Use proper entrypoint

Dockerfile

@@ -1,12 +1,13 @@
 FROM ubuntu
 
 # Install Wine
+# BEGIN Based on https://github.com/scottyhardy/docker-remote-desktop/blob/master/Dockerfile
+# and https://github.com/scottyhardy/docker-wine/blob/master/Dockerfile
 RUN apt-get update \
     && DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \
 				dbus-x11 \
         git \
         locales \
-        pavucontrol \
         sudo \
         x11-xserver-utils \
         xfce4 \
@@ -44,7 +45,11 @@ COPY entrypoint.sh /usr/bin/entrypoint
 RUN wget -nv -O /usr/bin/winetricks https://raw.githubusercontent.com/Winetricks/winetricks/master/src/winetricks \
     && chmod +x /usr/bin/winetricks
 
-#FROM scottyhardy/docker-wine:stable
+# Configure locale for unicode
+RUN locale-gen en_US.UTF-8
+ENV LANG en_US.UTF-8
+
+#END Based on
 
 ENV WINEDEBUG "fixme-all"
 
@@ -62,7 +67,7 @@ RUN set -x -e; \
 		# Install dotnet
     entrypoint wineboot --init; \
     # get latest version and its hash from https://dotnet.microsoft.com/en-us/download/dotnet
-		wget https://download.visualstudio.microsoft.com/download/pr/7ce6d94a-13c1-4102-bb1b-b0f7ea5afb6e/0764c80c81c16ab927c0a7321f7c07cf/dotnet-sdk-8.0.303-win-x86.exe --no-check-certificate -O /tmp/dotnet.exe; \
+		wget -nv https://download.visualstudio.microsoft.com/download/pr/7ce6d94a-13c1-4102-bb1b-b0f7ea5afb6e/0764c80c81c16ab927c0a7321f7c07cf/dotnet-sdk-8.0.303-win-x86.exe --no-check-certificate -O /tmp/dotnet.exe; \
 		echo af52649a05bb3c8ba494291234d67f3385446a8a08eaefcbe9fbc4e766ae97a6a13253060a798ce076511fa59086b1d9fa638b51a5e748bcfc79d36ddc7991ca /tmp/dotnet.exe > /tmp/chk; \
 		sha512sum -c /tmp/chk; \
     while pgrep wineserver >/dev/null; do echo "Waiting for wineserver"; sleep 1; done; \
@@ -76,7 +81,7 @@ RUN set -x -e; \
 		# Install obfuscator
 		# Note: We use the executables from nuget as it allows EAZFUSCATOR_NET_LICENSE. There is no
 		#		alternative to set the license key in the MSI delivered binaries using command line. 
-		wget https://www.nuget.org/api/v2/package/Gapotchenko.Eazfuscator.NET/2024.1.439 -O /tmp/eaz.zip; \
+		wget -nv https://www.nuget.org/api/v2/package/Gapotchenko.Eazfuscator.NET/2024.1.439 -O /tmp/eaz.zip; \
 		unzip /tmp/eaz.zip -d /tmp/eaz; \
 		mv /tmp/eaz/tools /root/.wine/drive_c/users/root/Eazfuscator; \
 		# at least Windows 8.1, Windows Server 2012 R2 is required for 2024.1

