diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000000000000000000000000000000000000..caa437194726f5ba1b3160144d7bd495bae8c0c9 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +root = true + +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +indent_style = tab + +[*.{yml,yaml}] +indent_style = space +indent_size = 2 diff --git a/.gitlint b/.gitlint new file mode 100644 index 0000000000000000000000000000000000000000..b95ed56b48956dfc7cd91f676e9cdded99fd540f --- /dev/null +++ b/.gitlint @@ -0,0 +1,7 @@ +[general] +ignore=body-trailing-whitespace,body-is-missing + +[author-valid-email] +regex=.*@[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](\.[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9])+ + +# vim:ft=cfg diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000000000000000000000000000000000000..52f815c5d232fc68369157548190e09506e42c42 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,47 @@ +repos: + +- repo: meta + hooks: + - id: check-hooks-apply + +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.4.0 + hooks: + - id: check-added-large-files + stages: [commit] + - id: check-case-conflict + stages: [commit] + - id: check-merge-conflict + stages: [commit] + - id: check-yaml + args: [--allow-multiple-documents] + stages: [commit] + - id: destroyed-symlinks + stages: [commit] + - id: end-of-file-fixer + stages: [commit] + - id: fix-byte-order-marker + stages: [commit] + - id: mixed-line-ending + args: [--fix=lf] + stages: [commit] + - id: trailing-whitespace + exclude_types: [markdown, plain-text] + stages: [commit] + +- repo: https://github.com/jorisroovers/gitlint + rev: v0.15.0 + hooks: + - id: gitlint + +- repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 2.1.5 + hooks: + - id: protect-first-parent + +- repo: https://code.kodo.org.uk/dom/pre-commit-hooks + rev: v0.5.1 + hooks: + - id: check-for-squash + - id: copyright-notice + exclude: ^data/ diff --git a/Dockerfile b/Dockerfile index ac6a39521cbba9be3aef3e5048c90e4a396bf8d4..1e5131c23ea160b10c0fe999edc892d032ac7226 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,7 @@ ARG php_version FROM nginx:${nginx_version:-latest} as nginx LABEL uk.org.kodo.maintainer = "Dom Sekotill " -COPY data/nginx.conf /etc/nginx/conf.d/default.conf -COPY data/fastcgi.nginx.conf /etc/nginx/fastcgi.conf -COPY data/cache-bust.nginx.conf /etc/nginx/cache-bust.conf -COPY data/5*.html /app/html/ +COPY data/nginx /etc/nginx FROM php:${php_version:+$php_version-}fpm-alpine as deps diff --git a/data/nginx.conf b/data/nginx.conf deleted file mode 100644 index ebf21c51c875fd858cffb6372655db73af37d530..0000000000000000000000000000000000000000 --- a/data/nginx.conf +++ /dev/null @@ -1,148 +0,0 @@ -map $http_x_forwarded_proto $forwarded_https { - default off; - https on; -} - -log_format clear '[$time_iso8601] $remote_addr ' - '$request_method $request_uri $status ' - ' sent=$body_bytes_sent bytes;' - ' referrer=$http_referer;' - ' user-agent=$http_user_agent'; - -fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=ERR:1m inactive=1d; -fastcgi_cache_key "$scheme$request_method$host$request_uri"; - -server { - listen 80; - server_name _; - root /app/static; - access_log /dev/stdout clear; - - # Consider all private IP addresses safe sources for X-Forwarded-For - set_real_ip_from 10.0.0.0/8; - set_real_ip_from 172.16.0.0/12; - set_real_ip_from 192.168.0.0/16; - set_real_ip_from fd00::/8; - real_ip_header X-Forwarded-For; - - # Add Cache-Control headers for static files, removed in *.php location - add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; - - error_page 