Stirling-PDF/scripts/init-without-ocr.sh

#!/bin/bash

export JAVA_TOOL_OPTIONS="${JAVA_BASE_OPTS} ${JAVA_CUSTOM_OPTS}"
echo "running with JAVA_TOOL_OPTIONS ${JAVA_BASE_OPTS} ${JAVA_CUSTOM_OPTS}"

# Detect if we're running as root (UID 0)
RUNNING_AS_ROOT=false
if [ "$(id -u)" -eq 0 ]; then
    RUNNING_AS_ROOT=true
    echo "Running container as root, will attempt to drop privileges"
fi

# Only attempt user/group modifications if running as root
if [ "$RUNNING_AS_ROOT" = true ]; then
    # Update the user and group IDs as per environment variables
    if [ ! -z "$PUID" ] && [ "$PUID" != "$(id -u stirlingpdfuser)" ]; then
        usermod -o -u "$PUID" stirlingpdfuser || echo "[WARN] Failed to update UID for stirlingpdfuser"
    fi

    if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -f3)" ]; then
        groupmod -o -g "$PGID" stirlingpdfgroup || echo "[WARN] Failed to update GID for stirlingpdfgroup"
    fi
fi

# Apply umask in either case
umask "$UMASK" || true


# Skip download for fat Docker (already has security jar)
if [[ "$FAT_DOCKER" != "true" && "$RUNNING_AS_ROOT" = true ]]; then
  echo "Downloading security JAR (not necessary in fat Docker image)..."
  /scripts/download-security-jar.sh
elif [[ "$FAT_DOCKER" != "true" && "$RUNNING_AS_ROOT" != true ]]; then
  echo "[INFO] Skipping security JAR download in rootless mode"
fi

# Handle font installation
if [[ -n "$LANGS" && "$RUNNING_AS_ROOT" = true ]]; then
  echo "Installing fonts for languages: $LANGS"
  /scripts/installFonts.sh $LANGS
elif [[ -n "$LANGS" && "$RUNNING_AS_ROOT" != true ]]; then
  echo "[INFO] Skipping font installation in rootless mode"
fi

# Directory list we need to ensure are accessible
DIRS_TO_CHECK="$HOME /logs /scripts /usr/share/fonts/opentype/noto /configs /customFiles /customFiles/signatures /customFiles/templates /pipeline /pipeline/watchedFolders /pipeline/finishedFolders /usr/share/tessdata /tmp /tmp/stirling-pdf"
FILES_TO_CHECK="/app.jar"

# Skip copying tessdata files in rootless mode to avoid the error message
if [ "$RUNNING_AS_ROOT" = true ]; then
    # We're running as root, so try to copy tessdata files if they exist
    if [ -d "/usr/share/tessdata-original" ]; then
        echo "Copying original files without overwriting existing files"
        cp -n /usr/share/tessdata-original/* /usr/share/tessdata/ 2>/dev/null || true
    fi
    
    echo "Setting permissions and ownership for necessary directories..."
    # Attempt to change ownership of directories and files if running as root
    if chown -R stirlingpdfuser:stirlingpdfgroup $DIRS_TO_CHECK $FILES_TO_CHECK; then
        chmod -R 755 $DIRS_TO_CHECK $FILES_TO_CHECK || echo "[WARN] Failed to set directory permissions, but continuing"
        # If chown succeeds, execute the command as stirlingpdfuser
        echo "Running as stirlingpdfuser"
        exec su-exec stirlingpdfuser "$@"
    else
        # If chown fails, still try to make files accessible
        echo "[WARN] Chown failed, but will attempt to make files world-accessible"
        chmod -R 1777 /logs /configs /customFiles /pipeline || true
        echo "[WARN] Running as root user - could not drop privileges"
        exec "$@"
    fi
else
    # Already running as non-root (rootless mode)
    echo "Running in rootless mode"
    
    # In rootless mode, we'll only check critical paths that must be writable
    CRITICAL_DIRS="/configs /logs /customFiles /customFiles/signatures /customFiles/templates /pipeline/watchedFolders /pipeline/finishedFolders"
    
    for DIR in $CRITICAL_DIRS; do
        if [ -d "$DIR" ] && [ ! -w "$DIR" ]; then
            echo "[WARN] Cannot write to $DIR in rootless mode. Some functionality may be limited."
        fi
    done
    
