Gitea docker: Configuration missing after upgrade from 1.21.0 to 1.21.1

[rosch100]

Description

After pulling from the latest image (1.21.1) and restarting the docker container, the website starts with a completely new configuration.
A downgrade to 1.21.0. resolves it for the time being.

Gitea Version

1.21.1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

dockerhub

How are you running Gitea?

dockerhub gitea/gitea

Database

MySQL/MariaDB

[stancubed]

Same here. Compose file is below! I should also mention that changing image to gitea/gitea:1.21.0 resolves the issue for now but it's manual and creates an issue for those of us who want (or need) stable updates for security or functionality reasons and don't have a good process to perform manual updates by iterating versions.

version: "3"

services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - TZ=US/Central
    restart: unless-stopped
    volumes:
      - $local-path/git:/storage
      - $local-path/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3030:3000"
      - "222:22"

[haiopaii]

same problem here.

---
version: '3.3'

services:
  gitea-db:
    image: mariadb:10.4
    container_name: gitea-db
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /var/docker/gitea/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=gitea
      - GITEA__mailer__ENABLED=false

  gitea-app:
    image: gitea/gitea:latest
    container_name: gitea-app
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /var/docker/gitea/data:/data
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST=gitea-db:3306
      - DB_NAME=gitea
      - DB_USER=${MYSQL_USER}
      - DB_PASSWD=${MYSQL_PASSWORD}
      - DISABLE_REGISTRATION=true
    depends_on:
      - gitea-db

also mariadb gets crashed

gitea-db     | 2023-11-26 18:27:15+01:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
gitea-db     | 2023-11-26 18:27:15+01:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.4.22+maria~focal started.
gitea-db     | 2023-11-26 18:27:15 0 [Note] mysqld (mysqld 10.4.22-MariaDB-1:10.4.22+maria~focal) starting as process 1 ...
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Using Linux native AIO
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Uses event mutexes
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Number of pools: 1
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Using generic crc32 instructions
gitea-db     | 2023-11-26 18:27:15 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Completed initialization of buffer pool
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
gitea-db     | 2023-11-26 18:27:15 0 [ERROR] InnoDB: Unsupported redo log format. The redo log was created with MariaDB 10.10.2.
gitea-db     | 2023-11-26 18:27:15 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
gitea-db     | 2023-11-26 18:27:15 0 [Note] InnoDB: Starting shutdown...
gitea-db     | 2023-11-26 18:27:16 0 [ERROR] Plugin 'InnoDB' init function returned error.
gitea-db     | 2023-11-26 18:27:16 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
gitea-db     | 2023-11-26 18:27:16 0 [Note] Plugin 'FEEDBACK' is disabled.
gitea-db     | 2023-11-26 18:27:16 0 [ERROR] Unknown/unsupported storage engine: InnoDB
gitea-db     | 2023-11-26 18:27:16 0 [ERROR] Aborting
gitea-db exited with code 1

[mishac]

It looks like some sort of permissions issue. In my case the the volume is chowned to user id 8133, and in my docker compose I have UID=8133, but when I go into the container uid 8133 doesn't exist and the data folder is inaccessible (permission denied).

[kozhin]

Same for me. Using Gitea with PostgreSQL and docker volumes for persistent storage.
Reverting to previous version of Gitea's image solves the issue.

---
version: '3'

networks:
  pub_net:

volumes:

  drone_data:
    driver: local

  gitea_data:
    driver: local

  gitea_db:
    driver: local

services:

  gitea_db:
    image: postgres:14-alpine
    container_name: gitea_db
    restart: unless-stopped
    environment:
      - POSTGRES_DB=gitea_db
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=REMOVED
    volumes:
      - gitea_db:/var/lib/postgresql/data
    networks:
      - pub_net
    ports:
      - 127.0.0.1:30000:5432/tcp
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 15s
      timeout: 30s
      retries: 5
      start_period: 5s

