Permission denied after latest docker upgrade

[Aragur]

• Gitea version (or commit ref): 31aa00f
• Git version: 2.11.0
• Operating system: Debian
• Database (use [x]):
  • MySQL
• Can you reproduce the bug at https://try.gitea.io:
  • Not relevant
• Log gist:

gitea     | Found app.ini config file, migrating database
gitea     | migrate: /data/gitea/conf/app.ini: Permission denied
gitea     | Jan 10 15:41:14 syslogd started: BusyBox v1.28.4
gitea     | Jan 10 15:41:14 sshd[22]: Server listening on :: port 22.
gitea     | Jan 10 15:41:14 sshd[22]: Server listening on 0.0.0.0 port 22.
gitea     | 2019/01/10 15:41:14 [T] AppPath: /app/gitea/gitea
gitea     | 2019/01/10 15:41:14 [T] AppWorkPath: /app/gitea
gitea     | 2019/01/10 15:41:14 [T] Custom path: /data/gitea
gitea     | 2019/01/10 15:41:14 [T] Log path: /data/gitea/log
db_1_260cddf62aee | 2019-01-10T15:41:14.327150Z 2 [Note] Aborted connection 2 to db: 'gitea' user: 'gitea' host: '192.168.144.3' (Got an error reading communication packets)

Description

After upgrading my docker-compose instance from Gitea to the latest version I get the following error (as seen above).
I already tried chowning the my mounted gitea volume to 999 (docker) and 1000 (default Gitea user) with now success.

[apricote]

Can you add your docker-compose.yaml?

[Aragur]

Sure, this is my docker-compose.yml

version: '3.1'

networks:
  proxy:
    external:
      name: proxy
  gitea:
    external: false

services:
  server:
    image: gitea/gitea:latest
    container_name: gitea
    restart: always
    networks:
      - gitea
      - proxy
    volumes:
      - ./gitea:/data
    ports:
      - 2222:2222
    expose:
      - 3000
    depends_on:
      - db
  
  db:
    image: mysql:5.7
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD={{private}}
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD={{private}}
      - MYSQL_DATABASE=gitea
    networks:
      - gitea
    volumes:
      - ./mysql:/var/lib/mysql

I'm using the proxy network to connect to my nginx reverse proxy

[danofun]

I'm getting the same error. Was running without issue prior to the update.
docker-compose.yml

version: '3.6'
services:

  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    domainname: ${DOMAIN}
    ports:
      - "441:80"
      - "442:443"
      - "8082:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${CONFIG}/traefik/acme.json:/acme.json
      - ${CONFIG}/traefik/traefik.toml:/etc/traefik/traefik.toml
    environment:
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
      - CLOUDFLARE_API_KEY=${CLOUDFLARE_KEY}

  mariadb:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    container_name: mariadb
    restart: always
    volumes:
        - ${CONFIG}/mariadb:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}

  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    restart: always
    ports:
      - "2221:22"
    volumes:
      - ${CONFIG}/gitea:/data
    environment:
      - DB_TYPE=mysql
      - DB_HOST=mariadb:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=${MYSQL_PASSWORD}
      - "ROOT_URL=https://git.${DOMAIN}"
      - DISABLE_REGISTRATION=true
      - REQUIRE_SIGNIN_VIEW=true
      - USER_UID=${PUID}
      - USER_GID=${PGID}
      - TZ=${TZ}
    depends_on:
      - mariadb
    labels:
      - "traefik.enable=true"
      - "traefik.backend=gitea"
      - "traefik.frontend.rule=Host:git.${DOMAIN}"
      - "traefik.port=3000"
      - "traefik.protocol=http"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.SSLHost=${DOMAIN}"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.frameDeny=true"

[danofun]

For reference, reverting to gitea/gitea:1.7.0-rc2 corrects the error.

[pr4xx]

Same error here. Changing permissions in the mounted volume does not help for me.

[apricote]

The message migrate: /data/gitea/conf/app.ini: Permission denied is coming from PR #5290, though @pciavald said that it is not causing any problems for him.

Does Gitea still start for you?

[Aragur]

Nope Gitea isn't starting, caused by:

db_1_260cddf62aee | 2019-01-10T15:41:14.327150Z 2 [Note] Aborted connection 2 to db: 'gitea' user: 'gitea' host: '192.168.144.3' (Got an error reading communication packets)

[zeripath]

@apricote PR #5290 was to prevent that message from occuring so if it still is, then PR #5290 isn't working correctly - I suspect the message is coming up because gitea can't talk to the database - so hence the migrate is failing.

Got an error reading communication packets makes me highly suspicious of a problem with xorm. Is there anything in the xorm.log?

[Aragur]

@zeripath I checked my xorm.log and found the following lines repeatedly: https://pastebin.com/1J6CZkWW
I don't know if this is the normal behavior or not.

[zeripath]

Hmm so that xorm.log isn't particularly enlightening... There was a bug with migration that was recently fixed #5682 . I don't know if you would be able to retry and see if that solves your issue.

[Aragur]

I gave this PR a try, but this issue is still persistent in the latest version.

[zeripath]

Hmm do you mean latest or v1.7?

