From 46271992175e1dfdf6aa484e16fcafe073ccf5dc Mon Sep 17 00:00:00 2001 From: Hermes Date: Tue, 12 May 2026 13:38:26 -0400 Subject: [PATCH 1/2] feat: install custom tools at startup, remove deprecated fix-permissions.sh --- ai/compose.yml | 4 ++++ ai/hermes/Dockerfile | 5 +---- ai/hermes/fix-permissions.sh | 38 ------------------------------------ 3 files changed, 5 insertions(+), 42 deletions(-) delete mode 100644 ai/hermes/fix-permissions.sh diff --git a/ai/compose.yml b/ai/compose.yml index fe84ccb..163196a 100644 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -31,6 +31,10 @@ services: ssh: - default container_name: hermes + user: root + entrypoint: ["/bin/bash", "-c", + "bash /opt/data/hermes-tools/install.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"", + "hermes-entrypoint"] restart: always # Gateway run enables the internal API server on port 8642 command: gateway run diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index 042e1db..263a24b 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -68,7 +68,4 @@ ENV PATH="/opt/data/.local/bin:${PATH}" # Point browser tool to Playwright's Chromium (already in base image) ENV CHROME_EXECUTABLE=/opt/hermes/.playwright/chromium/chrome-linux/chrome -VOLUME [ "/opt/data" ] - -COPY --chmod=0755 fix-permissions.sh /opt/hermes/fix-permissions.sh -ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/fix-permissions.sh" ] \ No newline at end of file +VOLUME [ "/opt/data" ] \ No newline at end of file diff --git a/ai/hermes/fix-permissions.sh b/ai/hermes/fix-permissions.sh deleted file mode 100644 index 7af8d0c..0000000 --- a/ai/hermes/fix-permissions.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# Startup permission fix + TTS patch. -# Runs as root before the entrypoint drops to the hermes user. -set -e - -HERMES_HOME="${HERMES_HOME:-/opt/data}" - -# Fix ownership on critical writable directories -chown -R hermes:hermes \ - "$HERMES_HOME/sessions" \ - "$HERMES_HOME/checkpoints" \ - "$HERMES_HOME/skills" \ - "$HERMES_HOME/memories" \ - "$HERMES_HOME/workspace" \ - "$HERMES_HOME/pastes" \ - "$HERMES_HOME/logs" \ - "$HERMES_HOME/cron" \ - "$HERMES_HOME/plans" \ - "$HERMES_HOME/hooks" \ - "$HERMES_HOME/cache" \ - 2>/dev/null || true - -# Fix data volume root ownership -if [ "$(stat -c %u "$HERMES_HOME" 2>/dev/null)" != "$(id -u hermes)" ]; then - chown hermes:hermes "$HERMES_HOME" 2>/dev/null || true -fi - -# ---------- Patch tts_tool.py: replace Edge TTS with Piper ---------- -# Fallback runtime patch in case the volume's site-packages differ from the image. -# Idempotent: if already patched, the script does nothing. -PATCH_SCRIPT="/opt/hermes/patch_tts_tool.py" -if [ -f "$PATCH_SCRIPT" ]; then - echo "Applying TTS patch (Piper only, no Edge fallback)..." - /opt/hermes/.venv/bin/python3 "$PATCH_SCRIPT" 2>&1 || true -fi - -# Chain to the official Hermes entrypoint -exec /opt/hermes/docker/entrypoint.sh "$@" -- 2.49.1 From e607982b21cbd6cdb1a54b37abe3b56d79dfabcc Mon Sep 17 00:00:00 2001 From: Hermes Date: Tue, 12 May 2026 14:47:34 -0400 Subject: [PATCH 2/2] refactor: chown tools dir at build time instead of root at runtime --- ai/compose.yml | 1 - ai/hermes/Dockerfile | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ai/compose.yml b/ai/compose.yml index 163196a..aca3347 100644 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -31,7 +31,6 @@ services: ssh: - default container_name: hermes - user: root entrypoint: ["/bin/bash", "-c", "bash /opt/data/hermes-tools/install.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"", "hermes-entrypoint"] diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index 263a24b..1debe81 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -68,4 +68,8 @@ ENV PATH="/opt/data/.local/bin:${PATH}" # Point browser tool to Playwright's Chromium (already in base image) ENV CHROME_EXECUTABLE=/opt/hermes/.playwright/chromium/chrome-linux/chrome +# Ensure tools directory and toolsets.py are writable by the hermes runtime user +# so custom tools can be injected from the persistent volume at startup. +RUN chown -R hermes:hermes /opt/hermes/tools /opt/hermes/toolsets.py + VOLUME [ "/opt/data" ] \ No newline at end of file -- 2.49.1