From c308df1699390d013e78bc0ccfd66a804409ca97 Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 10:17:17 -0400 Subject: [PATCH 01/51] add multiple architecture Dockerfiles --- image/Dockerfile.amd64 | 12 ++++++++++++ image/Dockerfile.arm64 | 12 ++++++++++++ image/Dockerfile.armv7 | 12 ++++++++++++ image/{Dockerfile => Dockerfile.old} | 0 4 files changed, 36 insertions(+) create mode 100644 image/Dockerfile.amd64 create mode 100644 image/Dockerfile.arm64 create mode 100644 image/Dockerfile.armv7 rename image/{Dockerfile => Dockerfile.old} (100%) diff --git a/image/Dockerfile.amd64 b/image/Dockerfile.amd64 new file mode 100644 index 00000000..606e2fdd --- /dev/null +++ b/image/Dockerfile.amd64 @@ -0,0 +1,12 @@ +FROM debian:stretch-slim + +#COPY qemu-x86_64-static /usr/bin + +COPY . /container +RUN /container/build.sh + +ENV LANG="en_US.UTF-8" \ + LANGUAGE="en_US:en" \ + LC_ALL="en_US.UTF-8" + +ENTRYPOINT ["/container/tool/run"] diff --git a/image/Dockerfile.arm64 b/image/Dockerfile.arm64 new file mode 100644 index 00000000..8596127b --- /dev/null +++ b/image/Dockerfile.arm64 @@ -0,0 +1,12 @@ +FROM arm64v8/debian:stretch-slim + +COPY qemu-aarch64-static /usr/bin + +COPY . /container +RUN /container/build.sh + +ENV LANG="en_US.UTF-8" \ + LANGUAGE="en_US:en" \ + LC_ALL="en_US.UTF-8" + +ENTRYPOINT ["/container/tool/run"] diff --git a/image/Dockerfile.armv7 b/image/Dockerfile.armv7 new file mode 100644 index 00000000..a6cabe4a --- /dev/null +++ b/image/Dockerfile.armv7 @@ -0,0 +1,12 @@ +FROM arm32v7/debian:stretch-slim + +COPY qemu-arm-static /usr/bin + +COPY . /container +RUN /container/build.sh + +ENV LANG="en_US.UTF-8" \ + LANGUAGE="en_US:en" \ + LC_ALL="en_US.UTF-8" + +ENTRYPOINT ["/container/tool/run"] diff --git a/image/Dockerfile b/image/Dockerfile.old similarity index 100% rename from image/Dockerfile rename to image/Dockerfile.old From c9e72ce6f923c23459840e44ed393d41437269de Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 10:17:50 -0400 Subject: [PATCH 02/51] updatd makefile for multiple architectures --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index a4f2321f..34a7c173 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,11 @@ -NAME = osixia/light-baseimage +NAME = ndanyluk/light-baseimage VERSION = 1.1.2 +ARCH = amd64 .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version build: - docker build -t $(NAME):$(VERSION) --rm image + docker build -f Dockerfile.$(ARCH) -t $(NAME):$(VERSION) --rm image build-nocache: docker build -t $(NAME):$(VERSION) --no-cache --rm image From 613f07230e16e875a190b659923b1b9b4a529ba7 Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 10:48:48 -0400 Subject: [PATCH 03/51] add travis ci support for builds --- .travis.yml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..e2993464 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,45 @@ +sudo: required + +language: generic + +services: + - docker + +env: + global: + - qemu_version=4.0.0 + matrix: + - target_arch=amd64 qemu_arch=x86_64 + - target_arch=armv7 qemu_arch=arm +# - target_arch=armv6 qemu_arch=arm + - target_arch=arm64 qemu_arch=aarch64 + +before_install: + - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + - sudo apt-get update + - sudo apt-get -y install docker-ce + - mkdir $HOME/.docker + - 'echo "{" > $HOME/.docker/config.json' + - 'echo " \"experimental\": \"enabled\"" >> $HOME/.docker/config.json' + - 'echo "}" >> $HOME/.docker/config.json' + - sudo service docker restart + +install: + - docker run --rm --privileged multiarch/qemu-user-static:register + - curl -sLO https://github.com/multiarch/qemu-user-static/releases/download/v${qemu_version}/qemu-${qemu_arch}-static.tar.gz; + - tar -xzvf qemu-${qemu_arch}-static.tar.gz; + - make build ARCH=${target_arch} + +script: + - make test + +after_success: + - if [ -z "$DOCKER_USER" ]; then + echo "PR build, skipping Docker Hub push"; + elif [ "$TRAVIS_BRANCH" != "master" ]; then + echo "Branch build, skipping Docker Hub push"; + else + docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; + make tag-latest push push-latest + fi From 859fd936acacca3a49d4430b492becdcd98a1bfe Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 10:54:41 -0400 Subject: [PATCH 04/51] add bats to travis config --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index e2993464..a581319d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,6 +24,9 @@ before_install: - 'echo " \"experimental\": \"enabled\"" >> $HOME/.docker/config.json' - 'echo "}" >> $HOME/.docker/config.json' - sudo service docker restart + - git clone https://github.com/sstephenson/bats.git + - cd bats + - sudo ./install.sh install: - docker run --rm --privileged multiarch/qemu-user-static:register From c4f2a2dee056f664b45eedd3617e3695e7ba412d Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 11:04:10 -0400 Subject: [PATCH 05/51] addee architecture to image name --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 34a7c173..cbc506d5 100644 --- a/Makefile +++ b/Makefile @@ -5,10 +5,10 @@ ARCH = amd64 .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version build: - docker build -f Dockerfile.