From fc8b4b164b0c242b5a6add454fc2e6bc49577873 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Sun, 17 May 2026 17:30:39 +0200
Subject: [PATCH] security(ocr): redirect XDG cache and Torch home away from
 read-only HOME
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prevents PyTorch/Matplotlib/Ketos from writing to /home/ocr which is
on the read-only container filesystem — fixes Nora's blocker. Also
restores the explanatory comment on the ocr_cache volume mount.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 docker-compose.yml     | 4 +++-
 ocr-service/Dockerfile | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index c256fa39..53a1cf97 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -87,9 +87,11 @@ services:
     memswap_limit: 12g
     volumes:
       - ocr_models:/app/models
-      - ocr_cache:/app/cache
+      - ocr_cache:/app/cache  # HuggingFace / ketos cache — prevents re-downloads on recreate (HF_HOME)
     environment:
       HF_HOME: /app/cache
+      XDG_CACHE_HOME: /app/cache
+      TORCH_HOME: /app/models/torch
       KRAKEN_MODEL_PATH: /app/models/german_kurrent.mlmodel
       TRAINING_TOKEN: "${OCR_TRAINING_TOKEN:-}"
       OCR_CONFIDENCE_THRESHOLD: "0.3"
diff --git a/ocr-service/Dockerfile b/ocr-service/Dockerfile
index e6d60360..9ad75f5c 100644
--- a/ocr-service/Dockerfile
+++ b/ocr-service/Dockerfile
@@ -30,6 +30,8 @@ RUN chmod +x /app/entrypoint.sh
 
 ENV HOME=/home/ocr
 ENV HF_HOME=/app/cache
+ENV XDG_CACHE_HOME=/app/cache
+ENV TORCH_HOME=/app/models/torch
 
 USER ocr