Docker: Use common entrypoint.sh script for develop and prod env #2076

2025-12-12 00:34:13 +01:00 · 2022-03-01 13:55:05 +01:00
parent 3eb753a413
commit 3fe573845c
33 changed files with 206 additions and 228 deletions
--- a/2
+++ b/2
@@ -5,7 +5,7 @@ FROM photoprism/develop:220225-bullseye
 # FROM photoprism/develop:impish   # Ubuntu 21.10, Codename "Impish Indri"
 # copy entrypoint script to container
-COPY --chown=root:root /docker/develop/entrypoint.sh /entrypoint.sh
+COPY --chown=root:root /scripts/dist/entrypoint.sh /entrypoint.sh
 # define working directory in container
 WORKDIR "/go/src/github.com/photoprism/photoprism"
--- a/4
+++ b/4
@@ -78,7 +78,7 @@ install:
 	env TMPDIR="$(BUILD_PATH)" ./scripts/dist/install-tensorflow.sh $(DESTDIR)
 	rm -rf --preserve-root $(DESTDIR)/include
 	(cd $(DESTDIR) && mkdir -p bin scripts lib assets config config/examples)
-	scripts/build.sh prod $(DESTDIR)/bin/$(BINARY_NAME)
+	./scripts/build.sh prod "$(DESTDIR)/bin/$(BINARY_NAME)"
 	[ -f "$(GOBIN)/gosu" ] || go install github.com/tianon/gosu@latest
 	cp $(GOBIN)/gosu $(DESTDIR)/bin/gosu
 	[ ! -f "$(GOBIN)/exif-read-tool" ] || cp $(GOBIN)/exif-read-tool $(DESTDIR)/bin/exif-read-tool
@@ -89,7 +89,7 @@ install:
 	chown -R $(INSTALL_USER) $(DESTDIR)
 	chmod -R $(INSTALL_MODE) $(DESTDIR)
 	chmod -R $(INSTALL_MODE_BIN) $(DESTDIR)/bin $(DESTDIR)/lib $(DESTDIR)/scripts/*.sh
-	echo "PhotoPrism $(BUILD_TAG) has been successfully installed in \"$(DESTDIR)\".\nEnjoy!"
+	@echo "PhotoPrism $(BUILD_TAG) has been successfully installed in \"$(DESTDIR)\".\nEnjoy!"
 install-go:
 	sudo scripts/dist/install-go.sh
 	go build -v ./...
--- a/docker/develop/armv7/Dockerfile
+++ b/docker/develop/armv7/Dockerfile
@@ -24,7 +24,6 @@ ENV DOCKER_ARCH=$TARGETARCH \
 # copy scripts and debian backports sources list
 COPY --chown=root:root --chmod=755 /scripts/dist/* /root/.local/bin/
 COPY --chown=root:root --chmod=644 /docker/develop/bullseye/sources.list /etc/apt/sources.list.d/bullseye.list
 COPY --chown=root:root --chmod=755 /docker/develop/entrypoint.sh /entrypoint.sh
 COPY --chown=root:root --chmod=644 /.my.cnf /etc/my.cnf
 # update image and install build dependencies
@@ -113,6 +112,7 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest; \
    echo "alias ll='ls -alh'" > /root/.bash_aliases && \
    echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/all && \
    cp /root/.local/bin/heif-convert.sh /usr/local/bin/heif-convert && \
    cp /root/.local/bin/entrypoint.sh /entrypoint.sh && \
    chmod -R a+rwX /go
 # set up project directory
@@ -125,7 +125,7 @@ WORKDIR "/go/src/github.com/photoprism/photoprism"
 # - 40000 (Go Debugger)
 EXPOSE 2342 2343 9515 40000
-# define container entrypoint script
+# set container entrypoint script
 ENTRYPOINT ["/entrypoint.sh"]
 # keep container running
--- a/docker/develop/bullseye-slim/Dockerfile
+++ b/docker/develop/bullseye-slim/Dockerfile
@@ -36,6 +36,8 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \
      wget \
      curl \
      make \
      sudo \
      bash \
      sqlite3 \
      tzdata \
      libc6 \
@@ -62,6 +64,7 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \
      /photoprism/storage/config \
      /photoprism/storage/cache \
    && \
    echo "ALL ALL=(ALL) NOPASSWD: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \
    cleanup.sh
 # define default directory and user
--- a/docker/develop/bullseye/Dockerfile
+++ b/docker/develop/bullseye/Dockerfile
@@ -24,7 +24,6 @@ ENV DOCKER_ARCH=$TARGETARCH \
 # copy scripts and debian backports sources list
 COPY --chown=root:root --chmod=755 /scripts/dist/* /root/.local/bin/
 COPY --chown=root:root --chmod=644 /docker/develop/bullseye/sources.list /etc/apt/sources.list.d/bullseye.list
 COPY --chown=root:root --chmod=755 /docker/develop/entrypoint.sh /entrypoint.sh
 COPY --chown=root:root --chmod=644 /.my.cnf /etc/my.cnf
 # update image and install build dependencies
@@ -124,6 +123,7 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
    echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
    echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/all && \
    cp /root/.local/bin/heif-convert.sh /usr/local/bin/heif-convert && \
    cp /root/.local/bin/entrypoint.sh /entrypoint.sh && \
    chmod -R a+rwX /go
 # set up project directory
@@ -136,7 +136,7 @@ WORKDIR "/go/src/github.com/photoprism/photoprism"
 # - 40000 (Go Debugger)
 EXPOSE 2342 2343 9515 40000
-# define container entrypoint script
+# set container entrypoint script
 ENTRYPOINT ["/entrypoint.sh"]
 # keep container running
--- a/docker/develop/buster/Dockerfile
+++ b/docker/develop/buster/Dockerfile
@@ -24,7 +24,6 @@ ENV DOCKER_ARCH=$TARGETARCH \
 # copy scripts and debian backports sources list
 COPY --chown=root:root --chmod=755 /scripts/dist/* /root/.local/bin/
 COPY --chown=root:root --chmod=644 /docker/develop/buster/sources.list /etc/apt/sources.list.d/buster.list
 COPY --chown=root:root --chmod=755 /docker/develop/entrypoint.sh /entrypoint.sh
 COPY --chown=root:root --chmod=644 /.my.cnf /etc/my.cnf
 # update image and install build dependencies
@@ -123,6 +122,7 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
    echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
    echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/all && \
    cp /root/.local/bin/heif-convert.sh /usr/local/bin/heif-convert && \
    cp /root/.local/bin/entrypoint.sh /entrypoint.sh && \
    chmod -R a+rwX /go
 # set up project directory
@@ -135,7 +135,7 @@ WORKDIR "/go/src/github.com/photoprism/photoprism"
 # - 40000 (Go Debugger)
 EXPOSE 2342 2343 9515 40000
-# define container entrypoint script
+# set container entrypoint script
 ENTRYPOINT ["/entrypoint.sh"]
 # keep container running
--- a/docker/develop/entrypoint.sh
+++ b/docker/develop/entrypoint.sh
@@ -1,112 +0,0 @@
 #!/usr/bin/env bash
 DOCKER_ARCH=${DOCKER_ARCH:-arch}
 DOCKER_ENV=${DOCKER_ENV:-unknown}
 DOCKER_TAG=${DOCKER_TAG:-unknown}
 if [[ $(id -u) == "0" ]]; then
  echo "started as root"
  if [[ ! -e /root/.init ]] && [[ ${PHOTOPRISM_INIT} ]]; then
    for target in $PHOTOPRISM_INIT; do
      echo "init ${target}..."
      make -f /go/src/github.com/photoprism/photoprism/scripts/dist/Makefile "${target}"
    done
    echo 1 >/root/.init
  fi
 else
  echo "started as uid $(id -u)"
 fi
 re='^[0-9]+$'
 # check for alternate umask variable
 if [[ -z ${PHOTOPRISM_UMASK} ]] && [[ ${UMASK} =~ $re ]] && [[ ${#UMASK} == 4 ]]; then
  PHOTOPRISM_UMASK=${UMASK}
 fi
 # set file-creation mode (umask)
 if [[ ${PHOTOPRISM_UMASK} =~ $re ]] && [[ ${#PHOTOPRISM_UMASK} == 4 ]]; then
  umask "${PHOTOPRISM_UMASK}"
 else
  umask 0002
 fi
 # show info
 echo "image: $DOCKER_ARCH-$DOCKER_ENV"
 echo "build: $DOCKER_TAG"
 echo "umask: \"$(umask)\" ($(umask -S))"
 # script must run as root to perform changes
 if [[ $(id -u) == "0" ]]; then
  # check for alternate user ID env variables
  if [[ -z ${PHOTOPRISM_UID} ]]; then
    if [[ ${UID} =~ $re ]] && [[ ${UID} != "0" ]]; then
      PHOTOPRISM_UID=${UID}
    elif [[ ${PUID} =~ $re ]] && [[ ${PUID} != "0" ]]; then
      PHOTOPRISM_UID=${PUID}
    fi
  fi
  # check for alternate group ID env variables
  if [[ -z ${PHOTOPRISM_GID} ]]; then
    if [[ ${GID} =~ $re ]] && [[ ${GID} != "0" ]]; then
      PHOTOPRISM_GID=${GID}
    elif [[ ${PGID} =~ $re ]] && [[ ${PGID} != "0" ]]; then
      PHOTOPRISM_GID=${PGID}
    fi
  fi
  # check uid and gid env variables
  if [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]] && [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then
    # RUN AS SPECIFIED USER + GROUP ID
    groupadd -g "${PHOTOPRISM_GID}" "group_${PHOTOPRISM_GID}" 2>/dev/null
    useradd -o -u "${PHOTOPRISM_UID}" -g "${PHOTOPRISM_GID}" -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null
    usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null
    if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
      echo "updating filesystem permissions..."