404 /errors/404; - error_page 502 /errors/502.html; - - location /errors { - alias /app/html; - internal; - - location /errors/404 { - include fastcgi.conf; - fastcgi_param SCRIPT_FILENAME /app/index.php; - fastcgi_cache ERR; - fastcgi_cache_valid 404 1d; - } - } - - location @index { - include fastcgi.conf; - include cache-bust.conf; - fastcgi_param SCRIPT_FILENAME /app/index.php; - } - - location = /.probe { - include fastcgi.conf; - fastcgi_param SCRIPT_NAME /.probe; - access_log off; - } - - # Don't return 200 for a missing favicon - location = /favicon.ico { - try_files favicon.ico =404; - } - - # Don't delegate to index.php for /.well-known/ - # If a plugin wants to handle /.well-known/ URIs please submit an issue to - # https://code.kodo.org.uk/singing-chimes.co.uk/wordpress/ - location /.well-known/ { - try_files $uri =404; - } - - # allow the new JSON REST API - location /wp-json/ { - include fastcgi.conf; - include cache-bust.conf; - fastcgi_param SCRIPT_FILENAME /app/index.php; - } - - # use /index.php as a front controller if the base of the URI path does - # not exist - location / { - try_files $uri @index; - } - - location = /wp-login.php { - include fastcgi.conf; - include cache-bust.conf; - } - - # wp-admin uses lots of directly accessed PHP scripts, unfortunately - location = /admin/ { - rewrite ^ /wp-admin/ permanent; - } - location /wp-admin/ { - try_files $uri $uri/index.php; - - location ~ \.php$ { - include fastcgi.conf; - include cache-bust.conf; - } - } - - # Limit the usefulness of malicious HTML/JS hosted in /media/ by serving - # only media & common data files with their correct mime-type. - # Don't allow missing paths to be delegated to the PHP controller. - location /media/ { - root /app; - try_files $uri =404; - default_type application/octet-stream; - types { - # images # - image/gif gif; - image/jpeg jpeg jpg; - image/png png; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - # audio # - application/ogg ogx; - audio/midi mid midi kar; - audio/mpeg mpga mpega mp2 mp3 m4a; - audio/ogg oga ogg spx; - audio/x-realaudio ra; - audio/webm weba; - - # video # - video/3gpp 3gpp 3gp; - video/mp4 mp4; - video/mpeg mpeg mpg mpe; - video/ogg ogv; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; - - # archives # - application/x-tar tar; - application/x-gtar tar.gz tgz tar.Z tar.bz2 tbz2 tar.lzma tlz; - application/zip zip zipx; - application/x-7z-compressed 7z s7z ace; - application/x-rar-compressed rar; - } - } -} diff --git a/data/502.html b/data/nginx/502.html similarity index 100% rename from data/502.html rename to data/nginx/502.html diff --git a/data/cache-bust.nginx.conf b/data/nginx/cache-bust.conf similarity index 100% rename from data/cache-bust.nginx.conf rename to data/nginx/cache-bust.conf diff --git a/data/nginx/fastcgi-script.conf b/data/nginx/fastcgi-script.conf new file mode 100644 index 0000000000000000000000000000000000000000..5943224e9d881e4d5598e3a1ae09d510d5af4939 --- /dev/null +++ b/data/nginx/fastcgi-script.conf @@ -0,0 +1,4 @@ +include fastcgi.conf; + +fastcgi_param SCRIPT_FILENAME /app$fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; diff --git a/data/fastcgi.nginx.conf b/data/nginx/fastcgi.conf similarity index 91% rename from data/fastcgi.nginx.conf rename to data/nginx/fastcgi.conf index 321efe261dbb98bcc6ff0c943739c2c04a504e7e..2a6f9b023b01ac7d8135595c4e5da3c09887b124 100644 --- a/data/fastcgi.nginx.conf +++ b/data/nginx/fastcgi.conf @@ -1,11 +1,13 @@ fastcgi_pass upstream:9000; +fastcgi_param SCRIPT_FILENAME /app/index.php; +fastcgi_param SCRIPT_NAME