search

mealie-recipes / mealie

Mealie is a self hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in Vue for a pleasant user experience for the whole family. Easily add recipes into your database by providing the url and mealie will automatically import the relevant data or add a family recipe with the UI editor
https://docs.mealie.io
GNU Affero General Public License v3.0
6.78k stars 698 forks source link

[BUG] - PermissionError when `/run/secrets` is inaccessible #3852

Closed Birdy2014 closed 1 month ago

Birdy2014 commented 3 months ago

First Check

What is the issue you are experiencing?

The commit https://github.com/mealie-recipes/mealie/commit/445754c5d844ccf098f3678bc4f3cc9642bdaad6 causes mealie to fail with a PermissionError when the directory /run/secrets is not readable by mealie. This is the case when using NixOS with sops-nix

The error has been discussed at https://github.com/NixOS/nixpkgs/issues/321623 and https://github.com/NixOS/nixpkgs/pull/324034 .

Steps to Reproduce

1) Create the directory /run/secrets and make it inaccessible to mealie.

mkdir /run/secrets
chown root:root /run/secrets
chmod 751 /run/secrets

2) Start mealie as a non-root user.

Please provide relevant logs

Jul 02 14:35:47 rotkehlchen systemd[1]: Starting Mealie, a self hosted recipe manager and meal planner...
Jul 02 14:35:48 rotkehlchen init_db[42744]: Traceback (most recent call last):
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 316, in __call__
Jul 02 14:35:48 rotkehlchen init_db[42744]:     field_value, field_key, value_is_complex = self.get_field_value(field, field_name)
Jul 02 14:35:48 rotkehlchen init_db[42744]:                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 418, in get_field_value
Jul 02 14:35:48 rotkehlchen init_db[42744]:     path = self.find_case_path(self.secrets_path, env_name, self.case_sensitive)
Jul 02 14:35:48 rotkehlchen init_db[42744]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 397, in find_case_path
Jul 02 14:35:48 rotkehlchen init_db[42744]:     for f in dir_path.iterdir():
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/6b1fqdwb3g56j5pazv8zkx9qd0mv3wiz-python3-3.11.9/lib/python3.11/pathlib.py", line 931, in iterdir
Jul 02 14:35:48 rotkehlchen init_db[42744]:     for name in os.listdir(self):
Jul 02 14:35:48 rotkehlchen init_db[42744]:                 ^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]: PermissionError: [Errno 13] Permission denied: '/run/secrets'
Jul 02 14:35:48 rotkehlchen init_db[42744]: The above exception was the direct cause of the following exception:
Jul 02 14:35:48 rotkehlchen init_db[42744]: Traceback (most recent call last):
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/scripts/install_model.py", line 3, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42744]:     from mealie.services.parser_services import crfpp
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/services/parser_services/__init__.py", line 1, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42744]:     from .ingredient_parser import *
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/services/parser_services/ingredient_parser.py", line 7, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42744]:     from mealie.schema.recipe import RecipeIngredient
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/schema/recipe/__init__.py", line 2, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42744]:     from .recipe import (
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/schema/recipe/recipe.py", line 20, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42744]:     from ...db.models.recipe import (
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/db/models/recipe/__init__.py", line 3, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42744]:     from .category import *
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/db/models/recipe/category.py", line 16, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42744]:     logger = root_logger.get_logger()
Jul 02 14:35:48 rotkehlchen init_db[42744]:              ^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/core/root_logger.py", line 21, in get_logger
Jul 02 14:35:48 rotkehlchen init_db[42744]:     app_settings = get_app_settings()
Jul 02 14:35:48 rotkehlchen init_db[42744]:                    ^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/core/config.py", line 40, in get_app_settings
Jul 02 14:35:48 rotkehlchen init_db[42744]:     return app_settings_constructor(env_file=ENV, production=PRODUCTION, data_dir=determine_data_dir())
Jul 02 14:35:48 rotkehlchen init_db[42744]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/core/settings/settings.py", line 254, in app_settings_constructor
Jul 02 14:35:48 rotkehlchen init_db[42744]:     app_settings = AppSettings(
Jul 02 14:35:48 rotkehlchen init_db[42744]:                    ^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/main.py", line 85, in __init__
Jul 02 14:35:48 rotkehlchen init_db[42744]:     **__pydantic_self__._settings_build_values(
Jul 02 14:35:48 rotkehlchen init_db[42744]:       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/main.py", line 187, in _settings_build_values
Jul 02 14:35:48 rotkehlchen init_db[42744]:     return deep_update(*reversed([source() for source in sources]))
Jul 02 14:35:48 rotkehlchen init_db[42744]:                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/main.py", line 187, in <listcomp>
Jul 02 14:35:48 rotkehlchen init_db[42744]:     return deep_update(*reversed([source() for source in sources]))
Jul 02 14:35:48 rotkehlchen init_db[42744]:                                   ^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 382, in __call__
Jul 02 14:35:48 rotkehlchen init_db[42744]:     return super().__call__()
Jul 02 14:35:48 rotkehlchen init_db[42744]:            ^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42744]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 318, in __call__
Jul 02 14:35:48 rotkehlchen init_db[42744]:     raise SettingsError(
Jul 02 14:35:48 rotkehlchen init_db[42744]: pydantic_settings.sources.SettingsError: error getting value for field "theme" from source "SecretsSettingsSource"
Jul 02 14:35:48 rotkehlchen init_db[42745]: Traceback (most recent call last):
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 316, in __call__
Jul 02 14:35:48 rotkehlchen init_db[42745]:     field_value, field_key, value_is_complex = self.get_field_value(field, field_name)
Jul 02 14:35:48 rotkehlchen init_db[42745]:                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 418, in get_field_value
Jul 02 14:35:48 rotkehlchen init_db[42745]:     path = self.find_case_path(self.secrets_path, env_name, self.case_sensitive)
Jul 02 14:35:48 rotkehlchen init_db[42745]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 397, in find_case_path
Jul 02 14:35:48 rotkehlchen init_db[42745]:     for f in dir_path.iterdir():
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/6b1fqdwb3g56j5pazv8zkx9qd0mv3wiz-python3-3.11.9/lib/python3.11/pathlib.py", line 931, in iterdir
Jul 02 14:35:48 rotkehlchen init_db[42745]:     for name in os.listdir(self):
Jul 02 14:35:48 rotkehlchen init_db[42745]:                 ^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]: PermissionError: [Errno 13] Permission denied: '/run/secrets'
Jul 02 14:35:48 rotkehlchen init_db[42745]: The above exception was the direct cause of the following exception:
Jul 02 14:35:48 rotkehlchen init_db[42745]: Traceback (most recent call last):
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/db/init_db.py", line 13, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42745]:     from mealie.db.db_setup import session_context
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/db/db_setup.py", line 10, in <module>
Jul 02 14:35:48 rotkehlchen init_db[42745]:     settings = get_app_settings()
Jul 02 14:35:48 rotkehlchen init_db[42745]:                ^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/core/config.py", line 40, in get_app_settings
Jul 02 14:35:48 rotkehlchen init_db[42745]:     return app_settings_constructor(env_file=ENV, production=PRODUCTION, data_dir=determine_data_dir())
Jul 02 14:35:48 rotkehlchen init_db[42745]:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/fcdb8g2iiyhgf2w2xrnav06rbjknlh40-python3.11-mealie-1.9.0/lib/python3.11/site-packages/mealie/core/settings/settings.py", line 254, in app_settings_constructor
Jul 02 14:35:48 rotkehlchen init_db[42745]:     app_settings = AppSettings(
Jul 02 14:35:48 rotkehlchen init_db[42745]:                    ^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/main.py", line 85, in __init__
Jul 02 14:35:48 rotkehlchen init_db[42745]:     **__pydantic_self__._settings_build_values(
Jul 02 14:35:48 rotkehlchen init_db[42745]:       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/main.py", line 187, in _settings_build_values
Jul 02 14:35:48 rotkehlchen init_db[42745]:     return deep_update(*reversed([source() for source in sources]))
Jul 02 14:35:48 rotkehlchen init_db[42745]:                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/main.py", line 187, in <listcomp>
Jul 02 14:35:48 rotkehlchen init_db[42745]:     return deep_update(*reversed([source() for source in sources]))
Jul 02 14:35:48 rotkehlchen init_db[42745]:                                   ^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 382, in __call__
Jul 02 14:35:48 rotkehlchen init_db[42745]:     return super().__call__()
Jul 02 14:35:48 rotkehlchen init_db[42745]:            ^^^^^^^^^^^^^^^^^^
Jul 02 14:35:48 rotkehlchen init_db[42745]:   File "/nix/store/7pvk1sfzmdcgrb8qikgq2z9vql9y19wm-python3.11-pydantic-settings-2.2.1/lib/python3.11/site-packages/pydantic_settings/sources.py", line 318, in __call__
Jul 02 14:35:48 rotkehlchen init_db[42745]:     raise SettingsError(
Jul 02 14:35:48 rotkehlchen init_db[42745]: pydantic_settings.sources.SettingsError: error getting value for field "theme" from source "SecretsSettingsSource"
Jul 02 14:35:48 rotkehlchen systemd[1]: mealie.service: Control process exited, code=exited, status=1/FAILURE
Jul 02 14:35:48 rotkehlchen systemd[1]: mealie.service: Failed with result 'exit-code'.
Jul 02 14:35:48 rotkehlchen systemd[1]: Failed to start Mealie, a self hosted recipe manager and meal planner.
Jul 02 14:35:48 rotkehlchen systemd[1]: mealie.service: Consumed 1.169s CPU time, no IP traffic.

