From 074df7637b1562f37fd79f243b812a7c682537b2 Mon Sep 17 00:00:00 2001
From: Maykin-99 <73132218+Maykin-99@users.noreply.github.com>
Date: Wed, 5 May 2021 08:16:11 +0000
Subject: [PATCH] Set correct permissions in Dockerfile

When having a `umask` of `xx7` (e.g. `027`) on the host machine then the directories `assets`, `config` and `locales` don't become readable to the `invidious` user inside the Docker container since the `COPY` commands result in files owned by `root` with the same file permissions like on the host (`640` in my case).

By adding `--chown=invidious` to the `COPY` command we ensure the `invidious` user can read these files.
---
 docker/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index f7d990d79..01abc6f56 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -18,12 +18,12 @@ RUN apk add --no-cache librsvg ttf-opensans
 WORKDIR /invidious
 RUN addgroup -g 1000 -S invidious && \
     adduser -u 1000 -S invidious -G invidious
-COPY ./assets/ ./assets/
+COPY --chown=invidious ./assets/ ./assets/
 COPY --chown=invidious ./config/config.* ./config/
 RUN mv -n config/config.example.yml config/config.yml
 RUN sed -i 's/host: \(127.0.0.1\|localhost\)/host: postgres/' config/config.yml
-COPY ./config/sql/ ./config/sql/
-COPY ./locales/ ./locales/
+COPY --chown=invidious ./config/sql/ ./config/sql/
+COPY --chown=invidious ./locales/ ./locales/
 COPY --from=builder /invidious/invidious .
 
 EXPOSE 3000