index.php; + fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param SCRIPT_FILENAME /app$fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT /app; diff --git a/data/nginx/mime.types b/data/nginx/mime.types new file mode 100644 index 0000000000000000000000000000000000000000..bb78bf27c0203755eff3e275ad3c61d44fb9a769 --- /dev/null +++ b/data/nginx/mime.types @@ -0,0 +1,96 @@ +# vim:ft=nginx + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/data/nginx/nginx.conf b/data/nginx/nginx.conf new file mode 100644 index 0000000000000000000000000000000000000000..bd069a73f7556e00fa4c6935ba8bf234bb26fa6d --- /dev/null +++ b/data/nginx/nginx.conf @@ -0,0 +1,26 @@ +# vim:ft=nginx + +user nginx; +worker_processes 1; +error_log /dev/stderr warn; +pid /dev/null; + +events { + worker_connections 1024; +} + +http { + include mime.types; + include server.conf; + + log_format main '[$time_iso8601] $remote_addr ' + '$request_method $request_uri $status ' + ' sent=$body_bytes_sent bytes;' + ' referrer=$http_referer;' + ' user-agent=$http_user_agent'; + access_log /dev/stdout main; + + gzip on; + sendfile on; + keepalive_timeout 65; +} diff --git a/data/nginx/safe.types b/data/nginx/safe.types new file mode 100644 index 0000000000000000000000000000000000000000..0e21a41583a574de6b8c261fcc3f639ed81b18c9 --- /dev/null +++ b/data/nginx/safe.types @@ -0,0 +1,41 @@ +# vim:ft=nginx + +types { + # images # + image/gif gif; + image/jpeg jpeg jpg; + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + # audio # + application/ogg ogx; + audio/midi mid midi kar; + audio/mpeg mpga mpega mp2 mp3 m4a; + audio/ogg oga ogg spx; + audio/x-realaudio ra; + audio/webm weba; + + # video # + video/3gpp 3gpp 3gp; + video/mp4 mp4; + video/mpeg mpeg mpg mpe; + video/ogg ogv; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; + + # archives # + application/x-tar tar; + application/x-gtar tar.gz tgz tar.Z tar.bz2 tbz2 tar.lzma tlz; + application/zip zip zipx; + application/x-7z-compressed 7z s7z ace; + application/x-rar-compressed rar; +} diff --git a/data/nginx/server.conf b/data/nginx/server.conf new file mode 100644 index 0000000000000000000000000000000000000000..566e5603ebfd7986e0d15f9d25819b8c0983defd --- /dev/null +++ b/data/nginx/server.conf @@ -0,0 +1,98 @@ +# vim:ft=nginx + +fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=ERR:1m inactive=1d; +fastcgi_cache_key "$scheme$request_method$host$request_uri"; + +map $http_x_forwarded_proto $forwarded_https { + default off; + https on; +} + +server { + listen 80; + server_name _; + root /app/static; + + # Consider all private IP addresses safe sources for X-Forwarded-For + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fd00::/8; + real_ip_header X-Forwarded-For; + + # Add Cache-Control headers for static files, removed in *.php location + add_header Cache-Control "public, max-age=7776000, stale-while-revalidate=86400, stale-if-error=604800"; + + error_page 404 @not-found; + error_page 502 /errors/502.html; + + location /errors { + internal; + alias /etc/nginx/html; + } + + location @not-found { + include fastcgi.conf; + fastcgi_cache ERR; + fastcgi_cache_valid 404 1d; + } + + location @index { + include fastcgi.conf; + include cache-bust.conf; + } + + location = /.probe { + include fastcgi.conf; + fastcgi_param SCRIPT_NAME /.probe; + access_log off; + } + + # Don't return 200 for a missing favicon + location = /favicon.ico { + try_files favicon.ico =404; + } + + # Don't delegate to index.php for /.well-known/ + # If a plugin wants to handle /.well-known/ URIs please submit an issue to + # https://code.kodo.org.uk/singing-chimes.co.uk/wordpress/ + location /.well-known/ { + try_files $uri =404; + } + + # allow the new JSON REST API + location /wp-json/ { + include fastcgi.conf; + include cache-bust.conf; + } + + # use /index.php as a front controller if the base of the URI path does + # not exist + location / { + try_files $uri @index; + } + + location = /wp-login.php { + include fastcgi-script.conf; + include cache-bust.conf; + } + + location /wp-admin/ { + try_files $uri $uri/index.php; + + location ~ \.php$ { + include fastcgi-script.conf; + include cache-bust.conf; + } + } + + # Limit the usefulness of malicious HTML/JS hosted in /media/ by serving + # only media & common data files with their correct mime-type. + # Don't allow missing paths to be delegated to the PHP controller. + location /media/ { + root /app; + try_files $uri =404; + include safe.types; + default_type application/octet-stream; + } +} diff --git a/data/wp-config.php b/data/wp-config.php index a9cdd92cbc9519416c4e95d54ad7956c554945f5..4a6a728e70d5a8163aefa9d55ace8505529e840d 100644 --- a/data/wp-config.php +++ b/data/wp-config.php @@ -11,7 +11,7 @@ define('DISABLE_WP_CRON', true); /** - * Move the uploads volume/directory into the top of the Wordpress + * Move the uploads volume/directory into the top of the Wordpress * installation. **/ define('UPLOADS', 'media'); diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 3a7779bd60436e22b35b63760ac5462a712373dd..6f32da8bbab5f2a8778a3dc0c2650b27906d8253 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2019 Dominik Sekotill +# Copyright 2019-2021 Dominik Sekotill # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -13,8 +13,10 @@ shopt -s nullglob globstar extglob enable -f /usr/lib/bash/head head enable -f /usr/lib/bash/unlink unlink -declare -r DEFAULT_THEME=twentynineteen +declare -r DEFAULT_THEME=twentytwentyone declare -r WORKER_USER=www-data +declare -r CONFIG_DIR=/etc/wordpress +declare -r WORK_DIR=${PWD} declare DB_HOST DB_NAME DB_USER DB_PASS declare HOME_URL SITE_URL @@ -41,7 +43,7 @@ declare -a PHP_DIRECTIVES=( ) declare -a WP_CONFIGS=( ${WP_CONFIGS-} - /etc/wordpress/*config.php + ${CONFIG_DIR}/*config.php ) @@ -63,11 +65,14 @@ create_config() wp config create \ --extra-php \ --skip-check \ - --dbname="${DB_NAME? Please set DB_NAME in /etc/wordpress/}" \ - --dbuser="${DB_USER? Please set DB_USER in /etc/wordpress/}" \ + --dbname="${DB_NAME? Please set DB_NAME in ${CONFIG_DIR}/}" \ + --dbuser="${DB_USER? Please set DB_USER in ${CONFIG_DIR}/}" \ ${DB_HOST+--dbhost="${DB_HOST}"} \ ${DB_PASS+--dbpass="${DB_PASS}"} + # Clear potentialy sensitive information from environment lest it leaks + unset ${!DB_*} + local site_url=${SITE_URL? Please set SITE_URL} local site_path=${site_url##*://*([^/])} local home_url=${HOME_URL:-${site_url%$site_path}} @@ -89,8 +94,11 @@ setup_database() { --admin_email="${SITE_ADMIN_EMAIL:-admin@$domain}" \ ${SITE_ADMIN_PASSWORD+--admin_password="${SITE_ADMIN_PASSWORD}"} - # Start with a pretty, restful permalink structure, instead of the plain, - # ugly default. The user can change this as they please through the admin + # Clear potentialy sensitive information from environment lest it leaks + unset ${!SITE_ADMIN*} + + # Start with a pretty, restful permalink structure, instead of the plain, + # ugly default. The user can change this as they please through the admin # dashboard. wp rewrite structure /posts/%postname% } @@ -133,6 +141,9 @@ setup_s3() { local contents=( media/* ) [[ ${#contents[*]} -gt 0 ]] && wp s3-uploads upload-directory media + + # Clear potentialy sensitive