From ad22712febb593a75f87a43af8a8da876d5263b8 Mon Sep 17 00:00:00 2001 From: thelamer Date: Mon, 22 Sep 2025 14:30:32 -0400 Subject: [PATCH 1/4] rebase to trixie --- Dockerfile | 2 +- README.md | 7 ++++--- readme-vars.yml | 11 +++-------- root/usr/bin/chromium | 13 +------------ 4 files changed, 9 insertions(+), 24 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5d8f9e6..07cfd16 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-selkies:debianbookworm +FROM ghcr.io/linuxserver/baseimage-selkies:debiantrixie # set version label ARG BUILD_DATE diff --git a/README.md b/README.md index a4f2661..b4fdd56 100644 --- a/README.md +++ b/README.md @@ -228,12 +228,12 @@ services: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - - SUBFOLDER=/ #optional volumes: - /path/to/config:/config ports: - 3000:3000 #optional - 3001:3001 #optional + shm_size: "1gb" restart: unless-stopped ``` @@ -245,10 +245,10 @@ docker run -d \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Etc/UTC \ - -e SUBFOLDER=/ `#optional` \ -p 3000:3000 `#optional` \ -p 3001:3001 `#optional` \ -v /path/to/config:/config \ + --shm-size="1gb" \ --restart unless-stopped \ lscr.io/linuxserver/digikam:latest ``` @@ -264,8 +264,8 @@ Containers are configured using parameters passed at runtime (such as those abov | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | -| `-e SUBFOLDER=/` | Specify a subfolder to use with reverse proxies, IE `/subfolder/` | | `-v /config` | Users home directory in the container, stores database. | +| `--shm-size=` | Recommended for all desktop images. | ## Environment variables from files (Docker secrets) @@ -429,6 +429,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **22.09.25:** - Rebase to Debian Trixie. * **28.07.25:** - Fix CPU usage bug by disabling fake udev. * **12.07.25:** - Rebase to Selkies, HTTPS IS NOW REQUIRED. * **03.04.25:** - Update chromium launch options to improve performance. diff --git a/readme-vars.yml b/readme-vars.yml index 808d01f..d844ffb 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -16,14 +16,6 @@ development_versions: false # container parameters common_param_env_vars_enabled: true param_container_name: "{{ project_name }}" -param_usage_include_env: true -param_usage_include_ports: false -param_env_vars: - - {env_var: "TZ", env_value: "America/New_York", desc: "Specify a timezone to use EG America/New_York."} -# optional variables -opt_param_usage_include_env: true -opt_param_env_vars: - - {env_var: "SUBFOLDER", env_value: "/", desc: "Specify a subfolder to use with reverse proxies, IE `/subfolder/`"} param_usage_include_vols: true param_volumes: - {vol_path: "/config", vol_host_path: "/path/to/config", desc: "Users home directory in the container, stores database."} @@ -32,6 +24,8 @@ opt_param_usage_include_ports: true opt_param_ports: - {external_port: "3000", internal_port: "3000", port_desc: "digiKam desktop gui HTTP, must be proxied"} - {external_port: "3001", internal_port: "3001", port_desc: "digiKam desktop gui HTTPS"} +custom_params: + - {name: "shm-size", name_compose: "shm_size", value: "1gb", desc: "Recommended for all desktop images."} # Selkies blurb settings selkies_blurb: true show_nvidia: true @@ -115,6 +109,7 @@ init_diagram: | "digikam:latest" <- Base Images # changelog changelogs: + - {date: "22.09.25:", desc: "Rebase to Debian Trixie."} - {date: "28.07.25:", desc: "Fix CPU usage bug by disabling fake udev."} - {date: "12.07.25:", desc: "Rebase to Selkies, HTTPS IS NOW REQUIRED."} - {date: "03.04.25:", desc: "Update chromium launch options to improve performance."} diff --git a/root/usr/bin/chromium b/root/usr/bin/chromium index 3d7f244..b8b75fa 100755 --- a/root/usr/bin/chromium +++ b/root/usr/bin/chromium @@ -7,17 +7,7 @@ if ! pgrep chromium > /dev/null;then rm -f $HOME/.config/chromium/Singleton* fi -# Run normally on privved containers or modified un non priv -if grep -q 'Seccomp:.0' /proc/1/status; then - ${BIN} \ - --no-first-run \ - --password-store=basic \ - --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' \ - --start-maximized \ - --user-data-dir \ - "$@" > /dev/null 2>&1 -else - ${BIN} \ +${BIN} \ --no-first-run \ --no-sandbox \ --password-store=basic \ @@ -26,4 +16,3 @@ else --test-type \ --user-data-dir \ "$@" > /dev/null 2>&1 -fi From 9f706f34e3fdf3278d2e88186df9983fc88bc222 Mon Sep 17 00:00:00 2001 From: thelamer Date: Mon, 22 Sep 2025 14:32:19 -0400 Subject: [PATCH 2/4] doc tweaks --- Dockerfile | 2 +- README.md | 12 ++++++------ readme-vars.yml | 9 ++++----- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 07cfd16..bded40e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -59,4 +59,4 @@ RUN \ COPY /root / # ports and volumes -EXPOSE 3000 +EXPOSE 3001 diff --git a/README.md b/README.md index b4fdd56..4ea2fb9 100644 --- a/README.md +++ b/README.md @@ -231,8 +231,8 @@ services: volumes: - /path/to/config:/config