search

linuxserver / docker-transmission

GNU General Public License v3.0
577 stars 179 forks source link

[BUG] Cann't set password from secret #242

Closed Buntelrus closed 1 year ago

Buntelrus commented 1 year ago

Is there an existing issue for this?

Current Behavior

When using FILE__PASS env in the container a proper PASS env with the correct password is created. But transmission is ignoring it and the password is just "".

Expected Behavior

Transmission password should equal to the content of the proper secret.

Steps To Reproduce

my conf:

  transmission:
    image: lscr.io/linuxserver/transmission:latest
    container_name: transmission
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
#      - TRANSMISSION_WEB_HOME= #optional
      - USER=buntel
      - FILE__PASS=/run/secrets/password # unfortunately, this is not working
#      - WHITELIST= #optional
#      - PEERPORT= #optional
#      - HOST_WHITELIST= #optional
    secrets:
      - password
    volumes:
      - ./config:/config
      - ./downloads:/downloads
      - ./watch:/watch

Environment

- OS: Arch, Ubuntu
- How docker service was installed: package manager, official Rekommandation

CPU architecture

x86-64

Docker creation

docker compose up -d

Container logs

transmission  | [migrations] started
transmission  | [migrations] no migrations found
transmission  | [env-init] PASS set from FILE__PASS
transmission  | ───────────────────────────────────────
transmission  | 
transmission  |       ██╗     ███████╗██╗ ██████╗ 
transmission  |       ██║     ██╔════╝██║██╔═══██╗
transmission  |       ██║     ███████╗██║██║   ██║
transmission  |       ██║     ╚════██║██║██║   ██║
transmission  |       ███████╗███████║██║╚██████╔╝
transmission  |       ╚══════╝╚══════╝╚═╝ ╚═════╝ 
transmission  | 
transmission  |    Brought to you by linuxserver.io
transmission  | ───────────────────────────────────────
transmission  | 
transmission  | To support LSIO projects visit:
transmission  | https://www.linuxserver.io/donate/
transmission  | 
transmission  | ───────────────────────────────────────
transmission  | GID/UID
transmission  | ───────────────────────────────────────
transmission  | 
transmission  | User UID:    1000
transmission  | User GID:    1000
transmission  | ───────────────────────────────────────
transmission  | 
transmission  | sed: unsupported command "
transmission  | # do daily/weekly/monthly maintenance
transmission  | # min   hour    day     month   weekday command
transmission  | */15    *       *       *       *       run-parts /etc/periodic/15min
transmission  | 0       *       *       *       *       run-parts /etc/periodic/hourly
transmission  | 0       2       *       *       *       run-parts /etc/periodic/daily
transmission  | 0       3       *       *       6       run-parts /etc/periodic/weekly
transmission  | 0       5       1       *       *       run-parts /etc/periodic/monthly
transmission  | 
transmission  | # run daily blocklist update
transmission  | 0 3 * * * /app/blocklist-update.sh 2>&1
transmission  | cp: not replacing '/config/crontabs/root'
transmission  | [custom-init] No custom files found, skipping...
transmission  | [ls.io-init] done.
github-actions[bot] commented 1 year ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

aptalca commented 1 year ago

The secret is probably not created correctly. See the docker docs to see how to create it properly: https://docs.docker.com/engine/swarm/secrets/#simple-example-get-started-with-secrets

Buntelrus commented 1 year ago

@aptalca

I define my secret as follows:

secrets:
  privatekey:
    file: ./privatekey.key
  password:
    file: ./password.txt

regarding to the documentation this should be correct. Furthermore I can access the the correct password with docker compose exec transmission cat /run/secrets/password but echo $PASS is empty.

Roxedus commented 1 year ago

PASS is not the same as password. The name of the file dictates the name of the var

kazbeel commented 1 year ago

I have faced the same problem recently. I finally decided to set the pass as a plain environment variable. To reproduce the problem I have created a minimum configuration project. I hope this helps.

Thanks for your incredible work!

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

Buntelrus commented 1 year ago

@aptalca @Roxedus could you reproduce this issue? I also put the comment by @kazbeel here:

To reproduce the problem I have created a minimum configuration project. I hope this helps.

Thanks for your incredible work!

What are the next steps? If you need more information or any help, please don't hesitate to reach out to me.

Thanks for your commitment!

Roxedus commented 1 year ago

Your secret files have trailing newlines. These are included in the variable. Aptalca hinted at this

Buntelrus commented 1 year ago

They have not. For other containers I define my secrets the same way and there is no issue. Also within the container the secret can be accessed and has the correct value (/run/secrets/{your-secret})

Roxedus commented 1 year ago

There is in the repro repo.

image
Buntelrus commented 1 year ago

Uhh - Sorry for that! Why is my System not showing them 🤔? Nevertheless this is not working. I've fixed the lines and improved test.sh from the contributed example (https://github.com/Buntelrus/linuxserver-transmission-with-secrets). But the ENVs are not set.

Roxedus commented 1 year ago

Works just fine when the compose is set up as the readme outlines.

index 978df47..2744fa8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,8 +1,8 @@
 secrets:
   transmission_user:
-    file: ./secrets/transmission_user
+    file: ${PWD}/secrets/transmission_user
   transmission_pass:
-    file: ./secrets/transmission_pass
+    file: ${PWD}/secrets/transmission_pass

 services:
   transmission:
@@ -10,8 +10,8 @@ services:
     container_name: transmission
     restart: unless-stopped
     volumes:
-      - ./docker/apps/transmission/config:/config
-      - ./docker/apps/transmission/downloads:/downloads
+      - ${PWD}/tmp/config:/config
+      - ${PWD}/tmp/downloads:/downloads
     secrets:
       - transmission_user
       - transmission_pass
@@ -19,9 +19,5 @@ services:
       PUID: ${PUID}
       PGID: ${PGID}
       TZ: ${TZ}
-      USER_FILE: /run/secrets/transmission_user
-      PASS_FILE: /run/secrets/transmission_pass
-      PEERPORT: 51413
-    ports:
-      - 51413:51413
-      - 51413:51413/udp
+      FILE__USER: /run/secrets/transmission_user
+      FILE__PASS: /run/secrets/transmission_pass
 ✔ Container transmission                                 Started
user-secret: user
pass-secret: pass
kazbeel commented 1 year ago

I will check that in the evening. Thank you!

One more thing, I wonder why the standard way of setting env vars from secrets does not work. I mean, the use of xxx_FILE.

Roxedus commented 1 year ago

There is no "standard way", it's all down to the implementation in the image. For the example in the docs, its implemented in the image like this

kazbeel commented 1 year ago

Thanks for the clarification!