[Aragur]

1.7 is working fine.
Latest isn't working.

[zeripath]

Ok right, this is annoying.

If you're able to edit the entry point file of the latest could you try to change the migrate line to:

(cd /app/gitea; exec su-exec $USER /app/gitea/gitea migrate)

[Aragur]

How can I edit this file?
Do I have to build a docker image on my own?

[zeripath]

OK

ID=$(docker create gitea/gitea:latest)
docker exec $ID -i -t bash

Or something equivalent then you should be able to edit the /usr/bin/entrypoint file.

[Aragur]

After changing the entrypoint I get the following error:

[...gitea/cmd/migrate.go:47 runMigrate()] [E] Failed to initialize ORM engine: sync database struct error: Error 1265: Data truncated for column 'theme' at row 1

[zeripath]

You don't have the latest docker.

That's bug #5861 which was fixed in PR #5862 which was committed to master on January 12 as commit 9e9d1b8 and should have been in docker shortly after.

You need to remove your current docket image and get the latest docker image again. That is what I was asking a day ago.

I think however we should change the migrate line to the one I've suggested above as it's clearly better.

[Aragur]

I upgraded Docker to version 18.09.1, build 4c52b90
I also did a system prune.
I pulled the latest image of gitea.
I'm still getting: migrate: /data/gitea/conf/app.ini: Permission denied

[techknowlogick]

I've found that the second -c (the one passed to gitea migrate) is actually trying to be interpreted by su, and so I've incorporated the command that @zeripath suggested into the linked PR. I changed directory inside of su call, so that it doesn't change the working directory for the rest of the commands.

[zeripath]

@AragurDEV Sorry to hear you're still having problems. It's not our aim and we really do appreciate your patience.

Does Gitea still not start with the new docker image (I wouldn't necessarily be worried about the permission denied error if it does - it just means automigration isn't working.) If not, does changing the entrypoint line as I suggested, (copied again below), allow Gitea to start?

(cd /app/gitea; exec su-exec $USER /app/gitea/gitea migrate)

If it does, then we'll get the change put in to the master and you shouldn't have this problem again

Thanks once again for your patience.

[Aragur]

@zeripath No problem, that's what the latest tag is for :)

It's still not working with the latest image.
Also modifying the entrypoint doesn't solve it neither. (Maybe I'm editing the file wrongly.. Is there any guide how to do that?

[Keridos]

Latest still does not work for me even on latest commit 47ca106

[Aragur]

I'm having the same issue as @Keridos
Still getting:

[Note] Aborted connection 2 to db: 'gitea' user: 'gitea' host: '192.168.208.3' (Got an error reading communication packets)

[lunny]

@Keridos what's your logs?

[lunny]

@AragurDEV it seems that's another issue?

[Aragur]

@lunny it is the same issue as last time.
Just one line "permission denied" is missing.

[nik-bauer]

Have you guys been able to fix this problem or found a proper workaround?

[lunny]

@nik-bauer what's your issue? I think we have fixed this problem?

[pr4xx]

When I change my docker compose file from gitea:1.6.3 to gitea:latest it still comes not up. Containerlogs just show the same starting up messages every few seconds.

[lunny]

You could find logs on container's filesystem /data/gitea/log/

[pr4xx]

2019/01/12 00:23:40 [...itea/routers/init.go:61 GlobalInit()] [E] Failed to initialize ORM engine: sync database struct error: Error 1265: Data truncated for column 'theme' at row 1

[nik-bauer]

@lunny unfortunately I'm still getting the same issue as @pr4xx in the logs, as well as the initial Aborted connection 2 to db log message in the mariadb logs. Also I did set the default value for theme in the user table of the db to an empty string, since I read in another issue that this would be causing those error logs...
Was your fix by any chance depending on an up-to-date docker installation? Because I'm running Gitea as a docker instance on a Synology NAS which is limited to the docker install provided by Synology...

[danofun]

Same docker-compose as posted above. The permission denied error that started this thread is gone but gitea:latest still fails to run. Same error as @pr4xx and @nik-bauer. It appears the same error was encountered in #5681 but that issue has been marked as closed. In our use case, fix #5682 does not seem to be a working patch. As suggested in #5681 I've used phpMyAdmin to edit Database:gitea Table:User and changed the Table column for each entry from NULL to gitea. I now have a working gitea:latest

[nik-bauer]

@danofun thx to your reply I got it working now! The problem was that even though I set the default value for the field theme in the user table to an empty string, all entries still kept their prior NULL value. So I guess an easy auto fix would be for gitea to set all existing entries to an empty string in a future update?
For all the ppl looking for a quick fix:
Log into your MySQL db with: mysql -u root -p
Change to gitea database: use gitea;
Change all existing theme entries to empty string: update user set theme = '';
I hope all the MySQL commands are right, I was just recapping this from earlier today

[zuosc]

I also have the same problem. so how to solve it?

[lunny]

@zuosc I think there are serval problems in this thread. Please fire another issue to describe your issue.

[zuosc]

@zuosc I think there are serval problems in this thread. Please fire another issue to describe your issue.

#6130 here