Generating docs with a non-root user fails with pseudomuto/protoc-gen-doc:1.3.2:
> docker run -u 1000: --rm -it -v "$(pwd)/doc:/out" -v "$(pwd):/protos" pseudomuto/protoc-gen-doc foo.proto
google/protobuf/timestamp.proto: Read access is denied for file: /usr/local/include/google/protobuf/timestamp.proto
This is because, the includes for the google proto files are deployed to /usr/local/include in the docker image (pseudomuto/protoc-gen-doc:1.3.2). Unfortunately, the includes are only readable for root or staff-group users:
> docker run --rm -it --entrypoint /bin/sh pseudomuto/protoc-gen-doc
# ls -l /usr/local/include/google/protobuf
total 104
-rw-r----- 1 root staff 5820 Jul 30 2018 any.proto
This leads to the fact that the existing image cannot build docs in setups where the container does not run as root and where includes of the google types are present. Granting all other users read permission on the includes fixes the problem:
FROM pseudomuto/protoc-gen-doc:latest
RUN chmod -R a+r /usr/local/include
With such a modified image the above example works fine.
Consider a simple example file which uses the well-known formats from google:
Generating docs with a non-root user fails with
pseudomuto/protoc-gen-doc:1.3.2:This is because, the includes for the google proto files are deployed to /usr/local/include in the docker image (
pseudomuto/protoc-gen-doc:1.3.2). Unfortunately, the includes are only readable forrootorstaff-group users:This leads to the fact that the existing image cannot build docs in setups where the container does not run as root and where includes of the google types are present. Granting all other users read permission on the includes fixes the problem:
With such a modified image the above example works fine.