    # Just execute the command as the current user
    echo "Executing as current user (UID: $(id -u))"
    exec "$@"
fi
print (WIP), fake scan (WIP) and text conversion for ultra-lite (#1098) * Changes! * lang * fake scan init, print init and pdf to text for exe * Hardening suggestions for Stirling-PDF / changes (#1099) * Switch order of literals to prevent NullPointerException * Introduced protections against predictable RNG abuse --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> * Update README.md * install custom fonts * Formats etc * version bump * disable WIP work * remove chinese font --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: systo <systo@host.docker.internal> 2024-04-21 23:06:44 +01:00			`#!/bin/bash`
fix for #531 plus seperated out some things 2023-12-18 14:52:18 +00:00
Security fixes, enterprise stuff and more (#3241) # Description of Changes Please provide a summary of the changes, including: - Enable user to add custom JAVA ops with env JAVA_CUSTOM_OPTS - Added support for prometheus (enabled via JAVA_CUSTOM_OPTS + enterprise license) - Changed settings from enterprise naming to 'Premium' - KeygenLicense Check to support offline licenses - Disable URL-to-PDF due to huge security bug - Remove loud Split PDF logs - addUsers renamed to adminSettings - Added Usage analytics page - Add user button to only be enabled based on total users free - Improve Merge memory usage Closes #(issue_number) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: a <a> Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: Connor Yoh <con.yoh13@gmail.com> 2025-03-25 17:57:17 +00:00			`export JAVA_TOOL_OPTIONS="${JAVA_BASE_OPTS} ${JAVA_CUSTOM_OPTS}"`
			`echo "running with JAVA_TOOL_OPTIONS ${JAVA_BASE_OPTS} ${JAVA_CUSTOM_OPTS}"`

rootless init 2025-05-20 21:37:03 +01:00			`# Detect if we're running as root (UID 0)`
			`RUNNING_AS_ROOT=false`
			`if [ "$(id -u)" -eq 0 ]; then`
			`RUNNING_AS_ROOT=true`
			`echo "Running container as root, will attempt to drop privileges"`
Custom uid (#883) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * fix for UMASK and extract cleanups 2024-03-08 20:49:19 +00:00			`fi`

rootless init 2025-05-20 21:37:03 +01:00			`# Only attempt user/group modifications if running as root`
			`if [ "$RUNNING_AS_ROOT" = true ]; then`
			`# Update the user and group IDs as per environment variables`
			`if [ ! -z "$PUID" ] && [ "$PUID" != "$(id -u stirlingpdfuser)" ]; then`
			`usermod -o -u "$PUID" stirlingpdfuser \|\| echo "[WARN] Failed to update UID for stirlingpdfuser"`
			`fi`
print (WIP), fake scan (WIP) and text conversion for ultra-lite (#1098) * Changes! * lang * fake scan init, print init and pdf to text for exe * Hardening suggestions for Stirling-PDF / changes (#1099) * Switch order of literals to prevent NullPointerException * Introduced protections against predictable RNG abuse --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> * Update README.md * install custom fonts * Formats etc * version bump * disable WIP work * remove chinese font --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: systo <systo@host.docker.internal> 2024-04-21 23:06:44 +01:00
rootless init 2025-05-20 21:37:03 +01:00			`if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup \| cut -d: -f3)" ]; then`
			`groupmod -o -g "$PGID" stirlingpdfgroup \|\| echo "[WARN] Failed to update GID for stirlingpdfgroup"`
			`fi`
Custom uid (#883) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * fix for UMASK and extract cleanups 2024-03-08 20:49:19 +00:00			`fi`
rootless init 2025-05-20 21:37:03 +01:00
			`# Apply umask in either case`
Number fxes (#898) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * fix for UMASK and extract cleanups * fixes for user #889 and #332 * increase session count for demo site * fix * gcc * formatting * number fixes init * \|\| true test * version bump * Hardening suggestions for Stirling-PDF / numberFxes (#899) Switch order of literals to prevent NullPointerException Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2024-03-10 14:00:00 +00:00			`umask "$UMASK" \|\| true`
Custom uid (#883) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * fix for UMASK and extract cleanups 2024-03-08 20:49:19 +00:00
non root user and fix book/html calibre (#856) * non root user and fix book/html calibre * version bump * Update docker-compose-latest.yml * remove customApp --------- Co-authored-by: systo <systo@host.docker.internal> 2024-03-04 20:51:49 +00:00
rootless init 2025-05-20 21:37:03 +01:00			`# Skip download for fat Docker (already has security jar)`
			`if [[ "$FAT_DOCKER" != "true" && "$RUNNING_AS_ROOT" = true ]]; then`
			`echo "Downloading security JAR (not necessary in fat Docker image)..."`
			`/scripts/download-security-jar.sh`
			`elif [[ "$FAT_DOCKER" != "true" && "$RUNNING_AS_ROOT" != true ]]; then`
			`echo "[INFO] Skipping security JAR download in rootless mode"`
fat docker 2024-06-01 12:38:10 +01:00			`fi`
fix for #531 plus seperated out some things 2023-12-18 14:52:18 +00:00
rootless init 2025-05-20 21:37:03 +01:00			`# Handle font installation`
			`if [[ -n "$LANGS" && "$RUNNING_AS_ROOT" = true ]]; then`
			`echo "Installing fonts for languages: $LANGS"`
fat docker 2024-06-01 12:38:10 +01:00			`/scripts/installFonts.sh $LANGS`
rootless init 2025-05-20 21:37:03 +01:00			`elif [[ -n "$LANGS" && "$RUNNING_AS_ROOT" != true ]]; then`
			`echo "[INFO] Skipping font installation in rootless mode"`
print (WIP), fake scan (WIP) and text conversion for ultra-lite (#1098) * Changes! * lang * fake scan init, print init and pdf to text for exe * Hardening suggestions for Stirling-PDF / changes (#1099) * Switch order of literals to prevent NullPointerException * Introduced protections against predictable RNG abuse --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> * Update README.md * install custom fonts * Formats etc * version bump * disable WIP work * remove chinese font --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: systo <systo@host.docker.internal> 2024-04-21 23:06:44 +01:00			`fi`