$(ARCH) -t $(NAME):$(VERSION) --rm image + docker build -f Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --rm image build-nocache: - docker build -t $(NAME):$(VERSION) --no-cache --rm image + docker build -f Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --no-cache --rm image test: env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats From 026e5eaa67a329e771542c90da75e977bc7c255b Mon Sep 17 00:00:00 2001 From: ndanyluk Date: Wed, 5 Jun 2019 11:21:07 -0400 Subject: [PATCH 06/51] Update tags and tests to handle different arches --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index cbc506d5..7ee8c212 100644 --- a/Makefile +++ b/Makefile @@ -11,16 +11,16 @@ build-nocache: docker build -f Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --no-cache --rm image test: - env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats + env NAME=$(NAME)-$(ARCH) VERSION=$(VERSION) bats test/test.bats tag-latest: - docker tag $(NAME):$(VERSION) $(NAME):latest + docker tag $(NAME)-$(ARCH):$(VERSION) $(NAME)-$(ARCH):latest push: - docker push $(NAME):$(VERSION) + docker push $(NAME)-$(ARCH):$(VERSION) push-latest: - docker push $(NAME):latest + docker push $(NAME)-$(ARCH):latest release: build test tag-latest push push-latest From 3d67723c1ac272f8cfc7ed9f528d4d1bc2dcf2f8 Mon Sep 17 00:00:00 2001 From: ndanyluk Date: Wed, 5 Jun 2019 11:22:31 -0400 Subject: [PATCH 07/51] Add proper install directory for BATS and comments --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index a581319d..cf2a7519 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ env: matrix: - target_arch=amd64 qemu_arch=x86_64 - target_arch=armv7 qemu_arch=arm -# - target_arch=armv6 qemu_arch=arm +# - target_arch=armv6 qemu_arch=arm <------ NOT SUPPORTED BY DEBIAN STRETCH BASE IMAGE - target_arch=arm64 qemu_arch=aarch64 before_install: @@ -26,7 +26,7 @@ before_install: - sudo service docker restart - git clone https://github.com/sstephenson/bats.git - cd bats - - sudo ./install.sh + - sudo ./install.sh /usr/local install: - docker run --rm --privileged multiarch/qemu-user-static:register From 80f92bdfb35df869d8c4f9ef03172b9ec701bbff Mon Sep 17 00:00:00 2001 From: ndanyluk Date: Wed, 5 Jun 2019 12:14:55 -0400 Subject: [PATCH 08/51] Fix make command --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index cf2a7519..ed00e979 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ install: - docker run --rm --privileged multiarch/qemu-user-static:register - curl -sLO https://github.com/multiarch/qemu-user-static/releases/download/v${qemu_version}/qemu-${qemu_arch}-static.tar.gz; - tar -xzvf qemu-${qemu_arch}-static.tar.gz; - - make build ARCH=${target_arch} + - make build ARCH="${target_arch}" script: - make test From ca91402b117bac43ea49134f971a3ca0d03cb412 Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 12:41:21 -0400 Subject: [PATCH 09/51] correct dockerfile symlink in make --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index cbc506d5..6e7c9c74 100644 --- a/Makefile +++ b/Makefile @@ -5,10 +5,10 @@ ARCH = amd64 .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version build: - docker build -f Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --rm image + docker build -f image/Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --rm image build-nocache: - docker build -f Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --no-cache --rm image + docker build -f image/Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --no-cache --rm image test: env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats From 9a76da5ac999b882a683df6edd3185e4426dccd9 Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 12:50:11 -0400 Subject: [PATCH 10/51] correct arch argument to travis-ci --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ed00e979..cf2a7519 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ install: - docker run --rm --privileged multiarch/qemu-user-static:register - curl -sLO https://github.com/multiarch/qemu-user-static/releases/download/v${qemu_version}/qemu-${qemu_arch}-static.tar.gz; - tar -xzvf qemu-${qemu_arch}-static.tar.gz; - - make build ARCH="${target_arch}" + - make build ARCH=${target_arch} script: - make test From 9b08e4bc2b003495a2e94517d7c33ca4254c6894 Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 13:52:56 -0400 Subject: [PATCH 11/51] fixed build directory --- .Makefile.swp | Bin 0 -> 1024 bytes .travis.yml | 1 + 2 files changed, 1 insertion(+) create mode 100644 .Makefile.swp diff --git a/.Makefile.swp b/.Makefile.swp new file mode 100644 index 0000000000000000000000000000000000000000..abd6a20e6213f071aa82db9fcb3044300ca88541 GIT binary patch literal 1024 zcmYc?$V<%2S1{5u*E3;20z!fe3 Date: Wed, 5 Jun 2019 13:56:38 -0400 Subject: [PATCH 12/51] move qemu to correct build directory --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index a4d4560a..ff60b1b4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,6 +33,7 @@ install: - docker run --rm --privileged multiarch/qemu-user-static:register - curl -sLO https://github.com/multiarch/qemu-user-static/releases/download/v${qemu_version}/qemu-${qemu_arch}-static.tar.gz; - tar -xzvf qemu-${qemu_arch}-static.tar.gz; + - mv qemu-${qemu_arch}-static image/ - make build ARCH=${target_arch} script: From c7f24a1a9b17de1a44573525b0d51dd4225fbfa5 Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 15:48:19 -0400 Subject: [PATCH 13/51] Fix BATS test for travis --- .Makefile.swp | Bin 1024 -> 0 bytes .travis.yml | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 .Makefile.swp diff --git a/.Makefile.swp b/.Makefile.swp deleted file mode 100644 index abd6a20e6213f071aa82db9fcb3044300ca88541..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1024 zcmYc?$V<%2S1{5u*E3;20z!fe3 Date: Wed, 5 Jun 2019 18:21:29 -0400 Subject: [PATCH 14/51] removed BATS tests from travis --- .travis.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index bcdd8a91..ac275537 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,10 +34,12 @@ install: - curl -sLO https://github.com/multiarch/qemu-user-static/releases/download/v${qemu_version}/qemu-${qemu_arch}-static.tar.gz; - tar -xzvf qemu-${qemu_arch}-static.tar.gz; - mv qemu-${qemu_arch}-static image/ - - make build ARCH=${target_arch} + - make build ARCH=${target_arch script: - - make test ARCH=${target_arch} + - docker run ndanyluk/docker-light-baseimage-${target_arch}:1.1.2 + - sleep 5 + - sudo docker ps | grep docker-light-baseimage-${target_arch} after_success: - if [ -z "$DOCKER_USER" ]; then From 94cc96b1a16cac5e31f041379a528eae369c1221 Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 18:24:07 -0400 Subject: [PATCH 15/51] fixed missing } --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ac275537..7b2837ec 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,7 +34,7 @@ install: - curl -sLO https://github.com/multiarch/qemu-user-static/releases/download/v${qemu_version}/qemu-${qemu_arch}-static.tar.gz; - tar -xzvf qemu-${qemu_arch}-static.tar.gz; - mv qemu-${qemu_arch}-static image/ - - make build ARCH=${target_arch + - make build ARCH=${target_arch} script: - docker run ndanyluk/docker-light-baseimage-${target_arch}:1.1.2 From 52a95ae30529b8cc065947167f167a40333cc602 Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 18:33:41 -0400 Subject: [PATCH 16/51] added multi-arch build step --- .travis.yml | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7b2837ec..9692d5ef 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,6 +8,7 @@ services: env: global: - qemu_version=4.0.0 + - target_version=1.1.2 matrix: - target_arch=amd64 qemu_arch=x86_64 - target_arch=armv7 qemu_arch=arm @@ -37,16 +38,30 @@ install: - make build ARCH=${target_arch} script: - - docker run ndanyluk/docker-light-baseimage-${target_arch}:1.1.2 + - docker run ndanyluk/light-baseimage-${target_arch}:${target_version} - sleep 5 - - sudo docker ps | grep docker-light-baseimage-${target_arch} + - sudo docker ps | grep ndanyluk/light-baseimage-${target_arch}:${target_version} after_success: - if [ -z "$DOCKER_USER" ]; then echo "PR build, skipping Docker Hub push"; - elif [ "$TRAVIS_BRANCH" != "master" ]; then - echo "Branch build, skipping Docker Hub push"; else docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; make tag-latest push push-latest ARCH=${target_arch} fi + +jobs: + include: + - stage: deploy + install: skip + script: skip + after_success: + - if [ -z "$DOCKER_USER" ]; then + echo "PR build, skipping Docker Hub push"; + else + docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; + docker manifest create ndanyluk/light-baseimage:${target_version} ndanyluk/light-baseimage-armv7:${target_version} ndanyluk/light-baseimage-arm64:${target_version} ndanyluk/light-baseimage-amd64:${target_version}; + docker manifest create ndanyluk/light-baseimage:latest ndanyluk/light-baseimage-armv7:latest ndanyluk/light-baseimage-amd64:latest ndanyluk/light-baseimage-arm64:latest; + docker manifest push ndanyluk/light-baseimage:${target_version}; + docker manifest push ndanyluk/light-baseimage:latest; + fi From 13407af02b46961eca8e0f0b5da0b1682dffdccb Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 18:38:52 -0400 Subject: [PATCH 17/51] add command to docker run test step --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 9692d5ef..72c730b6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,7 +38,7 @@ install: - make build ARCH=${target_arch} script: - - docker run ndanyluk/light-baseimage-${target_arch}:${target_version} + - docker run ndanyluk/light-baseimage-${target_arch}:${target_version} /bin/sh - sleep 5 - sudo docker ps | grep ndanyluk/light-baseimage-${target_arch}:${target_version} From d1521ad62e2d0d8b131d6b80848d36c6ffaded56 Mon Sep 17 00:00:00 2001 From: ndanyluk Date: Wed, 5 Jun 2019 18:48:58 -0400 Subject: [PATCH 18/51] detach docker container in test step --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 72c730b6..4ae07c8b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,9 +38,9 @@ install: - make build ARCH=${target_arch} script: - - docker run ndanyluk/light-baseimage-${target_arch}:${target_version} /bin/sh + - docker run -d --name test_image ndanyluk/light-baseimage-${target_arch}:${target_version} - sleep 5 - - sudo docker ps | grep ndanyluk/light-baseimage-${target_arch}:${target_version} + - sudo docker ps | grep -q test_image after_success: - if [ -z "$DOCKER_USER" ]; then From f8a2ef77cede9f4449572fd27757c9716b4c6b6a Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Wed, 5 Jun 2019 23:48:53 -0400 Subject: [PATCH 19/51] fix test script --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 4ae07c8b..f24c4619 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,7 +38,7 @@ install: - make build ARCH=${target_arch} script: - - docker run -d --name test_image ndanyluk/light-baseimage-${target_arch}:${target_version} + - docker run -d --name test_image ndanyluk/light-baseimage-${target_arch}:${target_version} sleep 10 - sleep 5 - sudo docker ps | grep -q test_image From b696ff05374eae969da5e2ece7a051d70ba61b0a Mon Sep 17 00:00:00 2001 From: Nick Danyluk Date: Thu, 6 Jun 2019 09:16:59 -0400 Subject: [PATCH 20/51] fixed docker push --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index f24c4619..07c476d3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -47,7 +47,7 @@ after_success: echo "PR build, skipping Docker Hub push"; else docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; - make tag-latest push push-latest ARCH=${target_arch} + make tag-latest push push-latest ARCH=${target_arch}; fi jobs: From 35b2b69a857dc9abd807d4998cc44711185da21e Mon Sep 17 00:00:00 2001 From: ndanyluk Date: Thu, 6 Jun 2019 09:34:32 -0400 Subject: [PATCH 21/51] substitute osixia for ndanyluk --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 09db8e67..390c2f74 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -NAME = ndanyluk/light-baseimage +NAME = osixia/light-baseimage VERSION = 1.1.2 ARCH = amd64 From 84cb0ce438c30035bd18464a144987f075e7ef71 Mon Sep 17 00:00:00 2001 From: ndanyluk Date: Thu, 6 Jun 2019 09:38:44 -0400 Subject: [PATCH 22/51] substitute osixia for ndanyluk --- .travis.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 07c476d3..ba5cd935 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,7 +38,7 @@ install: - make build ARCH=${target_arch} script: - - docker run -d --name test_image ndanyluk/light-baseimage-${target_arch}:${target_version} sleep 10 + - docker run -d --name test_image osixia/light-baseimage-${target_arch}:${target_version} sleep 10 - sleep 5 - sudo docker ps | grep -q test_image @@ -60,8 +60,8 @@ jobs: echo "PR build, skipping Docker Hub push"; else docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; - docker manifest create ndanyluk/light-baseimage:${target_version} ndanyluk/light-baseimage-armv7:${target_version} ndanyluk/light-baseimage-arm64:${target_version} ndanyluk/light-baseimage-amd64:${target_version}; - docker manifest create ndanyluk/light-baseimage:latest ndanyluk/light-baseimage-armv7:latest ndanyluk/light-baseimage-amd64:latest ndanyluk/light-baseimage-arm64:latest; - docker manifest push ndanyluk/light-baseimage:${target_version}; - docker manifest push ndanyluk/light-baseimage:latest; + docker manifest create osixia/light-baseimage:${target_version} osixia/light-baseimage-armv7:${target_version} osixia/light-baseimage-arm64:${target_version} osixia/light-baseimage-amd64:${target_version}; + docker manifest create osixia/light-baseimage:latest osixia/light-baseimage-armv7:latest osixia/light-baseimage-amd64:latest osixia/light-baseimage-arm64:latest; + docker manifest push osixia/light-baseimage:${target_version}; + docker manifest push osixia/light-baseimage:latest; fi From 977c26693a1e5aad563c1950b9ad429243882999 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 10 Jun 2019 12:09:54 +0200 Subject: [PATCH 23/51] [twgit] Init release 'release-1.2.0'. From a3a146e0a5b182624c72446399638db11a7be3c3 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 10 Jun 2019 12:16:04 +0200 Subject: [PATCH 24/51] v1.2.0 --- CHANGELOG.md | 4 ++++ Makefile | 2 +- README.md | 16 ++++++++-------- example/multiple-process-image/Dockerfile | 7 +++---- example/single-process-image/Dockerfile | 9 ++++----- 5 files changed, 20 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4bf770c..d64c5bef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## [1.2.0] - Unreleased +### Added + - Add multiarch support. Thanks to @ndanyluk ! + ## [1.1.2] - 2019-04-05 ### Added - jsonssl add support for traefik >= v1.6 acme.json file diff --git a/Makefile b/Makefile index 390c2f74..eefcf2e1 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ NAME = osixia/light-baseimage -VERSION = 1.1.2 +VERSION = 1.2.0 ARCH = amd64 .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version diff --git a/README.md b/README.md index 09c139eb..e6704364 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [hub]: https://hub.docker.com/r/osixia/light-baseimage/ -Latest release: 1.1.2 (debian stretch) - 1.0.2 (debian jessie) [Changelog](CHANGELOG.md) +Latest release: 1.2.0 (debian stretch) - 1.0.2 (debian jessie) [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/light-baseimage/)  A Debian 9 (Stretch) based docker image to build reliable image quickly. This image provide a simple opinionated solution to build multiple or single process image with minimum of layers and an optimized build. @@ -150,7 +150,7 @@ In the Dockerfile we are going to: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage - FROM osixia/light-baseimage:1.1.2 + FROM osixia/light-baseimage:1.2.0 MAINTAINER Your Name # Download nginx from apt-get and clean apt-get files @@ -393,7 +393,7 @@ In the Dockerfile we are going to: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage - FROM osixia/light-baseimage:1.1.2 + FROM osixia/light-baseimage:1.2.0 MAINTAINER Your Name # Install multiple process stack, nginx and php7.0-fpm and clean apt-get files @@ -595,7 +595,7 @@ Here simple Dockerfile example how to add a service-available to an image: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage - FROM osixia/light-baseimage:1.1.2 + FROM osixia/light-baseimage:1.2.0 MAINTAINER Your Name # Add cfssl and cron service-available @@ -665,7 +665,7 @@ What it does: *Run tool* takes several options, to list them: - docker run osixia/light-baseimage:1.1.2 --help + docker run osixia/light-baseimage:1.2.0 --help usage: run [-h] [-e] [-s] [-p] [-f] [-o {startup,process,finish}] [-c COMMAND [WHEN={startup,process,finish} ...]] [-k] [--wait-state FILENAME] [--wait-first-startup] [--keep-startup-env] @@ -776,7 +776,7 @@ If a main command is set for example: If a main command is set *run tool* launch it otherwise bash is launched. Example: - docker run -it osixia/light-baseimage:1.1.2 + docker run -it osixia/light-baseimage:1.2.0 ##### Extra environment variables @@ -852,8 +852,8 @@ Note this yaml definition: Can also be set by command line converted in python or json: - docker run -it --env FRUITS="#PYTHON2BASH:['orange','apple']" osixia/light-baseimage:1.1.2 printenv - docker run -it --env FRUITS="#JSON2BASH:[\"orange\",\"apple\"]" osixia/light-baseimage:1.1.2 printenv + docker run -it --env FRUITS="#PYTHON2BASH:['orange','apple']" osixia/light-baseimage:1.2.0 printenv + docker run -it --env FRUITS="#JSON2BASH:[\"orange\",\"apple\"]" osixia/light-baseimage:1.2.0 printenv ### Tests diff --git a/example/multiple-process-image/Dockerfile b/example/multiple-process-image/Dockerfile index 339d1dc5..145dfef3 100644 --- a/example/multiple-process-image/Dockerfile +++ b/example/multiple-process-image/Dockerfile @@ -1,15 +1,14 @@ # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage -FROM osixia/light-baseimage:1.1.2 -MAINTAINER Your Name +FROM osixia/light-baseimage:1.2.0 # Install multiple process stack, nginx and php7.0-fpm