      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables filesystem permission updates"
      chown --preserve-root -Rcf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /go /photoprism /opt/photoprism /tmp/photoprism
      chmod --preserve-root -Rcf u+rwX /go/src/github.com/photoprism/photoprism/* /photoprism /opt/photoprism /tmp/photoprism
    fi
    echo "switching to uid ${PHOTOPRISM_UID}:${PHOTOPRISM_GID}"
    echo "${@}"
    gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
  elif [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then
    # RUN AS SPECIFIED USER ID
    useradd -o -u "${PHOTOPRISM_UID}" -g 1000 -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null
    usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null
    if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
      echo "updating filesystem permissions..."
      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables filesystem permission updates"
      chown --preserve-root -Rcf "${PHOTOPRISM_UID}" /go /photoprism /opt/photoprism /tmp/photoprism
      chmod --preserve-root -Rcf u+rwX /go/src/github.com/photoprism/photoprism/* /photoprism /opt/photoprism /tmp/photoprism
    fi
    echo "switching to uid ${PHOTOPRISM_UID}"
    echo "${@}"
    gosu "${PHOTOPRISM_UID}" "$@" &
  else
    # RUN AS ROOT
    echo "running as root"
    echo "${@}"
    "$@" &
  fi
 else
  # RUN AS NON-ROOT USER
  echo "running as uid $(id -u)"
  echo "${@}"
  "$@" &
 fi
 PID=$!
 trap "kill $PID" INT TERM
 wait
--- a/docker/develop/impish/Dockerfile
+++ b/docker/develop/impish/Dockerfile
@@ -23,7 +23,6 @@ ENV DOCKER_ARCH=$TARGETARCH \
 # copy scripts and debian backports sources list
 COPY --chown=root:root --chmod=755 /scripts/dist/* /root/.local/bin/
 COPY --chown=root:root --chmod=755 /docker/develop/entrypoint.sh /entrypoint.sh
 COPY --chown=root:root --chmod=644 /.my.cnf /etc/my.cnf
 # update image and install build dependencies
@@ -124,6 +123,7 @@ RUN /usr/local/go/bin/go install github.com/tianon/gosu@latest && \
    echo "alias go=richgo ll='ls -alh'" > /root/.bash_aliases && \
    echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/all && \
    cp /root/.local/bin/heif-convert.sh /usr/local/bin/heif-convert && \
    cp /root/.local/bin/entrypoint.sh /entrypoint.sh && \
    chmod -R a+rwX /go
 # set up project directory
@@ -136,7 +136,7 @@ WORKDIR "/go/src/github.com/photoprism/photoprism"
 # - 40000 (Go Debugger)
 EXPOSE 2342 2343 9515 40000
-# define container entrypoint script
+# set container entrypoint script
 ENTRYPOINT ["/entrypoint.sh"]
 # keep container running
--- a/docker/examples/arm64/docker-compose.yml
+++ b/docker/examples/arm64/docker-compose.yml
@@ -97,7 +97,6 @@ services:
      # PHOTOPRISM_UID: 1000
      # PHOTOPRISM_GID: 1000
      # PHOTOPRISM_UMASK: 0000
      HOME: "/photoprism"
    ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user)
    # user: "1000:1000"
    ## Share hardware devices with FFmpeg and TensorFlow (optional):
--- a/docker/examples/armv7/docker-compose.yml
+++ b/docker/examples/armv7/docker-compose.yml
@@ -90,7 +90,6 @@ services:
      # PHOTOPRISM_UID: 1000
      # PHOTOPRISM_GID: 1000
      # PHOTOPRISM_UMASK: 0000
      HOME: "/photoprism"
    ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user)
    # user: "1000:1000"
    ## Share hardware devices with FFmpeg and TensorFlow (optional):
--- a/docker/examples/cloud/docker-compose.yml
+++ b/docker/examples/cloud/docker-compose.yml
@@ -156,7 +156,6 @@ services:
      PHOTOPRISM_DATABASE_PASSWORD: "_admin_password_" # MariaDB or MySQL database user password
      ## Add/update packages (service must be started as root; options: update, gpu, tensorflow, davfs, clean):
