diff --git a/build-images.sh b/build-images.sh index 076aa428..938effc5 100644 --- a/build-images.sh +++ b/build-images.sh @@ -63,9 +63,19 @@ pecbridge_tmp_dir=$(mktemp -d) cleanup_list+=("${pecbridge_tmp_dir}") tar -C "${pecbridge_tmp_dir}" -x -v -z -f pecbridge-*.tar.gz +# Download tmce plugin jar: plugin is encrypted with GPG, the password is 'subscription' +tmce_jar_url="https://distfeed.nethserver.org/webtop/webtop-tmceplugins-6.3.1.0.jar.gpg" +tmce_jar_path="${PWD}/webtop-tmceplugins-6.3.1.0.jar.gpg" +echo "Downloading encrypted tmce plugin jar from ${tmce_jar_url}..." +curl --fail -L -o "${tmce_jar_path}" "${tmce_jar_url}" + #Create webtop-webapp container reponame="webtop-webapp" container=$(buildah from docker.io/library/tomcat:8-jre8) +buildah run ${container} apt-get update +buildah run ${container} apt-get install -y gpg +buildah run ${container} apt-get clean +buildah run ${container} rm -rf /var/lib/apt/lists/* buildah add ${container} ${webapp_tmp_dir}/webtop /usr/local/tomcat/webapps/webtop/ buildah add ${container} ${PWD}/webtop5-build/webtop-login/ /usr/local/tomcat/webapps/webtop/WEB-INF/classes/ buildah add ${container} ${jcharset_tmp_dir}/jcharset-2.0.jar /usr/local/tomcat/webapps/webtop/lib/ @@ -75,6 +85,8 @@ buildah add ${container} ${PWD}/zfaker/wrappers/php /usr/share/webtop/bin/php buildah add ${container} ${PWD}/zfaker/wrappers/z-push-admin-wapper /usr/share/webtop/bin/z-push-admin-wrapper buildah add ${container} ${pecbridge_tmp_dir}/pecbridge /usr/share/pecbridge buildah add ${container} ${PWD}/webapp/ / +buildah add ${container} "${tmce_jar_path}" /usr/local/tomcat/webapps/webtop/WEB-INF/lib/webtop-tmceplugins.jar.gpg +buildah config --entrypoint=/entrypoint.sh ${container} # Commit the image buildah commit --rm "${container}" "${repobase}/${reponame}" diff --git a/imageroot/actions/configure-module/30subscription b/imageroot/actions/configure-module/30subscription new file mode 100755 index 00000000..e7012d4f --- /dev/null +++ b/imageroot/actions/configure-module/30subscription @@ -0,0 +1,19 @@ +#!/usr/bin/env python3 + +# +# Copyright (C) 2025 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-3.0-or-later +# + +import agent + +rdb = agent.redis_connect(privileged=False) + +subscription = rdb.hgetall('cluster/subscription') + +with open('subscription.env', 'w') as env: + if subscription: + env.write(f'VALID_SUBSCRIPTION=true\n') + else: + env.write(f'VALID_SUBSCRIPTION=false\n') + diff --git a/imageroot/events/subscription-changed/30subscription b/imageroot/events/subscription-changed/30subscription new file mode 120000 index 00000000..e0e147df --- /dev/null +++ b/imageroot/events/subscription-changed/30subscription @@ -0,0 +1 @@ +../../actions/configure-module/30subscription \ No newline at end of file diff --git a/imageroot/events/subscription-changed/70restart b/imageroot/events/subscription-changed/70restart new file mode 100755 index 00000000..93739a25 --- /dev/null +++ b/imageroot/events/subscription-changed/70restart @@ -0,0 +1,8 @@ +#!/bin/bash + +# +# Copyright (C) 2025 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-3.0-or-later +# + +systemctl --user restart webapp diff --git a/imageroot/systemd/user/webapp.service b/imageroot/systemd/user/webapp.service index 301f1712..1e2898a4 100644 --- a/imageroot/systemd/user/webapp.service +++ b/imageroot/systemd/user/webapp.service @@ -22,6 +22,7 @@ ExecStart=/usr/bin/podman run \ -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true \ -Dmail.mime.address.strict=false -Dwebtop.etc.dir=/etc/webtop \ -Duser.timezone=${WEBTOP_TIMEZONE}" \ + --env-file=%S/state/subscription.env \ --volume=webtop-home:/var/lib/nethserver/webtop \ --volume=./webtop.properties:/etc/webtop/webtop.properties:z \ --pod=webtop \ diff --git a/webapp/entrypoint.sh b/webapp/entrypoint.sh new file mode 100755 index 00000000..0a14900f --- /dev/null +++ b/webapp/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# +# Copyright (C) 2025 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-3.0-or-later +# + +# Enable tmce plugin only if subscription is enabled + +# Decrypt tmce plugins jar if subscription is enabled +if [ "VALID_SUBSCRIPTION=true" ]; then + gpg --batch --yes --passphrase 'subscription' -d -o /usr/local/tomcat/webapps/webtop/WEB-INF/lib/webtop-tmceplugins.jar \ + /usr/local/tomcat/webapps/webtop/WEB-INF/lib/webtop-tmceplugins.jar.gpg +fi