From 7e23d859282b37591d3da6903639627c864f5a7d Mon Sep 17 00:00:00 2001
From: Matthew Penner <me@matthewp.io>
Date: Sat, 29 Jun 2024 12:07:54 -0600
Subject: [PATCH] fix: disable setcap on caddy binary

When using the caddy image provided by this repository, the Caddy binary
would be wrapped with setcap, causing it to error out on startup with a
security context restricting privileges. setcap is unnecessary if the
proper sysctls are set in the security context.

Signed-off-by: Matthew Penner <me@matthewp.io>
---
 caddy.Containerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/caddy.Containerfile b/caddy.Containerfile
index 6edb640..71e0d75 100644
--- a/caddy.Containerfile
+++ b/caddy.Containerfile
@@ -8,7 +8,9 @@ ARG CADDY_HASH=sha256:51b5e778a16d77474c37f8d1d966e6863cdb1c7478396b04b806169fed
 
 FROM docker.io/library/caddy:${CADDY_VERSION}-builder@${CADDY_BUILDER_HASH} AS builder
 
-RUN xcaddy build \
+RUN XCADDY_SETCAP=0 \
+	XCADDY_SUDO=0 \
+	xcaddy build \
     --with github.com/mholt/caddy-l4@6a8be7c4b8acb0c531b6151c94a9cd80894acce1
 
 FROM docker.io/library/caddy:${CADDY_VERSION}@${CADDY_HASH}