      PHOTOPRISM_INIT: "update tensorflow clean"
      HOME: "/photoprism"
    working_dir: "/photoprism"
    ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
    volumes:
--- a/docker/examples/docker-compose.yml
+++ b/docker/examples/docker-compose.yml
@@ -90,7 +90,6 @@ services:
      # PHOTOPRISM_UID: 1000
      # PHOTOPRISM_GID: 1000
      # PHOTOPRISM_UMASK: 0000
      HOME: "/photoprism"
    ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user)
    # user: "1000:1000"
    ## Share hardware devices with FFmpeg and TensorFlow (optional):
--- a/docker/examples/macos/docker-compose.yml
+++ b/docker/examples/macos/docker-compose.yml
@@ -77,7 +77,6 @@ services:
      PHOTOPRISM_SITE_AUTHOR: ""
      ## Add/update packages (service must be started as root; options: update, gpu, tensorflow, davfs, clean):
      # PHOTOPRISM_INIT: "update gpu tensorflow clean"
      HOME: "/photoprism"
    ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
    volumes:
      # "/host/folder:/photoprism/folder"                # example
--- a/docker/examples/scheduler/docker-compose.yml
+++ b/docker/examples/scheduler/docker-compose.yml
@@ -87,7 +87,6 @@ services:
      # PHOTOPRISM_UID: 1000
      # PHOTOPRISM_GID: 1000
      # PHOTOPRISM_UMASK: 0000
      HOME: "/photoprism"
    ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user)
    # user: "1000:1000"
    working_dir: "/photoprism"
--- a/docker/examples/sqlite/docker-compose.yml
+++ b/docker/examples/sqlite/docker-compose.yml
@@ -80,7 +80,6 @@ services:
      # PHOTOPRISM_UID: 1000
      # PHOTOPRISM_GID: 1000
      # PHOTOPRISM_UMASK: 0000
      HOME: "/photoprism"
    ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user)
    # user: "1000:1000"
    working_dir: "/photoprism"
--- a/docker/examples/windows/docker-compose.yml
+++ b/docker/examples/windows/docker-compose.yml
@@ -80,7 +80,6 @@ services:
      PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
      PHOTOPRISM_SITE_DESCRIPTION: ""
      PHOTOPRISM_SITE_AUTHOR: ""
      HOME: "/photoprism"
    working_dir: "/photoprism"
    ## Storage Folders: use "/" not "\" as separator, "~" is a shortcut for C:/user/{username}, "." for the current directory
    volumes:
--- a/docker/photoprism/armv7/Dockerfile
+++ b/docker/photoprism/armv7/Dockerfile
@@ -96,6 +96,8 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \
      wget \
      curl \
      make \
      sudo \
      bash \
      mariadb-client \
      sqlite3 \
      tzdata \
@@ -121,6 +123,8 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \
      /photoprism/storage/config \
      /photoprism/storage/cache \
    && \
    echo "ALL ALL=(ALL) NOPASSWD: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \
    cp /opt/photoprism/scripts/entrypoint.sh /entrypoint.sh && \
    cleanup.sh
 # define default directory and user
@@ -129,8 +133,8 @@ WORKDIR /photoprism
 # expose default http port 2342
 EXPOSE 2342
-# define container entrypoint script
+# set container entrypoint script
-ENTRYPOINT ["/opt/photoprism/scripts/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
 # start app server
 CMD ["/opt/photoprism/bin/photoprism", "start"]
--- a/docker/photoprism/bullseye/Dockerfile
+++ b/docker/photoprism/bullseye/Dockerfile
@@ -85,9 +85,10 @@ EXPOSE 2342
 # copy app dist files and debian backports sources list
 COPY --from=build /opt/photoprism/ /opt/photoprism
 RUN cp /opt/photoprism/scripts/entrypoint.sh /entrypoint.sh
-# define container entrypoint script
+# set container entrypoint script
-ENTRYPOINT ["/opt/photoprism/scripts/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
 # start app server
 CMD ["/opt/photoprism/bin/photoprism", "start"]
