Datafeeder init script

[jeanmi151]

init script for datafeeder bootstrap config to avoid copy-datadir and envsubst

copy-datadir and envsubst are only needed by datafeeder, it aims to simplify the docker-compose file (ongoing work)

[edevosc2c]

I believe this script should remain for Camptocamp internal usage only and should not be backported upstream because:

• It affects Kubernetes deployments using the geOrchestra Helm chart, which relies on the docker-master branch. Running this script there would cause the datadir initialization to happen twice.
• It copies files to /tmp/georchestra, which is non-standard for both georchestra/docker and georchestra/helm-charts, both of which use /etc/georchestra. This behavior is only required for a Camptocamp Docker Swarm deployment.

Additionally, embedding commands like this is as bad practice as injecting "apt-get install" inside a custom script. Such logic belongs either inside the Docker image or provided by an external program, not in the configuration repository.

[jeanmi151]

@edevosc2c this won't be present for kubernetes

it is mainly for docker-compose / swarm compatibility to remove copy-datadir and envsubst (for now I don't see other possibility)

This aim to be public for the future official docker-compose (that I am working on)

I believe injecting command is possible, but it is a none privilege user, so no apt install, but it means the attacker as already full access to the deployment and docker commands (he won't need to inject into env vars ;) ) . I don't think this is a valid attack scenario !