Apply patch during build time

2024-11-23 10:51:10 +01:00 · 2023-01-24 01:24:46 +01:00 · 2023-01-24 01:24:46 +01:00 · fedfaeafc4
commit fedfaeafc4
parent bb3f62ef10
3 changed files with 39 additions and 19 deletions
--- a/4
+++ b/4
@ -32,7 +32,9 @@ RUN apk add --update --no-cache patch

 COPY --from=rootfs ["/", "/"]

-RUN chmod a+x /usr/local/bin/wp
+RUN set -eux \
+    && chmod a+x /usr/local/bin/wp \
+    && wp-apply-patch "/etc/wp-mods/wp-admin-update-core.patch" "/var/www/html/wp-admin/update-core.php" "true"

 ARG WP_VERSION
 ENV WP_VERSION="${WP_VERSION}"
--- a/rootfs/etc/cont-init.d/10-verify-wordpress
+++ b/rootfs/etc/cont-init.d/10-verify-wordpress
@ -16,17 +16,6 @@ function scriptExitHandler() {
  exit "${LAST_EXIT_CODE}"
 }

-# Applies patch for making WordPress updates impossible
-function disableUpdatesPatch() {
-  DISABLE_WP_UPDATES="${ENFORCE_DISABLE_WP_UPDATES:-true}"
-  if [ "${DISABLE_WP_UPDATES}" != "false" ]; then
-    echo "> Disabling WordPress updates..."
-    patch /var/www/html/wp-admin/update-core.php </etc/wp-mods/wp-admin-update-core.patch
-    echo "> Marking the patched file read-only..."
-    chmod 0440 /var/www/html/wp-admin/update-core.php
-  fi
-}
-
 # Main function
 function main() {
  # Removes trailing zero if found
@ -53,13 +42,6 @@ function main() {
    return 0
  else
    echo "> Identified 'WordPress ${WP_VERSION}'"
-
-    # This will apply patch once and again only if container is recreated
-    if [ ! -f "/var/www/patch-applied" ]; then
-        disableUpdatesPatch
-        touch "/var/www/patch-applied"
-    fi
-
  fi
 }

--- a/rootfs/usr/local/bin/wp-apply-patch
+++ b/rootfs/usr/local/bin/wp-apply-patch
@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Applies patch for preventing WordPress updates
+function main() {
+    PATCH_FILE="${1:?PATCH_FILE is required}"
+    TARGET_FILE="${2:?TARGET_FILE is required}"
+
+    if [ ! -f "${PATCH_FILE}" ]; then
+        echo ">	No such	file [PATCH]: ${PATCH_FILE}"
+        return 1
+    fi
+
+    if [ ! -f "${TARGET_FILE}" ]; then
+        echo "> No such file [TARGET]: ${TARGET_FILE}"
+        return 1
+    fi
+
+    echo "> Loading patch ${PATCH_FILE}"
+    echo "  Patching '${TARGET_FILE}'..."
+    patch --verbose "${TARGET_FILE}" <"${PATCH_FILE}"
+
+    MARK_READ_ONLY="${3:-true}"
+    if [ "${MARK_READ_ONLY}" = "true" ]; then
+        # This is done in order to prevent WordPress overwriting the file
+        echo "  Marking the patched file read-only..."
+        chmod 0440 "${TARGET_FILE}"
+    fi
+
+    return 0
+}
+
+# Usage: main /etc/wp-mods/wp-admin-update-core.patch /var/www/html/wp-admin/update-core.php ?true|false
+main "${@}"
+exit $?