From b69ea2f83f0e052bbc160c0a3a9689447f7da3f2 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <das7pad@outlook.com>
Date: Wed, 19 Feb 2020 10:32:50 +0000
Subject: [PATCH 1/4] [misc] drop debug output and log docker version on stderr

---
 entrypoint.sh | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 07d902a..e28bbe6 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,9 +1,6 @@
 #!/bin/sh
 
-echo "Changing permissions of /var/run/docker.sock for sibling containers"
-ls -al /var/run/docker.sock
-docker --version
-cat /etc/passwd
+docker --version >&2
 
 DOCKER_GROUP=$(stat -c '%g' /var/run/docker.sock)
 groupadd --non-unique --gid ${DOCKER_GROUP} dockeronhost

From c5d10d02fc83ed0453cffcbbd635e9747b4096f3 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <das7pad@outlook.com>
Date: Wed, 19 Feb 2020 12:23:20 +0100
Subject: [PATCH 2/4] [misc] move the sqlite database into a db/ directory

---
 .dockerignore               | 1 +
 Dockerfile                  | 2 ++
 buildscript.txt             | 1 +
 config/settings.defaults.js | 8 +++-----
 db/.gitignore               | 2 ++
 5 files changed, 9 insertions(+), 5 deletions(-)
 create mode 100644 db/.gitignore

diff --git a/.dockerignore b/.dockerignore
index ba1c344..35f8905 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -5,3 +5,4 @@ gitrev
 .npm
 .nvmrc
 nodemon.json
+db/
diff --git a/Dockerfile b/Dockerfile
index 27158b5..3fbae08 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,5 +24,7 @@ COPY . /app
 FROM base
 
 COPY --from=app /app /app
+RUN mkdir -p db \
+&&  chown node:node db
 
 CMD ["node", "--expose-gc", "app.js"]
diff --git a/buildscript.txt b/buildscript.txt
index 1f08934..72b0f6a 100644
--- a/buildscript.txt
+++ b/buildscript.txt
@@ -1,5 +1,6 @@
 clsi
 --acceptance-creds=None
+--data-dirs=db
 --dependencies=
 --docker-repos=gcr.io/overleaf-ops
 --env-add=
diff --git a/config/settings.defaults.js b/config/settings.defaults.js
index b0fd0cb..021c9cd 100644
--- a/config/settings.defaults.js
+++ b/config/settings.defaults.js
@@ -9,7 +9,7 @@ module.exports = {
       username: 'clsi',
       dialect: 'sqlite',
       storage:
-        process.env.SQLITE_PATH || Path.resolve(__dirname + '/../db.sqlite'),
+        process.env.SQLITE_PATH || Path.resolve(__dirname + '/../db/db.sqlite'),
       pool: {
         max: 1,
         min: 1
@@ -65,8 +65,7 @@ if (process.env.DOCKER_RUNNER) {
     dockerRunner: process.env.DOCKER_RUNNER === 'true',
     docker: {
       image:
-        process.env.TEXLIVE_IMAGE ||
-        'quay.io/sharelatex/texlive-full:2017.1',
+        process.env.TEXLIVE_IMAGE || 'quay.io/sharelatex/texlive-full:2017.1',
       env: {
         HOME: '/tmp'
       },
@@ -93,8 +92,7 @@ if (process.env.DOCKER_RUNNER) {
 
   module.exports.path.synctexBaseDir = () => '/compile'
 
-  module.exports.path.sandboxedCompilesHostDir =
-    process.env.COMPILES_HOST_DIR
+  module.exports.path.sandboxedCompilesHostDir = process.env.COMPILES_HOST_DIR
 
   module.exports.path.synctexBinHostPath = process.env.SYNCTEX_BIN_HOST_PATH
 }
diff --git a/db/.gitignore b/db/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/db/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore

From 4ee0dc2471d065053fe668718c2517e545600710 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <das7pad@outlook.com>
Date: Wed, 19 Feb 2020 12:06:28 +0100
Subject: [PATCH 3/4] [misc] narrow down write access/ownership for the
 run-time user

---
 .dockerignore   |  2 ++
 Dockerfile      |  4 ++--
 buildscript.txt |  2 +-
 entrypoint.sh   | 17 ++++++++---------
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index 35f8905..74fdc35 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -5,4 +5,6 @@ gitrev
 .npm
 .nvmrc
 nodemon.json
+cache/
+compiles/
 db/
diff --git a/Dockerfile b/Dockerfile
index 3fbae08..40615ad 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,7 +24,7 @@ COPY . /app
 FROM base
 
 COPY --from=app /app /app
-RUN mkdir -p db \
-&&  chown node:node db
+RUN mkdir -p cache compiles db \
+&&  chown node:node cache compiles db
 