entrypoint.sh

@@ -1,17 +1,144 @@
 #!/usr/bin/env bash
 
+is_enabled () {
+    echo "$1" | grep -q -i -E "^(yes|on|true|1)$"
+}
+
+is_disabled () {
+    echo "$1" | grep -q -i -E "^(no|off|false|0)$"
+}
+
+
+# Set user account and run values
+USER_NAME=${USER_NAME:-wineuser}
+USER_UID=${USER_UID:-1010}
+USER_GID=${USER_GID:-"${USER_UID}"}
+USER_HOME=${USER_HOME:-/home/"${USER_NAME}"}
+USER_PASSWD=${USER_PASSWD:-"$(openssl passwd -1 -salt "$(openssl rand -base64 6)" "${USER_NAME}")"}
+USER_SUDO=${USER_SUDO:-yes}
+RDP_SERVER=${RDP_SERVER:-no}
+RUN_AS_ROOT=${RUN_AS_ROOT:-no}
+FORCED_OWNERSHIP=${FORCED_OWNERSHIP:-no}
+TZ=${TZ:-UTC}
+USE_XVFB=${USE_XVFB:-no}
+DUMMY_PULSEAUDIO=${DUMMY_PULSEAUDIO:-no}
+
+# Catch attempts to set user as root
+if [ "${USER_NAME}" = 'root' ] || [ "${USER_UID}" -eq 0 ] || [ "${USER_GID}" -eq 0 ]; then
+    echo "ERROR: To run as root, either set env RUN_AS_ROOT=yes or use ./docker-wine --as-root"
+    exit 1
+fi
+
 # Create the user account
-groupadd --gid 1020 ubuntu
-useradd --shell /bin/bash --uid 1020 --gid 1020 --password $(openssl passwd ubuntu) --create-home --home-dir /home/ubuntu ubuntu
-usermod -aG sudo ubuntu
+grep -q ":${USER_GID}:$" /etc/group || groupadd --gid "${USER_GID}" "${USER_NAME}"
+grep -q "^${USER_NAME}:" /etc/passwd || useradd --shell /bin/bash --uid "${USER_UID}" --gid "${USER_GID}" --password "${USER_PASSWD}" --no-create-home --home-dir "${USER_HOME}" "${USER_NAME}"
+
+# Create the user's home if it doesn't exist
+[ -d "${USER_HOME}" ] || mkdir -p "${USER_HOME}"
+
+# Add or remove user from sudo group
+if is_enabled "${USER_SUDO}"; then
+    groups "${USER_NAME}" | tr " " "\n" | grep -q "^sudo$" || usermod -aG sudo "${USER_NAME}"
+elif is_disabled "${USER_SUDO}"; then
+    ! groups "${USER_NAME}" | tr " " "\n" | grep -q "^sudo$" || gpasswd -d "${USER_NAME}" sudo
+else
+    echo "ERROR: '${USER_SUDO}' is not a valid value for USER_SUDO"
+    exit 1
+fi
+
+# Take ownership of user's home directory if owned by root or if FORCED_OWNERSHIP is enabled
+OWNER_IDS="$(stat -c "%u:%g" "${USER_HOME}")"
+if [ "${OWNER_IDS}" != "${USER_UID}:${USER_GID}" ]; then
+    if [ "${OWNER_IDS}" == "0:0" ] || is_enabled "${FORCED_OWNERSHIP}"; then
+        chown -R "${USER_UID}":"${USER_GID}" "${USER_HOME}"
+    else
+        echo "ERROR: User's home '${USER_HOME}' is currently owned by $(stat -c "%U:%G" "${USER_HOME}")"
+        echo "Use option --force-owner to enable user ${USER_NAME} to take ownership"
+        exit 1
+    fi
+fi
+
+# Configure timezone
+ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime
+echo "${TZ}" > /etc/timezone
+
+# Run in X11 redirection mode (default) or with xvfb
+if is_disabled "${RDP_SERVER}"; then
+
+    # Set up pulseaudio for redirection to UNIX socket
+    if is_disabled "${DUMMY_PULSEAUDIO}" && [ -e /tmp/pulse-socket ]; then
+        [ ! -f /root/pulse/client.conf ] || cp /root/pulse/client.conf /etc/pulse/client.conf
+    fi
+
+    # Run xvfb
+    if is_enabled "${USE_XVFB}"; then
+        nohup /usr/bin/Xvfb "${XVFB_SERVER}" -screen "${XVFB_SCREEN}" "${XVFB_RESOLUTION}" >/dev/null 2>&1 &
+    fi
+
+    # Generate .Xauthority using xauth with .Xkey sourced from host
+    if [ -f /root/.Xkey ]; then
+        [ -f /root/.Xauthority ] || touch /root/.Xauthority
+        xauth add "$DISPLAY" . "$(cat /root/.Xkey)"
+    fi
+
+    # Run in X11 redirection mode as $USER_NAME (default)
+    if is_disabled "${RUN_AS_ROOT}"; then
+
+        # Copy and take ownership of .Xauthority for X11 redirection
+        if [ -f /root/.Xauthority ] && is_disabled "${USE_XVFB}"; then
+            cp /root/.Xauthority "${USER_HOME}"
+            chown "${USER_UID}":"${USER_GID}" "${USER_HOME}/.Xauthority"
+        fi
+
+        # Run in X11 redirection mode as user
+        exec gosu "${USER_NAME}" "$@"
+
+    # Run in X11 redirection mode as root
+    elif is_enabled "${RUN_AS_ROOT}"; then
+        exec "$@"
+    else
+        echo "ERROR: '${RUN_AS_ROOT}' is not a valid value for RUN_AS_ROOT"
+        exit 1
+    fi
+
+# Run in RDP server mode
+elif is_enabled "${RDP_SERVER}"; then
+
+    # Exit if using nordp image
+    if ! [ -f /usr/sbin/xrdp ]; then
+        echo "ERROR: Unable to start RDP server as it is not included in this version of the docker-wine image"
+        exit 1
+    fi
+
+    # Remove xrdp pulseaudio source and sink modules if using dummy sound option
+    if is_enabled "${DUMMY_PULSEAUDIO}"; then
+        rm -f /var/lib/xrdp-pulseaudio-installer/module-xrdp-{sink,source}.so
+    fi
+
+    # If the pid for sesman or xrdp is there they need to be removed
+    # or else sesman/xrdp won't start and connections will fail
+    [ ! -f /var/run/xrdp/xrdp-sesman.pid ] || rm -f /var/run/xrdp/xrdp-sesman.pid
+    [ ! -f /var/run/xrdp/xrdp.pid ] || rm -f /var/run/xrdp/xrdp.pid
 
     # Start xrdp sesman service
     /usr/sbin/xrdp-sesman
 
     # Run xrdp in foreground if no commands specified
     if [ -z "$1" ]; then
-    /usr/sbin/xrdp --nodaemon
+        exec /usr/sbin/xrdp --nodaemon
     else
         /usr/sbin/xrdp
+
+        if is_disabled "${RUN_AS_ROOT}"; then
+            exec gosu "${USER_NAME}" "$@"
+        elif is_enabled "${RUN_AS_ROOT}"; then
             exec "$@"
+        else
+            echo "ERROR: '${RUN_AS_ROOT}' is not a valid value for RUN_AS_ROOT"
+            exit 1
+        fi
+    fi
+else
+    echo "ERROR: '${RDP_SERVER}' is not a valid value for RDP_SERVER"
+    exit 1
 fi