Mealie Version

1.9.0, but it should also affect 1.8.0.

Deployment

Other (please specify below)

Additional Deployment Details

NixOS module

boc-the-git commented 3 months ago

Can this be replicated on a normal docker deployment?

Birdy2014 commented 3 months ago

If you can create the directory in the container before starting mealie, it should be reproducible. But I'm not very familiar with docker and I don't think that the issue is relevant to it.

boc-the-git commented 3 months ago

I'm not going to confirm this as a bug, meaning it'll eventually go stale and get closed automatically.

I do though, welcome a PR to our code base that fixes this. Note that our only supported deployment method is via Docker so any change must be designed to work as well as possible for that scenario.

felixschndr commented 3 months ago

Can this be replicated on a normal docker deployment?

I get the same error message in a normal docker deployment, however for me it's just a WARN and Mealie continues to start up.

boc-the-git commented 3 months ago

@felixschndr I'd agree that's a bug that we want to resolve - can you please raise that when you get a chance?

The fix for that may, or may not, fix this issue.

felixschndr commented 3 months ago

can you please raise that when you get a chance?

What do you mean by that? Open a new issue?

boc-the-git commented 3 months ago

Open a new issue?

Yes, that's what I mean.

poperigby commented 2 months ago

Perhaps a USE_SECRETS_DIR variable could be available, that's enabled by default, and setting it to false would prevent trying to access /run/secrets?

felixschndr commented 2 months ago

Open a new issue?

Yes, that's what I mean.

Will do this next week, got pretty much stuff to do this week

felixschndr commented 2 months ago

@felixschndr I'd agree that's a bug that we want to resolve - can you please raise that when you get a chance?

Done: https://github.com/mealie-recipes/mealie/issues/3885

github-actions[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

poperigby commented 1 month ago

This is still relevant.