and clean apt-get files # https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-multiple-process-stack RUN apt-get -y update \ && /container/tool/add-multiple-process-stack \ && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - nginx \ - php7.0-fpm \ + nginx \ + php7.0-fpm \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/example/single-process-image/Dockerfile b/example/single-process-image/Dockerfile index 20c42c75..ec3e7613 100644 --- a/example/single-process-image/Dockerfile +++ b/example/single-process-image/Dockerfile @@ -1,14 +1,13 @@ # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage -FROM osixia/light-baseimage:1.1.2 -MAINTAINER Your Name +FROM osixia/light-baseimage:1.2.0 # Download nginx from apt-get and clean apt-get files RUN apt-get -y update \ && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - nginx \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + nginx \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Add service directory to /container/service ADD service /container/service From 21634cab3345ba67ca9d3bb167027eae5483e8bf Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 11 Jun 2019 22:08:14 +0200 Subject: [PATCH 25/51] shellcheck --- image/build.sh | 8 +- image/service-available/:cron/download.sh | 2 - image/service-available/:cron/install.sh | 2 - image/service-available/:cron/startup.sh | 2 - .../service-available/:logrotate/download.sh | 2 - image/service-available/:logrotate/install.sh | 2 - image/service-available/:logrotate/startup.sh | 8 +- image/service-available/:runit/download.sh | 2 - .../:ssl-tools/assets/tool/cfssl-helper | 420 +++++++++--------- .../:ssl-tools/assets/tool/jsonssl-helper | 204 +++++---- .../:ssl-tools/assets/tool/ssl-auto-renew | 244 +++++----- .../:ssl-tools/assets/tool/ssl-helper | 116 +++-- .../service-available/:ssl-tools/download.sh | 22 +- image/service-available/:ssl-tools/startup.sh | 6 +- .../:syslog-ng-core/download.sh | 2 - .../:syslog-ng-core/install.sh | 2 - .../:syslog-ng-core/startup.sh | 6 +- image/tool/add-multiple-process-stack | 2 - image/tool/add-service-available | 38 +- image/tool/complex-bash-env | 102 ++--- image/tool/log-helper | 138 +++--- image/tool/wait-process | 14 +- test/test_helper.bash | 64 +-- 23 files changed, 685 insertions(+), 723 deletions(-) diff --git a/image/build.sh b/image/build.sh index 9a6be6c4..4367dc9f 100755 --- a/image/build.sh +++ b/image/build.sh @@ -22,7 +22,7 @@ MINIMAL_APT_GET_INSTALL='apt-get install -y --no-install-recommends' ## https://journal.paul.querna.org/articles/2013/10/15/docker-ubuntu-on-rackspace/ ## http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594189 export INITRD=no -echo -n no > /container/environment/INITRD +printf no > /container/environment/INITRD apt-get update @@ -49,9 +49,9 @@ echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen locale-gen en_US update-locale LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 -echo -n en_US.UTF-8 > /container/environment/LANG -echo -n en_US.UTF-8 > /container/environment/LANGUAGE -echo -n en_US.UTF-8 > /container/environment/LC_CTYPE +printf en_US.UTF-8 > /container/environment/LANG +printf en_US.UTF-8 > /container/environment/LANGUAGE +printf en_US.UTF-8 > /container/environment/LC_CTYPE apt-get clean rm -rf /tmp/* /var/tmp/* diff --git a/image/service-available/:cron/download.sh b/image/service-available/:cron/download.sh index f5976ec0..b4f814a0 100755 --- a/image/service-available/:cron/download.sh +++ b/image/service-available/:cron/download.sh @@ -2,5 +2,3 @@ # download cron from apt-get LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends cron - -exit 0 diff --git a/image/service-available/:cron/install.sh b/image/service-available/:cron/install.sh index 26f3ecd6..ece21913 100755 --- a/image/service-available/:cron/install.sh +++ b/image/service-available/:cron/install.sh @@ -12,5 +12,3 @@ rm -f /etc/cron.daily/upstart rm -f /etc/cron.daily/dpkg rm -f /etc/cron.daily/password rm -f /etc/cron.weekly/fstrim - -exit 0 diff --git a/image/service-available/:cron/startup.sh b/image/service-available/:cron/startup.sh index 74739107..5f799253 100755 --- a/image/service-available/:cron/startup.sh +++ b/image/service-available/:cron/startup.sh @@ -10,5 +10,3 @@ find /etc/cron.daily/ -exec touch {} \; find /etc/cron.hourly/ -exec touch {} \; find /etc/cron.monthly/ -exec touch {} \; find /etc/cron.weekly/ -exec touch {} \; - -exit 0 diff --git a/image/service-available/:logrotate/download.sh b/image/service-available/:logrotate/download.sh index 9ff7a208..155c7abe 100755 --- a/image/service-available/:logrotate/download.sh +++ b/image/service-available/:logrotate/download.sh @@ -2,5 +2,3 @@ # download logrotate from apt-get LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends logrotate - -exit 0 diff --git a/image/service-available/:logrotate/install.sh b/image/service-available/:logrotate/install.sh index cbec0262..5323d037 100755 --- a/image/service-available/:logrotate/install.sh +++ b/image/service-available/:logrotate/install.sh @@ -2,5 +2,3 @@ rm -f /etc/logrotate.conf rm -f /etc/logrotate.d/syslog-ng - -exit 0 diff --git a/image/service-available/:logrotate/startup.sh b/image/service-available/:logrotate/startup.sh index fc1ead50..2d2d1223 100755 --- a/image/service-available/:logrotate/startup.sh +++ b/image/service-available/:logrotate/startup.sh @@ -1,8 +1,6 @@ #!