 CMD ["node", "--expose-gc", "app.js"]
diff --git a/buildscript.txt b/buildscript.txt
index 72b0f6a..81d6546 100644
--- a/buildscript.txt
+++ b/buildscript.txt
@@ -1,6 +1,6 @@
 clsi
 --acceptance-creds=None
---data-dirs=db
+--data-dirs=cache,compiles,db
 --dependencies=
 --docker-repos=gcr.io/overleaf-ops
 --env-add=
diff --git a/entrypoint.sh b/entrypoint.sh
index e28bbe6..3e3f838 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,22 +2,21 @@
 
 docker --version >&2
 
+# add the node user to the docker group on the host
 DOCKER_GROUP=$(stat -c '%g' /var/run/docker.sock)
 groupadd --non-unique --gid ${DOCKER_GROUP} dockeronhost
 usermod -aG dockeronhost node
 
-mkdir -p /app/cache
-chown -R node:node /app/cache
+# compatibility: initial volume setup
+chown node:node /app/cache
+chown node:node /app/compiles
+chown node:node /app/db
 
-mkdir -p /app/compiles
-chown -R node:node /app/compiles
-
-chown -R node:node /app/bin/synctex
+# acceptance tests
 mkdir -p /app/test/acceptance/fixtures/tmp/
-chown -R node:node /app
-
-chown -R node:node /app/bin
+chown -R node:node /app/test/acceptance/fixtures
 
+# make synctex available for remount in compiles
 cp /app/bin/synctex /app/bin/synctex-mount/synctex
 
 exec runuser -u node -- "$@"

From 3db40804baaf30306f966e2cf506f594fa81de5b Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <das7pad@outlook.com>
Date: Fri, 27 Mar 2020 11:10:27 +0100
Subject: [PATCH 4/4] [misc] use a directory in /tmp for temporary data

---
 entrypoint.sh                              |  4 ---
 test/acceptance/js/ExampleDocumentTests.js | 29 +++++++++++++---------
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 3e3f838..2696574 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -12,10 +12,6 @@ chown node:node /app/cache
 chown node:node /app/compiles
 chown node:node /app/db
 
-# acceptance tests
-mkdir -p /app/test/acceptance/fixtures/tmp/
-chown -R node:node /app/test/acceptance/fixtures
-
 # make synctex available for remount in compiles
 cp /app/bin/synctex /app/bin/synctex-mount/synctex
 
diff --git a/test/acceptance/js/ExampleDocumentTests.js b/test/acceptance/js/ExampleDocumentTests.js
index 110b5d6..0134c0e 100644
--- a/test/acceptance/js/ExampleDocumentTests.js
+++ b/test/acceptance/js/ExampleDocumentTests.js
@@ -19,11 +19,17 @@ const Client = require('./helpers/Client')
 const request = require('request')
 require('chai').should()
 const fs = require('fs')
+const fsExtra = require('fs-extra')
 const ChildProcess = require('child_process')
 const ClsiApp = require('./helpers/ClsiApp')
 const logger = require('logger-sharelatex')
 const Path = require('path')
-const fixturePath = path => Path.normalize(__dirname + '/../fixtures/' + path)
+const fixturePath = path => {
+  if (path.slice(0, 3) === 'tmp') {
+    return '/tmp/clsi_acceptance_tests' + path.slice(3)
+  }
+  return Path.normalize(__dirname + '/../fixtures/' + path)
+}
 const process = require('process')
 console.log(
   process.pid,
@@ -32,13 +38,6 @@ console.log(
   process.getgroups(),
   'PID'
 )
-try {
-  console.log('creating tmp directory', fixturePath('tmp'))
-  fs.mkdirSync(fixturePath('tmp'))
-} catch (error) {
-  const err = error
-  console.log(err, fixturePath('tmp'), 'unable to create fixture tmp path')
-}
 
 const MOCHA_LATEX_TIMEOUT = 60 * 1000
 
@@ -201,10 +200,16 @@ Client.runServer(4242, fixturePath('examples'))
 
 describe('Example Documents', function() {
   before(function(done) {
-    return ChildProcess.exec('rm test/acceptance/fixtures/tmp/*').on(
-      'exit',
-      () => ClsiApp.ensureRunning(done)
-    )
+    ClsiApp.ensureRunning(done)
+  })
+  before(function(done) {
+    fsExtra.remove(fixturePath('tmp'), done)
+  })
+  before(function(done) {
+    fs.mkdir(fixturePath('tmp'), done)
+  })
+  after(function(done) {
+    fsExtra.remove(fixturePath('tmp'), done)
   })
 
   return Array.from(fs.readdirSync(fixturePath('examples'))).map(example_dir =>