From d7695d876505a729846e7edf708fcbafc2148ad2 Mon Sep 17 00:00:00 2001
From: Enderson Maia <endersonmaia@gmail.com>
Date: Fri, 31 Jan 2025 15:26:22 -0300
Subject: [PATCH] feat(cli): validator container runs with cartesi unprivileged
 user

Using the post_start docker compose hook, we can create the snapshot
directory and copy the snapshot using the root user and start the
container with cartesi unprivileged user.

Requires compose plugin 2.30.0

See: https://docs.docker.com/compose/how-tos/lifecycle/
---
 .changeset/seven-seals-pull.md                  |  5 +++++
 apps/cli/src/commands/doctor.ts                 |  2 +-
 apps/cli/src/node/docker-compose-validator.yaml | 14 +++++++++++---
 3 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 .changeset/seven-seals-pull.md

diff --git a/.changeset/seven-seals-pull.md b/.changeset/seven-seals-pull.md
new file mode 100644
index 00000000..5898ca2b
--- /dev/null
+++ b/.changeset/seven-seals-pull.md
@@ -0,0 +1,5 @@
+---
+"@cartesi/cli": patch
+---
+
+validator container will run with cartesi unprivileged user
diff --git a/apps/cli/src/commands/doctor.ts b/apps/cli/src/commands/doctor.ts
index a730f3af..e1547ae7 100644
--- a/apps/cli/src/commands/doctor.ts
+++ b/apps/cli/src/commands/doctor.ts
@@ -8,7 +8,7 @@ export default class DoctorCommand extends BaseCommand<typeof DoctorCommand> {
     static examples = ["<%= config.bin %> <%= command.id %>"];
 
     private static MINIMUM_DOCKER_VERSION = "23.0.0"; // Replace with our minimum required Docker version
-    private static MINIMUM_DOCKER_COMPOSE_VERSION = "2.21.0"; // Replace with our minimum required Docker Compose version
+    private static MINIMUM_DOCKER_COMPOSE_VERSION = "2.30.0"; // Replace with our minimum required Docker Compose version
     private static MINIMUM_BUILDX_VERSION = "0.13.0"; // Replace with our minimum required Buildx version
 
     private async checkDocker(): Promise<true | never> {
diff --git a/apps/cli/src/node/docker-compose-validator.yaml b/apps/cli/src/node/docker-compose-validator.yaml
index 449440fa..3ae6ce20 100644
--- a/apps/cli/src/node/docker-compose-validator.yaml
+++ b/apps/cli/src/node/docker-compose-validator.yaml
@@ -13,13 +13,21 @@ services:
             interval: 10s
             timeout: 1s
             retries: 5
-        user: root
+        post_start:
+            - command:
+                  - /bin/bash
+                  - -c
+                  - |
+                      mkdir -p "$CARTESI_SNAPSHOT_DIR"
+                      cp --recursive /tmp/snapshot/* "$CARTESI_SNAPSHOT_DIR"
+              user: root
         command:
             - /bin/bash
             - -c
             - |
-                mkdir -p "$CARTESI_SNAPSHOT_DIR"
-                cp --recursive /tmp/snapshot/* "$CARTESI_SNAPSHOT_DIR"
+                while ! stat "$CARTESI_SNAPSHOT_DIR" &>/dev/null; do
+                    sleep 0.5
+                done
                 exec cartesi-rollups-node
 
         env_file: