0\(.*\):\1joelbutcher/facebook-graph-sdk\26.1\3:"
+  composer install
+fi
+
+sed \
+  -i /var/www/html/database_schema/create-user.sql \
+  -e "s:^DROP USER ':DROP USER IF EXISTS ':g" \
+  -e "s:booked_user:schedule_user:g" \
+  -e "s:localhost:%:g"
+
+if ! [ -d /var/www/html/tpl_c ]; then
+  mkdir --mode 0775 /var/www/html/tpl_c
+fi
+
+mkdir --mode 0775 /var/www/html/Web/uploads/reservation
diff --git a/setup.sh b/setup_sys.sh
similarity index 64%
rename from setup.sh
rename to setup_sys.sh
index 82d1ce1..946679d 100644
--- a/setup.sh
+++ b/setup_sys.sh
@@ -9,6 +9,7 @@ trap 'echo "Exit status $? at line $LINENO from: $BASH_COMMAND"' ERR
 PS4='+ ${BASH_SOURCE:-}:${FUNCNAME[0]:-}:L${LINENO:-}:   '
 set -x
 
+# Install dependencies
 apt-get update
 apt-get upgrade --yes
 apt-get install --yes --no-install-recommends \
@@ -18,52 +19,43 @@ apt-get install --yes --no-install-recommends \
   libfreetype6-dev \
   unzip
 apt-get clean
-rm -rf /var/lib/apt/lists/*
 
-# Customize the http & php environment
-cp "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+# Customize Apache
 cat >/etc/apache2/conf-available/remoteip.conf <<EOF
 RemoteIPHeader X-Real-IP
 RemoteIPInternalProxy 10.0.0.0/8
 RemoteIPInternalProxy 172.16.0.0/12
 RemoteIPInternalProxy 192.168.0.0/16
 EOF
+
+sed \
+  -i /etc/apache2/ports.conf \
+  -e 's/Listen 80/Listen 8080/' \
+  -e 's/Listen 443/Listen 8443/'
+sed \
+  -i /etc/apache2/sites-available/000-default.conf \
+  -e 's/<VirtualHost \*:80>/<VirtualHost \*:8080>/'
+
 a2enconf remoteip
 a2enmod rewrite
 a2enmod headers
 a2enmod remoteip
+
+# Customize php
+cp "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+touch /usr/local/etc/php/conf.d/librebooking.ini
+
 docker-php-ext-configure gd --with-jpeg --with-freetype
 docker-php-ext-install mysqli gd ldap
 pecl install timezonedb
 docker-php-ext-enable timezonedb
-mkdir --parent /var/log/librebooking
-chown --recursive www-data:root /var/log/librebooking
-chmod --recursive g+rwx /var/log/librebooking
-touch /usr/local/etc/php/conf.d/librebooking.ini
-sed \
-  -i /etc/apache2/ports.conf \
-  -e 's/Listen 80/Listen 8080/' \
-  -e 's/Listen 443/Listen 8443/'
-sed \
-  -i /etc/apache2/sites-available/000-default.conf \
-  -e 's/<VirtualHost \*:80>/<VirtualHost \*:8080>/'
 
-if [ -f /var/www/html/composer.json ]; then
-  sed \
-    -i /var/www/html/composer.json \
-    -e "s:\(.*\)nickdnk/graph-sdk\(.*\)7.0\(.*\):\1joelbutcher/facebook-graph-sdk\26.1\3:"
-  composer install
-fi
-sed \
-  -i /var/www/html/database_schema/create-user.sql \
-  -e "s:^DROP USER ':DROP USER IF EXISTS ':g" \
-  -e "s:booked_user:schedule_user:g" \
-  -e "s:localhost:%:g"
-if ! [ -d /var/www/html/tpl_c ]; then
-  mkdir /var/www/html/tpl_c
-fi
-mkdir /var/www/html/Web/uploads/reservation
+# Customize log
+mkdir --parent /var/log/librebooking
+chown www-data:root /var/log/librebooking
+chmod g+rwx /var/log/librebooking
 
+# Customize permissions
 chown www-data:root \
   /var/www \
   /usr/local/etc/php/conf.d/librebooking.ini
@@ -71,8 +63,6 @@ chmod g+rwx \
   /var/www \
   /usr/local/etc/php/conf.d/librebooking.ini
 chown --recursive www-data:root \
-  /etc/apache2/sites-available \
-  /var/www/html/tpl_c
+  /etc/apache2/sites-available
 chmod --recursive g+rwx \
-  /etc/apache2/sites-available \
-  /var/www/html/tpl_c
+  /etc/apache2/sites-available

From f4f33f4afe09c7f004695ab927eb302b2342587a Mon Sep 17 00:00:00 2001
From: Robin Alexander <colisee@hotmail>
Date: Thu, 9 Apr 2026 12:18:32 +0200
Subject: [PATCH 2/2] Fix selinux issues brought with Dockerfile RUN --mount
 statement

---
 Dockerfile                       | 10 +++-------
 setup_app.sh => bin/build_app.sh |  0
 setup_sys.sh => bin/build_sys.sh |  0
 3 files changed, 3 insertions(+), 7 deletions(-)
 rename setup_app.sh => bin/build_app.sh (100%)
 rename setup_sys.sh => bin/build_sys.sh (100%)

diff --git a/Dockerfile b/Dockerfile
index ff00131..7e254fa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -40,7 +40,7 @@ LABEL org.opencontainers.image.source="https://github.com/librebooking/docker"
 LABEL org.opencontainers.image.licenses="GPL-3.0"
 LABEL org.opencontainers.image.authors="colisee@hotmail.com"
 
-# Copy entrypoint scripts
+# Copy bin scripts
 COPY --chmod=0755 bin /usr/local/bin/
 
 # Copy cron jobs
@@ -61,9 +61,7 @@ COPY --from=upstream \
 
 # Customize the system environment
 ENV DEBIAN_FRONTEND=noninteractive
-RUN --mount=type=bind,source=setup_sys.sh,target=/tmp/setup_sys.sh <<EORUN
-bash /tmp/setup_sys.sh
-EORUN
+RUN bash /usr/local/bin/build_sys.sh
 
 # Customize the image environment
 USER       www-data:root
@@ -73,6 +71,4 @@ CMD        ["apache2-foreground"]
 EXPOSE     8080
 
 # Customize the application environment
-RUN --mount=type=bind,source=setup_app.sh,target=/tmp/setup_app.sh <<EORUN
-bash /tmp/setup_app.sh
-EORUN
+RUN bash /usr/local/bin/build_app.sh
diff --git a/setup_app.sh b/bin/build_app.sh
similarity index 100%
rename from setup_app.sh
rename to bin/build_app.sh
diff --git a/setup_sys.sh b/bin/build_sys.sh
similarity index 100%
rename from setup_sys.sh
rename to bin/build_sys.sh