--- a/docker/photoprism/buster/Dockerfile
+++ b/docker/photoprism/buster/Dockerfile
@@ -96,6 +96,8 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \
      wget \
      curl \
      make \
      sudo \
      bash \
      mariadb-client \
      sqlite3 \
      tzdata \
@@ -122,6 +124,8 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \
      /photoprism/storage/config \
      /photoprism/storage/cache \
    && \
    echo "ALL ALL=(ALL) NOPASSWD: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \
    cp /opt/photoprism/scripts/entrypoint.sh /entrypoint.sh && \
    cleanup.sh
 # define default directory and user
@@ -130,8 +134,8 @@ WORKDIR /photoprism
 # expose default http port 2342
 EXPOSE 2342
-# define container entrypoint script
+# set container entrypoint script
-ENTRYPOINT ["/opt/photoprism/scripts/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
 # start app server
 CMD ["/opt/photoprism/bin/photoprism", "start"]
--- a/docker/photoprism/impish/Dockerfile
+++ b/docker/photoprism/impish/Dockerfile
@@ -95,6 +95,8 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \
      wget \
      curl \
      make \
      sudo \
      bash \
      mariadb-client \
      sqlite3 \
      tzdata \
@@ -121,6 +123,8 @@ RUN echo 'Acquire::Retries "10";' > /etc/apt/apt.conf.d/80retry && \
      /photoprism/storage/config \
      /photoprism/storage/cache \
    && \
    echo "ALL ALL=(ALL) NOPASSWD: /opt/photoprism/scripts/entrypoint-init.sh" >> /etc/sudoers.d/init && \
    cp /opt/photoprism/scripts/entrypoint.sh /entrypoint.sh && \
    cleanup.sh
 # define default directory and user
@@ -129,8 +133,8 @@ WORKDIR /photoprism
 # expose default http port 2342
 EXPOSE 2342
-# define container entrypoint script
+# set container entrypoint script
-ENTRYPOINT ["/opt/photoprism/scripts/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
 # start app server
 CMD ["/opt/photoprism/bin/photoprism", "start"]
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -13,21 +13,28 @@ BUILD_DATE=$(date -u +%y%m%d)
 BUILD_VERSION=$(git describe --always)
 BUILD_TAG=${BUILD_DATE}-${BUILD_VERSION}
 BUILD_ID=${BUILD_TAG}-${BUILD_OS}-${BUILD_ARCH^^}
 BUILD_NAME=$(realpath "${2:-photoprism}")
 GO_BIN=${GO_BIN:-/usr/local/go/bin/go}
 echo "Building PhotoPrism ${BUILD_ID} ($1)..."
 if [[ $1 == "debug" ]]; then
-  go build -ldflags "-X main.version=${BUILD_ID}-DEBUG" -o $2 cmd/photoprism/photoprism.go
+  BUILD_CMD=("$GO_BIN" build -ldflags "-X main.version=${BUILD_ID}-DEBUG" -o "${BUILD_NAME}" cmd/photoprism/photoprism.go)
  du -h $2
 elif [[ $1 == "race" ]]; then
-  go build -race -ldflags "-X main.version=${BUILD_ID}-DEBUG" -o $2 cmd/photoprism/photoprism.go
+  BUILD_CMD=("$GO_BIN" build -race -ldflags "-X main.version=${BUILD_ID}-DEBUG" -o "${BUILD_NAME}" cmd/photoprism/photoprism.go)
  du -h $2
 elif [[ $1 == "static" ]]; then
-  go build -a -v -ldflags "-linkmode external -extldflags \"-static -L /usr/lib -ltensorflow\" -s -w -X main.version=${BUILD_ID}" -o $2 cmd/photoprism/photoprism.go
+  BUILD_CMD=("$GO_BIN" build -a -v -ldflags "-linkmode external -extldflags \"-static -L /usr/lib -ltensorflow\" -s -w -X main.version=${BUILD_ID}" -o "${BUILD_NAME}" cmd/photoprism/photoprism.go)
  du -h $2
 else
-  go build -ldflags "-extldflags \"-Wl,-rpath -Wl,\$ORIGIN/../lib\" -s -w -X main.version=${BUILD_ID}" -o $2 cmd/photoprism/photoprism.go
+  BUILD_CMD=("$GO_BIN" build -ldflags "-extldflags \"-Wl,-rpath -Wl,\$ORIGIN/../lib\" -s -w -X main.version=${BUILD_ID}" -o "${BUILD_NAME}" cmd/photoprism/photoprism.go)
  du -h $2
 fi
 # build binary
 echo "photoprism-bin: $BUILD_NAME"
 echo "command: ${BUILD_CMD[*]}"
 $GO_BIN version
 "${BUILD_CMD[@]}"
 # show size
 du -h "${BUILD_NAME}"
 echo "Done."