rootless init 2025-05-20 21:37:03 +01:00			`# Directory list we need to ensure are accessible`
			`DIRS_TO_CHECK="$HOME /logs /scripts /usr/share/fonts/opentype/noto /configs /customFiles /customFiles/signatures /customFiles/templates /pipeline /pipeline/watchedFolders /pipeline/finishedFolders /usr/share/tessdata /tmp /tmp/stirling-pdf"`
			`FILES_TO_CHECK="/app.jar"`

			`# Skip copying tessdata files in rootless mode to avoid the error message`
			`if [ "$RUNNING_AS_ROOT" = true ]; then`
			`# We're running as root, so try to copy tessdata files if they exist`
			`if [ -d "/usr/share/tessdata-original" ]; then`
			`echo "Copying original files without overwriting existing files"`
			`cp -n /usr/share/tessdata-original/* /usr/share/tessdata/ 2>/dev/null \|\| true`
			`fi`

			`echo "Setting permissions and ownership for necessary directories..."`
			`# Attempt to change ownership of directories and files if running as root`
			`if chown -R stirlingpdfuser:stirlingpdfgroup $DIRS_TO_CHECK $FILES_TO_CHECK; then`
			`chmod -R 755 $DIRS_TO_CHECK $FILES_TO_CHECK \|\| echo "[WARN] Failed to set directory permissions, but continuing"`
			`# If chown succeeds, execute the command as stirlingpdfuser`
			`echo "Running as stirlingpdfuser"`
			`exec su-exec stirlingpdfuser "$@"`
			`else`
			`# If chown fails, still try to make files accessible`
			`echo "[WARN] Chown failed, but will attempt to make files world-accessible"`
			`chmod -R 1777 /logs /configs /customFiles /pipeline \|\| true`
			`echo "[WARN] Running as root user - could not drop privileges"`
			`exec "$@"`
			`fi`
dep bumps and nonroot bypass (#910) * dep bumps and nonroot bypass * log changing 2024-03-13 22:09:56 +00:00			`else`
rootless init 2025-05-20 21:37:03 +01:00			`# Already running as non-root (rootless mode)`
			`echo "Running in rootless mode"`

			`# In rootless mode, we'll only check critical paths that must be writable`
			`CRITICAL_DIRS="/configs /logs /customFiles /customFiles/signatures /customFiles/templates /pipeline/watchedFolders /pipeline/finishedFolders"`

			`for DIR in $CRITICAL_DIRS; do`
			`if [ -d "$DIR" ] && [ ! -w "$DIR" ]; then`
			`echo "[WARN] Cannot write to $DIR in rootless mode. Some functionality may be limited."`
			`fi`
			`done`

			`# Just execute the command as the current user`
			`echo "Executing as current user (UID: $(id -u))"`
dep bumps and nonroot bypass (#910) * dep bumps and nonroot bypass * log changing 2024-03-13 22:09:56 +00:00			`exec "$@"`
			`fi`