fix: docker repository initialization race condition

If we don't pass the `--api` command line flag to the health check command and the kubo daemon is not running `ipfs dag stat` will initialize the repository. Oftentimes (always?) the health check command is run as root. This means the repo will be owned by root and if the Kubo daemon process later tries to access it it will raise a permission denied error because it'll run as a non-privileged user by default. Therefore, this change will pass the `--api` flag to the `ipfs dag stat` command. We can make a few assumptions here because we're in the constrained environment of a docker container. I can't come up with a reason why you would want to remap the internal API port to something else than 5001, so I'm hard coding it here.
ipfs · Jun 26, 2023 · 095bc29 · 095bc29
1 parent 67cd516
commit 095bc29
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -118,7 +118,7 @@ ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"]
 # Healthcheck for the container
 # QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn is the CID of empty folder
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD ipfs dag stat /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn || exit 1
+  CMD ipfs --api=/ip4/127.0.0.1/tcp/5001 dag stat /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn || exit 1
 
 # Execute the daemon subcommand by default
 CMD ["daemon", "--migrate=true", "--agent-version-suffix=docker"]