--- a/scripts/dist/cleanup.sh
+++ b/scripts/dist/cleanup.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/dist-upgrade.sh
+++ b/scripts/dist/dist-upgrade.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/entrypoint-init.sh
+++ b/scripts/dist/entrypoint-init.sh
@@ -0,0 +1,76 @@
 #!/usr/bin/env bash
 # INITIALIZES CONTAINER PACKAGES AND PERMISSIONS
 # abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
 fi
 # regular expressions
 re='^[0-9]+$'
 # detect environment
 case $DOCKER_ENV in
  prod)
    INIT_MAKEFILE="/opt/photoprism/scripts/Makefile"
    CHOWN_DIRS=("${PHOTOPRISM_HOME}" "${PHOTOPRISM_DIST}")
    CHMOD_DIRS=("${PHOTOPRISM_DIST}")
    ;;
  develop)
    INIT_MAKEFILE="/go/src/github.com/photoprism/photoprism/scripts/dist/Makefile"
    CHOWN_DIRS=("/go /photoprism" "/opt/photoprism" "/tmp/photoprism")
    CHMOD_DIRS=("/photoprism" "/opt/photoprism" "/tmp/photoprism")
    ;;
  *)
    echo "unsupported init environment \"$DOCKER_ENV\"";
    exit
    ;;
 esac
 if [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then
  if [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then
    groupadd -g "${PHOTOPRISM_GID}" "group_${PHOTOPRISM_GID}" 2>/dev/null
    useradd -o -u "${PHOTOPRISM_UID}" -g "${PHOTOPRISM_GID}" -d "${PHOTOPRISM_HOME}" "user_${PHOTOPRISM_UID}" 2>/dev/null
    usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null
    if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
      echo "updating filesystem permissions..."
      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables filesystem permission updates"
      chown --preserve-root -Rcf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "${CHOWN_DIRS[@]}"
      chmod --preserve-root -Rcf u+rwX "${CHMOD_DIRS[@]}"
    fi
  else
    useradd -o -u "${PHOTOPRISM_UID}" -g 1000 -d "${PHOTOPRISM_HOME}" "user_${PHOTOPRISM_UID}" 2>/dev/null
    usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null
    if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
      echo "updating filesystem permissions..."
      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables filesystem permission updates"
      chown --preserve-root -Rcf "${PHOTOPRISM_UID}" "${CHOWN_DIRS[@]}"
      chmod --preserve-root -Rcf u+rwX "${CHMOD_DIRS[@]}"
    fi
  fi
 fi
 # do nothing if PHOTOPRISM_INIT was not set
 if [[ -z ${PHOTOPRISM_INIT} ]]; then
  exit
 fi
 INIT_LOCK="/root/.init-lock"
 # execute targets via make
 if [[ ! -e ${INIT_LOCK} ]]; then
  for INIT_TARGET in $PHOTOPRISM_INIT; do
    echo "init $INIT_TARGET..."
    make -f "$INIT_MAKEFILE" "$INIT_TARGET}"
  done
  echo 1 >${INIT_LOCK}
 fi
--- a/scripts/dist/entrypoint.sh
+++ b/scripts/dist/entrypoint.sh
@@ -1,28 +1,68 @@
 #!/usr/bin/env bash
-DOCKER_ARCH=${DOCKER_ARCH:-arch}
+# regular expressions
-DOCKER_ENV=${DOCKER_ENV:-unknown}
+re='^[0-9]+$'
 DOCKER_TAG=${DOCKER_TAG:-unknown}
-if [[ $(id -u) == "0" ]]; then
+# set env defaults
-  echo "started as root"
+export DOCKER_ARCH=${DOCKER_ARCH:-arch}
 export DOCKER_ENV=${DOCKER_ENV:-unknown}
 export DOCKER_TAG=${DOCKER_TAG:-unknown}
-  if [[ ! -e /opt/photoprism/.init ]] && [[ ${PHOTOPRISM_INIT} ]]; then
+# detect environment
-    for target in $PHOTOPRISM_INIT; do
+case $DOCKER_ENV in
-      echo "init ${target}..."
