hailin
/
it0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: correct SSH key permissions in agent-service container 

Mount host key to /tmp/host-ssh-key (read-only), then copy to
appuser's .ssh directory with correct ownership at container start.
Fixes "Permission denied" due to uid mismatch on bind mount.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-02-26 12:00:02 -08:00
parent 795e8a11c5
commit 329916e1f6
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile.service
View File

@ -92,4 +92,6 @@ EXPOSE ${SERVICE_PORT}
ENV SERVICE_NAME=${SERVICE_NAME} ENV SERVICE_NAME=${SERVICE_NAME}
ENV NODE_OPTIONS="--experimental-global-webcrypto" ENV NODE_OPTIONS="--experimental-global-webcrypto"
ENV SHELL=/bin/bash ENV SHELL=/bin/bash
CMD node dist/services/${SERVICE_NAME}/src/main
# Entrypoint: copy host-mounted SSH key with correct ownership, then start service
CMD sh -c 'if [ -f /tmp/host-ssh-key ]; then cp /tmp/host-ssh-key /home/appuser/.ssh/id_ed25519 && chmod 600 /home/appuser/.ssh/id_ed25519; fi && node dist/services/${SERVICE_NAME}/src/main'

2
deploy/docker/docker-compose.yml
View File

@ -122,7 +122,7 @@ services:
- ${HOME}/.claude:/home/appuser/.claude - ${HOME}/.claude:/home/appuser/.claude
- ${HOME}/.claude.json:/home/appuser/.claude.json - ${HOME}/.claude.json:/home/appuser/.claude.json
- claude_tenants:/data/claude-tenants - claude_tenants:/data/claude-tenants
- ${HOME}/.ssh/id_ed25519:/home/appuser/.ssh/id_ed25519:ro - ${HOME}/.ssh/id_ed25519:/tmp/host-ssh-key:ro
environment: environment:
- DB_HOST=postgres - DB_HOST=postgres
- DB_PORT=5432 - DB_PORT=5432