Fix incorrect CurrentUser check for docker rootless (#24435 )

Many users report that 1.19 has a regression bug: the rootless image can't start if the UID is not 1000. https://github.com/go-gitea/gitea/issues/23632#issuecomment-1524589213 https://discourse.gitea.io/t/gitea-doesnt-start-after-update-to-1-19/6920/9 The problem is that the IsRunUserMatchCurrentUser logic is fragile, the "SSH" config is not ready when it executes. This PR is just a quick fix for 1.19. For 1.20, we need a clear and stable solution.
Fix user-cards format (#24428 ) (#24431 )
2025-07-15 00:01:25 -04:00 · 2023-04-29 23:47:04 -04:00 · 2023-04-29 22:05:34 -04:00 · 2023-04-29 09:43:37 +02:00
4 changed files with 19 additions and 11 deletions
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -282,6 +282,9 @@ func loadCommonSettingsFrom(cfg ConfigProvider) {
 	loadLogFrom(cfg)
 	loadServerFrom(cfg)
 	loadSSHFrom(cfg)
+
+	mustCurrentRunUserMatch(cfg) // it depends on the SSH config, only non-builtin SSH server requires this check
+
 	loadOAuth2From(cfg)
 	loadSecurityFrom(cfg)
 	loadAttachmentFrom(cfg)
@ -314,14 +317,6 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
 		RunMode = rootSec.Key("RUN_MODE").MustString("prod")
 	}
 	IsProd = strings.EqualFold(RunMode, "prod")
-	// Does not check run user when the install lock is off.
-	installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
-	if installLock {
-		currentUser, match := IsRunUserMatchCurrentUser(RunUser)
-		if !match {
-			log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
-		}
-	}

 	// check if we run as root
 	if os.Getuid() == 0 {
@ -333,6 +328,17 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
 	}
 }

+func mustCurrentRunUserMatch(rootCfg ConfigProvider) {
+	// Does not check run user when the "InstallLock" is off.
+	installLock := rootCfg.Section("security").Key("INSTALL_LOCK").MustBool(false)
+	if installLock {
+		currentUser, match := IsRunUserMatchCurrentUser(RunUser)
+		if !match {
+			log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
+		}
+	}
+}
+
 // CreateOrAppendToCustomConf creates or updates the custom config.
 // Use the callback to set individual values.
 func CreateOrAppendToCustomConf(purpose string, callback func(cfg *ini.File)) {
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -1226,7 +1226,7 @@ func RegisterRoutes(m *web.Route) {
 		}, repo.MustBeNotEmpty, reqRepoCodeReader, context.RepoRefByType(context.RepoRefTag, true))
 		m.Post("/tags/delete", repo.DeleteTag, reqSignIn,
 			repo.MustBeNotEmpty, context.RepoMustNotBeArchived(), reqRepoCodeWriter, context.RepoRef())
-	}, reqSignIn, context.RepoAssignment, context.UnitTypes())
+	}, ignSignIn, context.RepoAssignment, context.UnitTypes())

 	// Releases
 	m.Group("/{username}/{reponame}", func() {
--- a/templates/repo/user_cards.tmpl
+++ b/templates/repo/user_cards.tmpl
@ -1,4 +1,4 @@
-<div class="ui container user-cards">
+<div class="user-cards">
 	{{if .CardsTitle}}
 	<h2 class="ui dividing header">
 		{{.CardsTitle}}
--- a/templates/repo/watchers.tmpl
+++ b/templates/repo/watchers.tmpl
@ -1,6 +1,8 @@
 {{template "base/head" .}}
 <div role="main" aria-label="{{.Title}}" class="page-content repository watchers">
 	{{template "repo/header" .}}
-	{{template "repo/user_cards" .}}
+	<div class="ui container">
+		{{template "repo/user_cards" .}}
+	</div>
 </div>
 {{template "base/footer" .}}