From c20a5a208e8711da0e490ea714199a05fb381f1b Mon Sep 17 00:00:00 2001
From: Yimura <24669514+Yimura@users.noreply.github.com>
Date: Mon, 6 May 2024 15:29:15 +0200
Subject: [PATCH] fix(entrypoint): loss of provilege over .git folder

---
 entrypoint.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 39eca8a..f108bb6 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -7,13 +7,18 @@ run_unprivileged() {
 echo "[INFO] Creating non-root user..."
 if [ ! -d "/home/worker" ]; then
     useradd -m worker
+fi
 
+if [[ "$(stat -c "%U:%G" /opt/crackerjack/.git)" != "worker:worker" ]]; then
+    echo "[INFO] Fixing ownership of .git folder"
     # fixes an issue where git would complain about dubious ownership (the root user owns the git clone)
     chown worker:worker -R .git
 fi
 
-echo "[INFO] Taking ownership of data directory."
-mkdir -p /opt/crackerjack/data && chown -R worker:worker /opt/crackerjack/data
+if [[ "$(stat -c "%U:%G" /opt/crackerjack/data)" != "worker:worker" ]]; then
+    echo "[INFO] Taking ownership of data directory."
+    mkdir -p /opt/crackerjack/data && chown -R worker:worker /opt/crackerjack/data
+fi
 
 echo '[INFO] Initializing DB and running migrations.'
 python3 -m flask db init