  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    restart: unless-stopped
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=gitea_db:5432
      - GITEA__database__NAME=gitea_db
      - GITEA__database__USER=postgres
      - GITEA__database__PASSWD=REMOVED
      - GITEA__mailer__ENABLED=false
    volumes:
      - gitea_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - pub_net
    ports:
      - 127.0.0.1:31000:3000/tcp
      - REMOVED
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:3000/ || exit 1"]
      interval: 15s
      timeout: 30s
      retries: 3
      start_period: 5s
    depends_on:
      - gitea_db

[Sharmii]

Changing the user:group to 1000:1000 (I had 1001:1001 before) and adding GITEA_APP_INI solved the issue for me:

    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA_APP_INI=/data/gitea/conf/app.ini

[chmac]

I had no permission issue, but adding GITEA_APP_INI=/data/gitea/conf/app.ini as per @Sharmii's suggestion worked for me. I guess the latest patch release is not picking up the config file at this path by default.

[TheQuantumPhysicist]

Apparently they broke the default docker user by making the default user with UID=1000... this is a security problem because if the host's user with UID 1000 has sudo access, an attacker can attempt to abuse that.

I can chown everything to UID=1000 to get it to work, but that sounds like a half-solution. This change has to be reverted.

[TheQuantumPhysicist]

I dug a little into this and found that this change that enforces using UID 1000... WAS DONE IN 2016!!!!!!!!!!!!!!!!!!

86aa8e4

This is very confusing... was the docker image unchanged for 7 years?!

[antoineraulin]

Looking at image layers details from DockerHub, it seems like they uploaded the rootless version for the 1.21.1 rootfull release.
Differences between 1.21.1 and 1.21.0 :

+ EXPOSE map[2222/tcp:{} 3000/tcp:{}]
- EXPOSE map[22/tcp:{} 3000/tcp:{}]
...
+ ENV GITEA_WORK_DIR=/var/lib/gitea
- ENV GITEA_CUSTOM=/data/gitea
+ ENV GITEA_CUSTOM=/var/lib/gitea/custom
+ ENV GITEA_TEMP=/tmp/gitea
+ ENV TMPDIR=/tmp/gitea
+ ENV GITEA_APP_INI=/etc/gitea/app.ini
+ ENV HOME=/var/lib/gitea/git
+ VOLUME [/var/lib/gitea /etc/gitea]
- VOLUME [/data]
+ WORKDIR /var/lib/gitea
...

The image layers details from 1.21.1 and 1.21.1-rootless are exactly the same while the rootless version requires a very different docker-compose.

[mbtechtt]

The issue is that the latest tag ended up getting the latest-rootless image.

If you watch the hashes for the latest and latest-rootless images on docker hub. You can see that they are the same

But if you watch the hash for 1.21.1 you can see that it is different.

A fix would be to use version tag 1.21.1 i.e.

image: gitea/gitea:1.21.1

In your docker-compose file until the latest tag is fixed and updated to be a 'rootful' docker image.
If you watch the image build steps you will see the differences between the two which leads to the error.

In the 1.21.1 image the environment variable GITEA_CUSTOM=/data/gitea gets set which fixes the issue similarly to how as @Sharmii suggested.

edit:
In the time I was taking screenshots and editing my comment @antoineraulin also posted the same findings

[chmac]

@antoineraulin and @BossMBGaming thanks for figuring out the issue with tagging.

Seems like the simplest workaround is to change latest to 1.21.1 in the docker configuration. Then change it back once this issue is fixed.

Hopefully this gets fixed in the next few days.

[arcoast]

@antoineraulin & @BossMBGaming Thank you from me too! Some recent bad RAM on the host had me looking at database corruption for an hour before I found this issue and your solution.

Was on the verge of pulling out more RAM and replacing. Lifesavers!

[techknowlogick]

Overwrote "latest" with contents of 1.21.1 so that it is correct. Sorry for all the troubles. Please re-open if you are still facing issues.