Three independent operational hardening fixes salvaged from PR #1686
(@binhpt310) after the parent PR was deferred over a separate sibling-repo
build-context concern unrelated to these fixes:
1. start.sh's .env loader now filters readonly bash vars (UID, GID, EUID,
EGID, PPID) before `source`-ing. docker-compose.yml's macOS instructions
document `echo "UID=$(id -u)" >> .env` to set host UID/GID for bind-mount
permission fixing — that .env was crashing start.sh with
`UID: readonly variable` when `set -a; source ...; set +a` tried to
assign to those names. Replaced with
`source <(grep -vE '^[[:space:]]*(export[[:space:]]+)?(UID|GID|EUID|EGID|PPID)=' "${REPO_ROOT}/.env")`.
The bootstrap regression guard at tests/test_bootstrap_dotenv.py:181
still passes — both `source` and `.env` are still on the modified line.
2. start.sh now defensively re-execs as the unprivileged hermeswebui user
when invoked as root. Fires only when EUID==0 AND a hermeswebui user
actually exists AND sudo is on PATH — so it's a no-op on host machines
without the container user setup. The production image's entrypoint
(docker_init.bash) already drops to hermeswebui before invoking start.sh,
so this is a no-op on the canonical container path; it only matters for
`sudo ./start.sh` or accidental root shells inside the container during
interactive debugging.
3. Dockerfile installs xz-utils + git apt packages. xz-utils is required
to decompress .tar.xz archives (e.g. Node.js distribution tarballs);
git is needed for `git describe` (powers WEBUI_VERSION resolution at
api/updates.py:_detect_webui_version) and any clone-based agent install
path. Both are tiny apt packages on top of python:3.12-slim with no
measurable image-size impact.
What's NOT in this commit (deferred from #1686):
- Pre-baking hermes-agent source into the image via
`COPY hermes-agent-desktop/hermes-agent /opt/hermes/` plus a build-context
flip to `..`. Requires a sibling-repo layout that breaks the canonical
`git clone hermes-webui && cd hermes-webui && docker compose build` flow.
The right shape is a build arg gating the COPY behind
--build-arg WITH_AGENT_SOURCE=1; left to a separate PR.
- Pre-installing Node.js 22 LTS system-wide. Real motivation but worth
evaluating the fix shape (full Node bake vs. opt-in vs. layer cache)
separately from these three operational fixes.
Tests: tests/test_docker_env_readonly_vars.py — 11 tests (4 source-grep
on the start.sh filter pattern + 5 behavioral that actually run bash
against synthetic .env files containing readonly vars + 2 Dockerfile
package-presence tests). All 11 pass. Behavioral tests skip if bash
is not on PATH.
Full suite: 5028 → 5036 passing (+8 net new after pytest collection
counted some behavioral tests under skip), 0 regressions, 147.84s.
Closes the operational-hardening portion of #1686.
Co-authored-by: binhpt310 <binhpt310@users.noreply.github.com>
nesquena-hermes