Improve input validation

wborn · wborn · commit d4ef9c033475 · 2026-02-24T14:49:06.000+01:00
Signed-off-by: Wouter Born &lt;github@maindrain.net&gt;
diff --git a/alpine/Dockerfile b/alpine/Dockerfile
@@ -65,8 +65,6 @@ RUN apk update --no-cache && \
         zip && \
     # Install NodeJS only for openHAB >= 5
     if [ "$(echo $OPENHAB_VERSION | sed -E 's/^([0-9]+).*/\1/')" -ge 5 ]; then apk add --no-cache nodejs; fi && \
-    # Configure default time zone
-    ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && \
     # Fix issue with (arp)ping tool under non-root user for Docker+LXC setups
     # See: https://community.openhab.org/t/network-pingdevice-breaks-after-4-3-6-5-0-1-update-docker/166175
     chmod u+s /bin/ping && \
diff --git a/alpine/entrypoint b/alpine/entrypoint
@@ -5,8 +5,21 @@ set -eux -o pipefail ${EXTRA_SHELL_OPTS-}
 IFS=$'\n\t'
 
 # Configure time zone
-ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
+if [ -n "${TZ:-}" ]; then
+  if grep -q " /etc/localtime " /proc/self/mountinfo; then
+    echo "Warning: /etc/localtime is mounted. Please remove this volume mount and use the TZ environment variable instead."
+  else
+    if [ ! -f "/usr/share/zoneinfo/${TZ}" ]; then
+      echo "Error: Invalid timezone '${TZ}' set in TZ environment variable" >&2
+      exit 1
+    fi
+    ln -sf "/usr/share/zoneinfo/${TZ}" /etc/localtime
+  fi
+else
+  echo "TZ environment variable is not set. Skipping time zone configuration."
+fi
 
+# Determine Java home directory independent of JVM vendor, version and environment variables
 export JAVA_HOME=$(find /usr/lib/jvm -mindepth 1 -maxdepth 1 -type d)
 
 # Configure Java unlimited strength cryptography
diff --git a/debian/entrypoint b/debian/entrypoint
@@ -5,8 +5,21 @@ set -eux -o pipefail ${EXTRA_SHELL_OPTS-}
 IFS=$'\n\t'
 
 # Configure time zone
-ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
+if [ -n "${TZ:-}" ]; then
+  if mountpoint -q /etc/localtime; then
+    echo "Warning: /etc/localtime is mounted. Please remove this volume mount and use the TZ environment variable instead."
+  else
+    if [ ! -f "/usr/share/zoneinfo/${TZ}" ]; then
+      echo "Error: Invalid timezone '${TZ}' set in TZ environment variable" >&2
+      exit 1
+    fi
+    ln -sf "/usr/share/zoneinfo/${TZ}" /etc/localtime
+  fi
+else
+  echo "TZ environment variable is not set. Skipping time zone configuration."
+fi
 
+# Determine Java home directory independent of JVM vendor, version and environment variables
 export JAVA_HOME=$(find /usr/lib/jvm -mindepth 1 -maxdepth 1 -type d)
 
 # Configure Java unlimited strength cryptography