information from environment lest it leaks + unset ${!S3_ENDPOINT_*} } setup_components() { @@ -160,6 +171,8 @@ setup_components() { [[ $(wp theme list --status=active --format=count) -eq 0 ]] && wp theme activate $(wp theme list --field=name | head -n1) + deactivate_missing_plugins + setup_s3 return 0 @@ -179,7 +192,7 @@ get_media_dir() setup_media() { - # UID values change on every run, ensure the owner and group are set + # UID values change on every run, ensure the owner and group are set # correctly on the media directory/volume. get_media_dir chown -R ${WORKER_USER}:${WORKER_USER} "${MEDIA}" @@ -210,6 +223,28 @@ collect_static() . static/ } +deactivate_missing_plugins() +{ + # Output active plugin entrypoints as a JSON array + wp option get active_plugins --format=json | + + # Convert to lines of raw strings + jq -r '.[]' | + + # Filter out plugin entrypoints that don't exist in wp-content/plugins + while read plugin; do + test -e wp-content/plugins/$plugin && + echo $plugin || + echo >&2 "Deactivating removed plugin: $(dirname $plugin)" + done | + + # Convert raw lines back into a JSON array + jq -nR '[inputs]' | + + # Update the active plugin entrypoints + wp option update active_plugins --format=json +} + next_cron() { echo $(($(wp cron event list --field=time|sort|head -n1) - $(date +%s))) @@ -232,17 +267,19 @@ run_background_cron() )& } -for file in /etc/wordpress/**/*.conf; do +mkdir -p ${CONFIG_DIR} +cd ${CONFIG_DIR} +for file in **/*.conf; do source "${file}" done -if [[ -e ${PLUGINS_LIST:=/etc/wordpress/plugins.txt} ]]; then +if [[ -e ${PLUGINS_LIST:=${CONFIG_DIR}/plugins.txt} ]]; then PLUGINS+=( $(<"${PLUGINS_LIST}") ) fi -if [[ -e ${THEMES_LIST:=/etc/wordpress/themes.txt} ]]; then +if [[ -e ${THEMES_LIST:=${CONFIG_DIR}/themes.txt} ]]; then THEMES+=( $(<"${THEMES_LIST}") ) fi -if [[ -e ${LANGUAGES_LIST:=/etc/wordpress/languages.txt} ]]; then +if [[ -e ${LANGUAGES_LIST:=${CONFIG_DIR}/languages.txt} ]]; then LANGUAGES+=( $(<"${LANGUAGES_LIST}") ) fi @@ -252,6 +289,7 @@ for directive in "${PHP_DIRECTIVES[@]}"; do extra_args+=( -d "${directive}" ) done +cd ${WORK_DIR} case "$1" in collect-static) create_config && setup_components && collect_static ;; run-cron) create_config && run_cron ;; diff --git a/scripts/install-deps.sh b/scripts/install-deps.sh index e6b4d75d2d995b43b7c3b36a0affe39e8bcb6bfe..51d0f812f8a75dd8c3cdcfb7e1506ee6a537768e 100755 --- a/scripts/install-deps.sh +++ b/scripts/install-deps.sh @@ -1,4 +1,10 @@ #!/bin/sh +# Copyright 2019-2021 Dominik Sekotill +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + set -eux # Install packaged dependencies @@ -6,6 +12,7 @@ apk update apk add \ bash \ imagemagick-libs \ + jq \ libgmpxx \ libjpeg \ libpng \ diff --git a/scripts/wp.sh b/scripts/wp.sh index 1e70eab1225cf5459f0cba6ab37cd70913b880bf..0021371d78b9eb98dd68a633f926e056f34733a8 100755 --- a/scripts/wp.sh +++ b/scripts/wp.sh @@ -1,6 +1,12 @@ #!/bin/sh -# Lets not beat about the bush, preventing the tool which installs WP from -# installing it as root is idiocy. WP needs to be installed owned by a user -# seperate from the server's user. 'root' is available for such, besides which +# Copyright 2019-2021 Dominik Sekotill +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Lets not beat about the bush, preventing the tool which installs WP from +# installing it as root is idiocy. WP needs to be installed owned by a user +# seperate from the server's user. 'root' is available for such, besides which # root in a container is not really root. exec php -d memory_limit=512M /usr/local/lib/wp-cli.phar --allow-root "$@"