+  prod)
-      make -f /opt/photoprism/scripts/Makefile "${target}"
+    INIT_SCRIPT="/opt/photoprism/scripts/entrypoint-init.sh"
-    done
+    ;;
-    echo 1 >/opt/photoprism/.init
+
  develop)
    INIT_SCRIPT="/go/src/github.com/photoprism/photoprism/scripts/dist/entrypoint-init.sh"
    ;;
  *)
    INIT_SCRIPT=""
    echo "unknown environment \"$DOCKER_ENV\"";
    ;;
 esac
 # set home and install path defaults
 export PHOTOPRISM_HOME=${PHOTOPRISM_HOME:-/photoprism}
 export PHOTOPRISM_DIST=${PHOTOPRISM_DIST:-/opt/photoprism}
 # normalize user and group ID environment variables
 if [[ -z ${PHOTOPRISM_UID} ]]; then
  if [[ ${UID} =~ $re ]] && [[ ${UID} != "0" ]]; then
    export PHOTOPRISM_UID=${UID}
  elif [[ ${PUID} =~ $re ]] && [[ ${PUID} != "0" ]]; then
    export PHOTOPRISM_UID=${PUID}
  fi
  if [[ -z ${PHOTOPRISM_GID} ]]; then
    if [[ ${GID} =~ $re ]] && [[ ${GID} != "0" ]]; then
      export PHOTOPRISM_GID=${GID}
    elif [[ ${PGID} =~ $re ]] && [[ ${PGID} != "0" ]]; then
      export PHOTOPRISM_GID=${PGID}
    fi
  fi
 fi
 # initialize container packages and permissions
 if [[ -f "${INIT_SCRIPT}" ]]; then
  if [[ $(id -u) == "0" ]]; then
    echo "init as root"
    bash -c "${INIT_SCRIPT}"
  else
    echo "init as uid $(id -u)"
    sudo -E "${INIT_SCRIPT}"
  fi
 else
  echo "started as uid $(id -u)"
 fi
-re='^[0-9]+$'
+# set explicit home directory
 export HOME="${PHOTOPRISM_HOME}"
 # check for alternate umask variable
 if [[ -z ${PHOTOPRISM_UMASK} ]] && [[ ${UMASK} =~ $re ]] && [[ ${#UMASK} == 4 ]]; then
-  PHOTOPRISM_UMASK=${UMASK}
+  export PHOTOPRISM_UMASK=${UMASK}
 fi
 # set file-creation mode (umask)
@@ -32,78 +72,37 @@ else
  umask 0002
 fi
-# show info
+# show container info
-echo "image: $DOCKER_ARCH-$DOCKER_ENV"
+echo "image: $DOCKER_ARCH-$DOCKER_ENV, build $DOCKER_TAG"
-echo "build: $DOCKER_TAG"
+echo "home: ${PHOTOPRISM_HOME}"
 echo "umask: \"$(umask)\" ($(umask -S))"
 echo "install-path: ${PHOTOPRISM_DIST}"
-# script must run as root to perform changes
+# change to another user and group on request
-if [[ $(id -u) == "0" ]]; then
+if [[ $(id -u) == "0" ]] && [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then
  # check for alternate user ID env variables
  if [[ -z ${PHOTOPRISM_UID} ]]; then
    if [[ ${UID} =~ $re ]] && [[ ${UID} != "0" ]]; then
      PHOTOPRISM_UID=${UID}
    elif [[ ${PUID} =~ $re ]] && [[ ${PUID} != "0" ]]; then
      PHOTOPRISM_UID=${PUID}
    fi
  fi
  # check for alternate group ID env variables
  if [[ -z ${PHOTOPRISM_GID} ]]; then
    if [[ ${GID} =~ $re ]] && [[ ${GID} != "0" ]]; then
      PHOTOPRISM_GID=${GID}
    elif [[ ${PGID} =~ $re ]] && [[ ${PGID} != "0" ]]; then
      PHOTOPRISM_GID=${PGID}
    fi
  fi
  # check uid and gid env variables
-  if [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]] && [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then
+  if [[ ${PHOTOPRISM_GID} =~ $re ]] && [[ ${PHOTOPRISM_GID} != "0" ]]; then
    # RUN AS SPECIFIED USER + GROUP ID
    groupadd -g "${PHOTOPRISM_GID}" "group_${PHOTOPRISM_GID}" 2>/dev/null
    useradd -o -u "${PHOTOPRISM_UID}" -g "${PHOTOPRISM_GID}" -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null
    usermod -g "${PHOTOPRISM_GID}" "user_${PHOTOPRISM_UID}" 2>/dev/null
    if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
      echo "updating filesystem permissions..."
