From 0a9a8592041c93be965d0f3afda015dbc2790db2 Mon Sep 17 00:00:00 2001
From: thespad <spad@linuxserver.io>
Date: Fri, 20 Dec 2024 16:47:53 +0000
Subject: [PATCH] Rebase to 3.21

---
 Dockerfile                                    |  4 +--
 Dockerfile.aarch64                            |  4 +--
 README.md                                     |  6 +++++
 readme-vars.yml                               |  2 ++
 .../s6-rc.d/init-sabnzbd-config/run           | 16 ++++++-----
 root/etc/s6-overlay/s6-rc.d/svc-sabnzbd/run   | 27 ++++++++++++-------
 6 files changed, 38 insertions(+), 21 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5087484..eccef24 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@
 
 FROM ghcr.io/linuxserver/unrar:latest AS unrar
 
-FROM ghcr.io/linuxserver/baseimage-alpine:3.20
+FROM ghcr.io/linuxserver/baseimage-alpine:3.21
 
 # set version label
 ARG BUILD_DATE
@@ -44,7 +44,7 @@ RUN \
   pip install -U --no-cache-dir \
     pip \
     wheel && \
-  pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ -r requirements.txt && \
+  pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.21/ -r requirements.txt && \
   echo "**** build sab translations ****" && \
   python3 tools/make_mo.py && \
   echo "**** install par2cmdline-turbo from source ****" && \
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index ad6dfb4..d41d512 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -2,7 +2,7 @@
 
 FROM ghcr.io/linuxserver/unrar:arm64v8-latest AS unrar
 
-FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20
+FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21
 
 # set version label
 ARG BUILD_DATE
@@ -44,7 +44,7 @@ RUN \
   pip install -U --no-cache-dir \
     pip \
     wheel && \
-  pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ -r requirements.txt && \
+  pip install -U --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.21/ -r requirements.txt && \
   echo "**** build sab translations ****" && \
   python3 tools/make_mo.py && \
   echo "**** install par2cmdline-turbo from source ****" && \
diff --git a/README.md b/README.md
index 24871f1..63b9f0b 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,10 @@ The folks over at servarr.com wrote a good [write-up](https://wiki.servarr.com/d
 
 This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/).
 
+## Non-Root Operation
+
+This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/).
+
 ## Usage
 
 To help you get started creating a container from this image you can either use docker-compose or the docker cli.
@@ -143,6 +147,7 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-v /downloads` | Local path for finished downloads. |
 | `-v /incomplete-downloads` | Local path for incomplete-downloads. |
 | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
+| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). |
 
 ## Environment variables from files (Docker secrets)
 
@@ -306,6 +311,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **20.12.24:** - Rebase to Alpine 3.21.
 * **25.05.24:** - Rebase to Alpine 3.20, remove nzb-notify as apprise is now directly supported.
 * **23.12.23:** - Rebase to Alpine 3.19.
 * **23.11.23:** - Build translations.
diff --git a/readme-vars.yml b/readme-vars.yml
index fd71172..e8aebc2 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -31,6 +31,7 @@ opt_param_volumes:
   - {vol_path: "/downloads", vol_host_path: "/path/to/downloads", desc: "Local path for finished downloads."}
   - {vol_path: "/incomplete-downloads", vol_host_path: "/path/to/incomplete/downloads", desc: "Local path for incomplete-downloads."}
 readonly_supported: true
+nonroot_supported: true
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
@@ -90,6 +91,7 @@ init_diagram: |
   "sabnzbd:unstable" <- Base Images
 # changelog
 changelogs:
+  - {date: "20.12.24:", desc: "Rebase to Alpine 3.21."}
   - {date: "25.05.24:", desc: "Rebase to Alpine 3.20, remove nzb-notify as apprise is now directly supported."}
   - {date: "23.12.23:", desc: "Rebase to Alpine 3.19."}
   - {date: "23.11.23:", desc: "Build translations."}
diff --git a/root/etc/s6-overlay/s6-rc.d/init-sabnzbd-config/run b/root/etc/s6-overlay/s6-rc.d/init-sabnzbd-config/run
index 97d3822..7248c9f 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-sabnzbd-config/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-sabnzbd-config/run
@@ -1,12 +1,14 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
-if grep -qe ' /downloads ' /proc/mounts; then
-    lsiown abc:abc /downloads
-fi
+if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
+    if grep -qe ' /downloads ' /proc/mounts; then
+        lsiown abc:abc /downloads
+    fi
 
-if grep -qe ' /incomplete-downloads ' /proc/mounts; then
-    lsiown abc:abc /incomplete-downloads
-fi
+    if grep -qe ' /incomplete-downloads ' /proc/mounts; then
+        lsiown abc:abc /incomplete-downloads
+    fi
 
-find /config -path /config/Downloads -prune -o -exec lsiown abc:abc {} +
+    find /config -path /config/Downloads -prune -o -exec lsiown abc:abc {} +
+fi
diff --git a/root/etc/s6-overlay/s6-rc.d/svc-sabnzbd/run b/root/etc/s6-overlay/s6-rc.d/svc-sabnzbd/run
index f7786ef..0869f8b 100755
--- a/root/etc/s6-overlay/s6-rc.d/svc-sabnzbd/run
+++ b/root/etc/s6-overlay/s6-rc.d/svc-sabnzbd/run
@@ -3,14 +3,21 @@
 
 FAMILY=::
 
-if [ "$HAS_IPV6" = "false" ]; then
-    FAMILY=0.0.0.0
-    sed '/ip6-/d' /etc/hosts > /etc/hosts.new
-    cat /etc/hosts.new > /etc/hosts
-    rm /etc/hosts.new
-fi
+if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
+    if [[ "$HAS_IPV6" = "false" ]]; then
+        FAMILY=0.0.0.0
+        sed '/ip6-/d' /etc/hosts > /etc/hosts.new
+        cat /etc/hosts.new > /etc/hosts
+        rm /etc/hosts.new
+    fi
 
-exec \
-    s6-notifyoncheck -d -n 300 -w 1000 \
-        s6-setuidgid abc python3 /app/sabnzbd/SABnzbd.py \
-        --config-file /config --server "$FAMILY"
+    exec \
+        s6-notifyoncheck -d -n 300 -w 1000 \
+            s6-setuidgid abc python3 /app/sabnzbd/SABnzbd.py \
+            --config-file /config --server "$FAMILY"
+else
+    exec \
+        s6-notifyoncheck -d -n 300 -w 1000 \
+            python3 /app/sabnzbd/SABnzbd.py \
+            --config-file /config --server "$FAMILY"
+fi