ports: - - 3000:3000 #optional - - 3001:3001 #optional + - 3000:3000 + - 3001:3001 shm_size: "1gb" restart: unless-stopped ``` @@ -245,8 +245,8 @@ docker run -d \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Etc/UTC \ - -p 3000:3000 `#optional` \ - -p 3001:3001 `#optional` \ + -p 3000:3000 \ + -p 3001:3001 \ -v /path/to/config:/config \ --shm-size="1gb" \ --restart unless-stopped \ @@ -259,8 +259,8 @@ Containers are configured using parameters passed at runtime (such as those abov | Parameter | Function | | :----: | --- | -| `-p 3000` | digiKam desktop gui HTTP, must be proxied | -| `-p 3001` | digiKam desktop gui HTTPS | +| `-p 3000:3000` | Calligra desktop gui HTTP, must be proxied. | +| `-p 3001:3001` | Calligra desktop gui HTTPS. | | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | diff --git a/readme-vars.yml b/readme-vars.yml index d844ffb..1c1fadb 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -19,11 +19,10 @@ param_container_name: "{{ project_name }}" param_usage_include_vols: true param_volumes: - {vol_path: "/config", vol_host_path: "/path/to/config", desc: "Users home directory in the container, stores database."} -# optional parameters -opt_param_usage_include_ports: true -opt_param_ports: - - {external_port: "3000", internal_port: "3000", port_desc: "digiKam desktop gui HTTP, must be proxied"} - - {external_port: "3001", internal_port: "3001", port_desc: "digiKam desktop gui HTTPS"} +param_usage_include_ports: true +param_ports: + - {external_port: "3000", internal_port: "3000", port_desc: "Calligra desktop gui HTTP, must be proxied."} + - {external_port: "3001", internal_port: "3001", port_desc: "Calligra desktop gui HTTPS."} custom_params: - {name: "shm-size", name_compose: "shm_size", value: "1gb", desc: "Recommended for all desktop images."} # Selkies blurb settings From 305a4c50665edf5689a86420363cee03234e372b Mon Sep 17 00:00:00 2001 From: thelamer Date: Mon, 22 Sep 2025 14:40:02 -0400 Subject: [PATCH 3/4] add syntax --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index bded40e..8a3d7a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1 + FROM ghcr.io/linuxserver/baseimage-selkies:debiantrixie # set version label From 96c3c792ab5b7c137f989de115fe592c08c9a09f Mon Sep 17 00:00:00 2001 From: thelamer Date: Tue, 23 Sep 2025 07:55:30 -0400 Subject: [PATCH 4/4] bad data in readme --- README.md | 6 ++++-- readme-vars.yml | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4ea2fb9..9511ab3 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,8 @@ By default, this container has no authentication. The optional `CUSTOM_USER` and The web interface includes a terminal with passwordless `sudo` access. Any user with access to the GUI can gain root control within the container, install arbitrary software, and probe your local network. +While not generally recommended, certain legacy environments specifically those with older hardware or outdated Linux distributions may require the deactivation of the standard seccomp profile to get containerized desktop software to run. This can be achieved by utilizing the `--security-opt seccomp=unconfined` parameter. It is critical to use this option only when absolutely necessary as it disables a key security layer of Docker, elevating the potential for container escape vulnerabilities. + ### Options in all Selkies-based GUI containers This container is based on [Docker Baseimage Selkies](https://github.com/linuxserver/docker-baseimage-selkies), which provides the following environment variables and run configurations to customize its functionality. @@ -259,8 +261,8 @@ Containers are configured using parameters passed at runtime (such as those abov | Parameter | Function | | :----: | --- | -| `-p 3000:3000` | Calligra desktop gui HTTP, must be proxied. | -| `-p 3001:3001` | Calligra desktop gui HTTPS. | +| `-p 3000:3000` | Digikam desktop gui HTTP, must be proxied. | +| `-p 3001:3001` | Digikam desktop gui HTTPS. | | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | diff --git a/readme-vars.yml b/readme-vars.yml index 1c1fadb..d1f9b21 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -21,8 +21,8 @@ param_volumes: - {vol_path: "/config", vol_host_path: "/path/to/config", desc: "Users home directory in the container, stores database."} param_usage_include_ports: true param_ports: - - {external_port: "3000", internal_port: "3000", port_desc: "Calligra desktop gui HTTP, must be proxied."} - - {external_port: "3001", internal_port: "3001", port_desc: "Calligra desktop gui HTTPS."} + - {external_port: "3000", internal_port: "3000", port_desc: "Digikam desktop gui HTTP, must be proxied."} + - {external_port: "3001", internal_port: "3001", port_desc: "Digikam desktop gui HTTPS."} custom_params: - {name: "shm-size", name_compose: "shm_size", value: "1gb", desc: "Recommended for all desktop images."} # Selkies blurb settings