      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables filesystem permission updates"
      chown --preserve-root -Rcf "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" /photoprism /opt/photoprism
      chmod --preserve-root -Rcf u+rwX /photoprism /opt/photoprism
    fi
    echo "switching to uid ${PHOTOPRISM_UID}:${PHOTOPRISM_GID}"
    echo "${@}"
-    gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" audit.sh && gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
+    # run command as uid:gid
-  elif [[ ${PHOTOPRISM_UID} =~ $re ]] && [[ ${PHOTOPRISM_UID} != "0" ]]; then
+    ([[ ${DOCKER_ENV} != "prod" ]] || gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" audit.sh) \
-    # RUN AS SPECIFIED USER ID
+    && gosu "${PHOTOPRISM_UID}:${PHOTOPRISM_GID}" "$@" &
-    useradd -o -u "${PHOTOPRISM_UID}" -g 1000 -d /photoprism "user_${PHOTOPRISM_UID}" 2>/dev/null
+  else
    usermod -g 1000 "user_${PHOTOPRISM_UID}" 2>/dev/null
    if [[ -z ${PHOTOPRISM_DISABLE_CHOWN} ]]; then
      echo "updating filesystem permissions..."
      echo "PHOTOPRISM_DISABLE_CHOWN: \"true\" disables filesystem permission updates"
      chown --preserve-root -Rcf "${PHOTOPRISM_UID}" /photoprism /opt/photoprism
      chmod --preserve-root -Rcf u+rwX /photoprism /opt/photoprism
    fi
    echo "switching to uid ${PHOTOPRISM_UID}"
    echo "${@}"
-    gosu "${PHOTOPRISM_UID}" audit.sh && gosu "${PHOTOPRISM_UID}" "$@" &
+    # run command as uid
-  else
+    ([[ ${DOCKER_ENV} != "prod" ]] || gosu "${PHOTOPRISM_UID}" audit.sh) \
-    # RUN AS ROOT
+    && gosu "${PHOTOPRISM_UID}" "$@" &
    echo "running as root"
    echo "${@}"
    audit.sh && "$@" &
  fi
 else
  # RUN AS NON-ROOT USER
  echo "running as uid $(id -u)"
  echo "${@}"
-   audit.sh && "$@" &
+  # run command
  ([[ ${DOCKER_ENV} != "prod" ]] || audit.sh) \
  && "$@" &
 fi
 PID=$!
--- a/scripts/dist/install-chrome.sh
+++ b/scripts/dist/install-chrome.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/install-darktable.sh
+++ b/scripts/dist/install-darktable.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/install-davfs.sh
+++ b/scripts/dist/install-davfs.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/install-go.sh
+++ b/scripts/dist/install-go.sh
@@ -4,7 +4,7 @@ GOLANG_VERSION=1.17.7
 DESTDIR=$(realpath "${1:-/usr/local}")
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/install-gpu.sh
+++ b/scripts/dist/install-gpu.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Error: Run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/install-mariadb.sh
+++ b/scripts/dist/install-mariadb.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/install-nodejs.sh
+++ b/scripts/dist/install-nodejs.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]]; then
  echo "Usage: run ${0##*/} as root" 1>&2
  exit 1
--- a/scripts/dist/install-tensorflow.sh
+++ b/scripts/dist/install-tensorflow.sh
@@ -16,7 +16,7 @@ fi
 TMPDIR=${TMPDIR:-/tmp}
-# abort if the user is not root
+# abort if not executed as root
 if [[ $(id -u) != "0" ]] && [[ $DESTDIR == "/usr" || $DESTDIR == "/usr/local" ]]; then
  echo "Error: Run ${0##*/} as root to install in a system directory!" 1>&2
  exit 1