/bin/sh -e log-helper level eq trace && set -x -ln -sf ${CONTAINER_SERVICE_DIR}/:logrotate/assets/config/logrotate.conf /etc/logrotate.conf -ln -sf ${CONTAINER_SERVICE_DIR}/:logrotate/assets/config/logrotate_syslogng /etc/logrotate.d/syslog-ng +ln -sf "${CONTAINER_SERVICE_DIR}/:logrotate/assets/config/logrotate.conf" /etc/logrotate.conf +ln -sf "${CONTAINER_SERVICE_DIR}/:logrotate/assets/config/logrotate_syslogng" /etc/logrotate.d/syslog-ng -chmod 444 -R ${CONTAINER_SERVICE_DIR}/:logrotate/assets/config/* - -exit 0 +chmod 444 -R "${CONTAINER_SERVICE_DIR}"/:logrotate/assets/config/* diff --git a/image/service-available/:runit/download.sh b/image/service-available/:runit/download.sh index 76edc922..e1d66a2e 100755 --- a/image/service-available/:runit/download.sh +++ b/image/service-available/:runit/download.sh @@ -2,5 +2,3 @@ # download runit from apt-get LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends runit - -exit 0 diff --git a/image/service-available/:ssl-tools/assets/tool/cfssl-helper b/image/service-available/:ssl-tools/assets/tool/cfssl-helper index c79ddbe5..5ae964f4 100755 --- a/image/service-available/:ssl-tools/assets/tool/cfssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/cfssl-helper @@ -13,224 +13,222 @@ CA_FILE=$4 log-helper debug "cfssl-helper is launched, everybody on the floor!" # before 0.2.5 retro compatibility, will be removed. -mkdir -p ${CONTAINER_SERVICE_DIR}/:cfssl/assets/default-ca -ln -sf ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/default-ca/default-ca.pem ${CONTAINER_SERVICE_DIR}/:cfssl/assets/default-ca/default-ca.pem +mkdir -p "${CONTAINER_SERVICE_DIR}/:cfssl/assets/default-ca" +ln -sf "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/default-ca/default-ca.pem" "${CONTAINER_SERVICE_DIR}/:cfssl/assets/default-ca/default-ca.pem" -if [ -z "$PREFIX" ] || [ -z "$CERT_FILE" ] || [ -z "$KEY_FILE" ] || [ -z "$CA_FILE" ]; then - log-helper error "Usage: cfssl-helper prefix cert_file key_file ca_file" - exit 1 +if [ -z "${PREFIX}" ] || [ -z "${CERT_FILE}" ] || [ -z "${KEY_FILE}" ] || [ -z "${CA_FILE}" ]; then + log-helper error "Usage: cfssl-helper prefix cert_file key_file ca_file" + exit 1 fi -if [ ! -e "$CERT_FILE" ] && [ ! -e "$KEY_FILE" ]; then - - log-helper info "No certificate file and certificate key provided, generate:" - log-helper info "$CERT_FILE and $KEY_FILE" - - LOG_LEVEL_PARAM="" - - case $CONTAINER_LOG_LEVEL in - 0 ) - LOG_LEVEL_PARAM="-loglevel 4";; - 1 ) - LOG_LEVEL_PARAM="-loglevel 3";; - 2 ) - LOG_LEVEL_PARAM="-loglevel 2";; - 3 ) - LOG_LEVEL_PARAM="-loglevel 1";; - 4 ) - LOG_LEVEL_PARAM="-loglevel 0";; - 5 ) - LOG_LEVEL_PARAM="-loglevel 0";; - esac - - # set env vars - PREFIX=${PREFIX^^} # uppercase - - # search for prefixed env var first - - # set prefix variable name - # example : PREFIX_CFSSL_REMOTE='MARIADB_CFSSL_REMOTE' - PREFIX_CFSSL_REMOTE=${PREFIX}_CFSSL_REMOTE - PREFIX_CFSSL_REMOTE_HTTPS_CA_CERT=${PREFIX}_CFSSL_REMOTE_HTTPS_CA_CERT - PREFIX_CFSSL_CA_CERT=${PREFIX}_CFSSL_CA_CERT - PREFIX_CFSSL_CA_KEY=${PREFIX}_CFSSL_CA_KEY - PREFIX_CFSSL_CSR=${PREFIX}_CFSSL_CSR - PREFIX_CFSSL_CSR_JSON=${PREFIX}_CFSSL_CSR_JSON - PREFIX_CFSSL_CONFIG=${PREFIX}_CFSSL_CONFIG - PREFIX_CFSSL_CONFIG_JSON=${PREFIX}_CFSSL_CONFIG_JSON - PREFIX_CFSSL_HOSTNAME=${PREFIX}_CFSSL_HOSTNAME - PREFIX_CFSSL_PROFILE=${PREFIX}_CFSSL_PROFILE - PREFIX_CFSSL_LABEL=${PREFIX}_CFSSL_LABEL - PREFIX_CFSSL_RETRY=${PREFIX}_CFSSL_RETRY - PREFIX_CFSSL_RETRY_DELAY=${PREFIX}_CFSSL_RETRY_DELAY - - # assign CFSSL_REMOTE=${!PREFIX_CFSSL_REMOTE} if value is not empty otherwise CFSSL_REMOTE=CFSSL_REMOTE - CFSSL_REMOTE=${!PREFIX_CFSSL_REMOTE:-$CFSSL_REMOTE} - CFSSL_REMOTE_HTTPS_CA_CERT=${!PREFIX_CFSSL_REMOTE_HTTPS_CA_CERT:-$CFSSL_REMOTE_HTTPS_CA_CERT} - CFSSL_CA_CERT=${!PREFIX_CFSSL_CA_CERT:-$CFSSL_CA_CERT} - CFSSL_CA_KEY=${!PREFIX_CFSSL_CA_KEY:-$CFSSL_CA_KEY} - CFSSL_CSR=${!PREFIX_CFSSL_CSR:-$CFSSL_CSR} - CFSSL_CSR_JSON=${!PREFIX_CFSSL_CSR_JSON:-$CFSSL_CSR_JSON} - CFSSL_CONFIG=${!PREFIX_CFSSL_CONFIG:-$CFSSL_CONFIG} - CFSSL_CONFIG_JSON=${!PREFIX_CFSSL_CONFIG_JSON:-$CFSSL_CONFIG_JSON} - CFSSL_HOSTNAME=${!PREFIX_CFSSL_HOSTNAME:-$CFSSL_HOSTNAME} - CFSSL_PROFILE=${!PREFIX_CFSSL_PROFILE:-$CFSSL_PROFILE} - CFSSL_LABEL=${!PREFIX_CFSSL_LABEL:-$CFSSL_LABEL} - CFSSL_RETRY=${!PREFIX_CFSSL_RETRY:-$CFSSL_RETRY} - CFSSL_RETRY_DELAY=${!PREFIX_CFSSL_RETRY_DELAY:-$CFSSL_RETRY_DELAY} - - source ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/cfssl-default-env - - # set csr file - CSR_FILE="/tmp/csr-file" - if [ -n "$CFSSL_CSR_JSON" ]; then - log-helper debug "use CFSSL_CSR_JSON value as csr file" - echo $CFSSL_CSR_JSON > $CSR_FILE - elif [ -n "$CFSSL_CSR" ]; then - log-helper debug "use $CFSSL_CSR as csr file" - cp -f $CFSSL_CSR $CSR_FILE - - # it's the default csr - if [ "$CFSSL_CSR" = "$CFSSL_DEFAULT_CSR" ]; then - sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_CN }}|${CFSSL_DEFAULT_CA_CSR_CN}|g" $CSR_FILE - sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_KEY_ALGO }}|${CFSSL_DEFAULT_CA_CSR_KEY_ALGO}|g" $CSR_FILE - sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_KEY_SIZE }}|${CFSSL_DEFAULT_CA_CSR_KEY_SIZE}|g" $CSR_FILE - sed -i "s|{{ CFSSL_CERT_ORGANIZATION_UNIT }}|${CFSSL_CERT_ORGANIZATION_UNIT}|g" $CSR_FILE - sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_ORGANIZATION }}|${CFSSL_DEFAULT_CA_CSR_ORGANIZATION}|g" $CSR_FILE - sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_ORGANIZATION_UNIT }}|${CFSSL_DEFAULT_CA_CSR_ORGANIZATION_UNIT}|g" $CSR_FILE - sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_LOCATION }}|${CFSSL_DEFAULT_CA_CSR_LOCATION}|g" $CSR_FILE - sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_STATE }}|${CFSSL_DEFAULT_CA_CSR_STATE}|g" $CSR_FILE - sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_COUNTRY }}|${CFSSL_DEFAULT_CA_CSR_COUNTRY}|g" $CSR_FILE +if [ ! -e "${CERT_FILE}" ] && [ ! -e "${KEY_FILE}" ]; then + + log-helper info "No certificate file and certificate key provided, generate:" + log-helper info "${CERT_FILE} and ${KEY_FILE}" + + LOG_LEVEL_PARAM="" + + case ${CONTAINER_LOG_LEVEL} in + 0 ) + LOG_LEVEL_PARAM="-loglevel 4";; + 1 ) + LOG_LEVEL_PARAM="-loglevel 3";; + 2 ) + LOG_LEVEL_PARAM="-loglevel 2";; + 3 ) + LOG_LEVEL_PARAM="-loglevel 1";; + 4 ) + LOG_LEVEL_PARAM="-loglevel 0";; + 5 ) + LOG_LEVEL_PARAM="-loglevel 0";; + esac + + # set env vars + PREFIX=${PREFIX^^} # uppercase + + # search for prefixed env var first + + # set prefix variable name + # example : PREFIX_CFSSL_REMOTE='MARIADB_CFSSL_REMOTE' + PREFIX_CFSSL_REMOTE=${PREFIX}_CFSSL_REMOTE + PREFIX_CFSSL_REMOTE_HTTPS_CA_CERT=${PREFIX}_CFSSL_REMOTE_HTTPS_CA_CERT + PREFIX_CFSSL_CA_CERT=${PREFIX}_CFSSL_CA_CERT + PREFIX_CFSSL_CA_KEY=${PREFIX}_CFSSL_CA_KEY + PREFIX_CFSSL_CSR=${PREFIX}_CFSSL_CSR + PREFIX_CFSSL_CSR_JSON=${PREFIX}_CFSSL_CSR_JSON + PREFIX_CFSSL_CONFIG=${PREFIX}_CFSSL_CONFIG + PREFIX_CFSSL_CONFIG_JSON=${PREFIX}_CFSSL_CONFIG_JSON + PREFIX_CFSSL_HOSTNAME=${PREFIX}_CFSSL_HOSTNAME + PREFIX_CFSSL_PROFILE=${PREFIX}_CFSSL_PROFILE + PREFIX_CFSSL_LABEL=${PREFIX}_CFSSL_LABEL + PREFIX_CFSSL_RETRY=${PREFIX}_CFSSL_RETRY + PREFIX_CFSSL_RETRY_DELAY=${PREFIX}_CFSSL_RETRY_DELAY + + # assign CFSSL_REMOTE=${!PREFIX_CFSSL_REMOTE} if value is not empty otherwise CFSSL_REMOTE=CFSSL_REMOTE + CFSSL_REMOTE=${!PREFIX_CFSSL_REMOTE:-$CFSSL_REMOTE} + CFSSL_REMOTE_HTTPS_CA_CERT=${!PREFIX_CFSSL_REMOTE_HTTPS_CA_CERT:-$CFSSL_REMOTE_HTTPS_CA_CERT} + CFSSL_CA_CERT=${!PREFIX_CFSSL_CA_CERT:-$CFSSL_CA_CERT} + CFSSL_CA_KEY=${!PREFIX_CFSSL_CA_KEY:-$CFSSL_CA_KEY} + CFSSL_CSR=${!PREFIX_CFSSL_CSR:-$CFSSL_CSR} + CFSSL_CSR_JSON=${!PREFIX_CFSSL_CSR_JSON:-$CFSSL_CSR_JSON} + CFSSL_CONFIG=${!PREFIX_CFSSL_CONFIG:-$CFSSL_CONFIG} + CFSSL_CONFIG_JSON=${!PREFIX_CFSSL_CONFIG_JSON:-$CFSSL_CONFIG_JSON} + CFSSL_HOSTNAME=${!PREFIX_CFSSL_HOSTNAME:-$CFSSL_HOSTNAME} + CFSSL_PROFILE=${!PREFIX_CFSSL_PROFILE:-$CFSSL_PROFILE} + CFSSL_LABEL=${!PREFIX_CFSSL_LABEL:-$CFSSL_LABEL} + CFSSL_RETRY=${!PREFIX_CFSSL_RETRY:-$CFSSL_RETRY} + CFSSL_RETRY_DELAY=${!PREFIX_CFSSL_RETRY_DELAY:-$CFSSL_RETRY_DELAY} + + source "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/cfssl-default-env" + + # set csr file + CSR_FILE="/tmp/csr-file" + if [ -n "${CFSSL_CSR_JSON}" ]; then + log-helper debug "use CFSSL_CSR_JSON value as csr file" + echo "${CFSSL_CSR_JSON}" > "${CSR_FILE}" + elif [ -n "${CFSSL_CSR}" ]; then + log-helper debug "use ${CFSSL_CSR} as csr file" + cp -f "${CFSSL_CSR}" "${CSR_FILE}" + + # it's the default csr + if [ "${CFSSL_CSR}" = "${CFSSL_DEFAULT_CSR}" ]; then + sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_CN }}|${CFSSL_DEFAULT_CA_CSR_CN}|g" "${CSR_FILE}" + sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_KEY_ALGO }}|${CFSSL_DEFAULT_CA_CSR_KEY_ALGO}|g" "${CSR_FILE}" + sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_KEY_SIZE }}|${CFSSL_DEFAULT_CA_CSR_KEY_SIZE}|g" "${CSR_FILE}" + sed -i "s|{{ CFSSL_CERT_ORGANIZATION_UNIT }}|${CFSSL_CERT_ORGANIZATION_UNIT}|g" "${CSR_FILE}" + sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_ORGANIZATION }}|${CFSSL_DEFAULT_CA_CSR_ORGANIZATION}|g" "${CSR_FILE}" + sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_ORGANIZATION_UNIT }}|${CFSSL_DEFAULT_CA_CSR_ORGANIZATION_UNIT}|g" "${CSR_FILE}" + sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_LOCATION }}|${CFSSL_DEFAULT_CA_CSR_LOCATION}|g" "${CSR_FILE}" + sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_STATE }}|${CFSSL_DEFAULT_CA_CSR_STATE}|g" "${CSR_FILE}" + sed -i "s|{{ CFSSL_DEFAULT_CA_CSR_COUNTRY }}|${CFSSL_DEFAULT_CA_CSR_COUNTRY}|g" "${CSR_FILE}" + fi + else + log-helper error "error: no csr file provided" + log-helper error "CFSSL_CSR_JSON and CFSSL_CSR are empty" + exit 1 fi - else - log-helper error "error: no csr file provided" - log-helper error "CFSSL_CSR_JSON and CFSSL_CSR are empty" - exit 1 - fi - - # generate cert - CONFIG_FILE="/tmp/config-file" - CERT_NAME="cert" - - REMOTE_PARAM="" - CA_CERT_PARAM="" - CA_KEY_PARAM="" - CONFIG_PARAM="" - HOSTNAME_PARAM="" - PROFILE_PARAM="" - LABEL_PARAM="" - - if [ -n "$CFSSL_REMOTE" ]; then - REMOTE_PARAM="-remote=$CFSSL_REMOTE" - - # add remote https ca cert to known certificates if not empty - if [ -n "$CFSSL_REMOTE_HTTPS_CA_CERT" ]; then - if [ -e "$CFSSL_REMOTE_HTTPS_CA_CERT" ]; then - [[ ! -d "/etc/ssl/certs/" ]] && mkdir -p /etc/ssl/certs/ - cat $CFSSL_REMOTE_HTTPS_CA_CERT >> /etc/ssl/certs/ca-certificates.crt - else - log-helper error "error: remote https ca cert file $CFSSL_REMOTE_HTTPS_CA_CERT not found" - fi + + # generate cert + CONFIG_FILE="/tmp/config-file" + CERT_NAME="cert" + + REMOTE_PARAM="" + CA_CERT_PARAM="" + CA_KEY_PARAM="" + CONFIG_PARAM="" + HOSTNAME_PARAM="" + PROFILE_PARAM="" + LABEL_PARAM="" + + if [ -n "${CFSSL_REMOTE}" ]; then + REMOTE_PARAM="-remote=${CFSSL_REMOTE}" + + # add remote https ca cert to known certificates if not empty + if [ -n "${CFSSL_REMOTE_HTTPS_CA_CERT}" ]; then + if [ -e "${CFSSL_REMOTE_HTTPS_CA_CERT}" ]; then + [[ ! -d "/etc/ssl/certs/" ]] && mkdir -p /etc/ssl/certs/ + cat "${CFSSL_REMOTE_HTTPS_CA_CERT}" >> /etc/ssl/certs/ca-certificates.crt + else + log-helper error "error: remote https ca cert file ${CFSSL_REMOTE_HTTPS_CA_CERT} not found" + fi + fi + + else + + # files path with : may cause issue with cfssl tools due to : + # ReadBytes - https://github.com/cloudflare/cfssl/blob/master/helpers/helpers.go#L573 + # : is used to split env from file path + # so we copy ca cert and key to tmp + if [ -n "${CFSSL_CA_CERT}" ]; then + + CFSSL_CA_CERT_FILE="/tmp/ca-cert-file" + cp -f "${CFSSL_CA_CERT}" "${CFSSL_CA_CERT_FILE}" + chmod 644 "${CFSSL_CA_CERT_FILE}" + + CA_CERT_PARAM="-ca ${CFSSL_CA_CERT_FILE}" + fi + + if [ -n "${CFSSL_CA_KEY}" ]; then + + CFSSL_CA_KEY_FILE="/tmp/ca-key-file" + cp -f "${CFSSL_CA_KEY}" "${CFSSL_CA_KEY_FILE}" + chmod 600 "${CFSSL_CA_CERT_FILE}" + + CA_KEY_PARAM="-ca-key ${CFSSL_CA_KEY_FILE}" + fi + fi - - else - - # files path with : may cause issue with cfssl tools due to : - # ReadBytes - https://github.com/cloudflare/cfssl/blob/master/helpers/helpers.go#L573 - # : is used to split env from file path - # so we copy ca cert and key to tmp - if [ -n "$CFSSL_CA_CERT" ]; then - - CFSSL_CA_CERT_FILE="/tmp/ca-cert-file" - cp -f $CFSSL_CA_CERT $CFSSL_CA_CERT_FILE - chmod 644 $CFSSL_CA_CERT_FILE - - CA_CERT_PARAM="-ca $CFSSL_CA_CERT_FILE" + + if [ -n "${CFSSL_CONFIG_JSON}" ]; then + log-helper debug "use CFSSL_CONFIG_JSON value as config file" + echo "${CFSSL_CONFIG_JSON}" > "${CONFIG_FILE}" + CONFIG_PARAM="-config ${CONFIG_FILE}" + + elif [ -n "${CFSSL_CONFIG}" ]; then + log-helper debug "use ${CFSSL_CONFIG} as config file" + cp -f "${CFSSL_CONFIG}" "${CONFIG_FILE}" + CONFIG_PARAM="-config ${CONFIG_FILE}" fi - - if [ -n "$CFSSL_CA_KEY" ]; then - - CFSSL_CA_KEY_FILE="/tmp/ca-key-file" - cp -f $CFSSL_CA_KEY $CFSSL_CA_KEY_FILE - chmod 600 $CFSSL_CA_CERT_FILE - - CA_KEY_PARAM="-ca-key $CFSSL_CA_KEY_FILE" - fi - - fi - - if [ -n "$CFSSL_CONFIG_JSON" ]; then - log-helper debug "use CFSSL_CONFIG_JSON value as config file" - echo $CFSSL_CONFIG_JSON > $CONFIG_FILE - CONFIG_PARAM="-config $CONFIG_FILE" - - elif [ -n "$CFSSL_CONFIG" ]; then - log-helper debug "use $CFSSL_CONFIG as config file" - cp -f $CFSSL_CONFIG $CONFIG_FILE - CONFIG_PARAM="-config $CONFIG_FILE" - fi - - [[ -n "$CFSSL_HOSTNAME" ]] && HOSTNAME_PARAM="-hostname $CFSSL_HOSTNAME" - [[ -n "$CFSSL_PROFILE" ]] && PROFILE_PARAM="-profile $CFSSL_PROFILE" - [[ -n "$CFSSL_LABEL" ]] && LABEL_PARAM="-label $CFSSL_LABEL" - - retry=0 - while [ $retry -lt $CFSSL_RETRY ]; do - log-helper debug "cfssl gencert $LOG_LEVEL_PARAM $REMOTE_PARAM $CA_CERT_PARAM $CA_KEY_PARAM $CONFIG_PARAM $HOSTNAME_PARAM $PROFILE_PARAM $LABEL_PARAM $CSR_FILE | cfssljson -bare /tmp/$CERT_NAME" - cfssl gencert $LOG_LEVEL_PARAM $REMOTE_PARAM $CA_CERT_PARAM $CA_KEY_PARAM $CONFIG_PARAM $HOSTNAME_PARAM $PROFILE_PARAM $LABEL_PARAM $CSR_FILE | cfssljson -bare /tmp/$CERT_NAME && break - sleep $CFSSL_RETRY_DELAY - ((retry++)) - done - - # move generated files - [[ ! -e "/tmp/$CERT_NAME.pem" ]] && exit 1 - log-helper debug "move /tmp/$CERT_NAME.pem to $CERT_FILE" - mv /tmp/$CERT_NAME.pem $CERT_FILE - - log-helper debug "move /tmp/$CERT_NAME-key.pem to $KEY_FILE" - mv /tmp/$CERT_NAME-key.pem $KEY_FILE - - # if ca file don't exists - if [ ! -e "$CA_FILE" ]; then - - if [ -n "$CFSSL_REMOTE" ]; then - log-helper debug "Get CA certificate from $CFSSL_REMOTE" - log-helper debug "cfssl info $LOG_LEVEL_PARAM $REMOTE_PARAM $CONFIG_PARAM $PROFILE_PARAM $LABEL_PARAM" - - retry=0 - while [ $retry -lt $CFSSL_RETRY ]; do - cfssl info $LOG_LEVEL_PARAM $REMOTE_PARAM $CONFIG_PARAM $PROFILE_PARAM $LABEL_PARAM | sed -e "s/.*certificate\":\"\(.*-----\)\".*/\1/g" | sed 's/\\n/\n/g' > $CA_FILE && break - sleep $CFSSL_RETRY_DELAY - log-helper debug "CA certificate returned save as $CA_FILE" + + [[ -n "${CFSSL_HOSTNAME}" ]] && HOSTNAME_PARAM="-hostname ${CFSSL_HOSTNAME}" + [[ -n "${CFSSL_PROFILE}" ]] && PROFILE_PARAM="-profile ${CFSSL_PROFILE}" + [[ -n "${CFSSL_LABEL}" ]] && LABEL_PARAM="-label ${CFSSL_LABEL}" + + retry=0 + while [ $retry -lt "${CFSSL_RETRY}" ]; do + log-helper debug "cfssl gencert ${LOG_LEVEL_PARAM} ${REMOTE_PARAM} ${CA_CERT_PARAM} ${CA_KEY_PARAM} ${CONFIG_PARAM} ${HOSTNAME_PARAM} ${PROFILE_PARAM} ${LABEL_PARAM} ${CSR_FILE} | cfssljson -bare /tmp/${CERT_NAME}" + cfssl gencert "${LOG_LEVEL_PARAM}" "${REMOTE_PARAM}" "${CA_CERT_PARAM}" "${CA_KEY_PARAM}" "${CONFIG_PARAM}" "${HOSTNAME_PARAM}" "${PROFILE_PARAM}" "${LABEL_PARAM}" "${CSR_FILE}" | cfssljson -bare "/tmp/${CERT_NAME}" && break + sleep "${CFSSL_RETRY_DELAY}" ((retry++)) - done - - [[ ! -e "$CA_FILE" ]] && exit 1 - - elif [ -n "$CFSSL_CA_CERT" ]; then - log-helper info "Link $CFSSL_CA_CERT to $CA_FILE" - ln -sf $CFSSL_CA_CERT $CA_FILE + done + + # move generated files + [[ ! -e "/tmp/${CERT_NAME}.pem" ]] && exit 1 + log-helper debug "move /tmp/${CERT_NAME}.pem to ${CERT_FILE}" + mv "/tmp/${CERT_NAME}.pem" "${CERT_FILE}" + + log-helper debug "move /tmp/${CERT_NAME}-key.pem to ${KEY_FILE}" + mv "/tmp/${CERT_NAME}-key.pem" "${KEY_FILE}" + + # if ca file don't exists + if [ ! -e "${CA_FILE}" ]; then + + if [ -n "${CFSSL_REMOTE}" ]; then + log-helper debug "Get CA certificate from ${CFSSL_REMOTE}" + log-helper debug "cfssl info ${LOG_LEVEL_PARAM} ${REMOTE_PARAM} ${CONFIG_PARAM} ${PROFILE_PARAM} ${LABEL_PARAM}" + + retry=0 + while [ $retry -lt "${CFSSL_RETRY}" ]; do + cfssl info "${LOG_LEVEL_PARAM}" "${REMOTE_PARAM}" "${CONFIG_PARAM}" "${PROFILE_PARAM}" "${LABEL_PARAM}" | sed -e "s/.*certificate\":\"\(.*-----\)\".*/\1/g" | sed 's/\\n/\n/g' > "${CA_FILE}" && break + sleep "${CFSSL_RETRY_DELAY}" + log-helper debug "CA certificate returned save as ${CA_FILE}" + ((retry++)) + done + + [[ ! -e "${CA_FILE}" ]] && exit 1 + + elif [ -n "${CFSSL_CA_CERT}" ]; then + log-helper info "Link ${CFSSL_CA_CERT} to ${CA_FILE}" + ln -sf "${CFSSL_CA_CERT}" "${CA_FILE}" + fi + fi - - fi - - # delete tmp files - rm -f /tmp/$CERT_NAME.csr $CONFIG_FILE $CSR_FILE - [[ -e "$CFSSL_CA_CERT_FILE" ]] && rm $CFSSL_CA_CERT_FILE - [[ -e "$CFSSL_CA_KEY_FILE" ]] && rm $CFSSL_CA_KEY_FILE - - log-helper debug "done :)" - -elif [ ! -e "$KEY_FILE" ]; then - log-helper error "Certificate file $CERT_FILE exists but not key file $KEY_FILE" - exit 1 -elif [ ! -e "$CERT_FILE" ]; then - log-helper error "Key file $KEY_FILE exists but not certificate file $CERT_FILE" - exit 1 + + # delete tmp files + rm -f /tmp/${CERT_NAME}.csr ${CONFIG_FILE} "${CSR_FILE}" + [[ -e "${CFSSL_CA_CERT_FILE}" ]] && rm "${CFSSL_CA_CERT_FILE}" + [[ -e "${CFSSL_CA_KEY_FILE}" ]] && rm "${CFSSL_CA_KEY_FILE}" + + log-helper debug "done :)" + + elif [ ! -e "${KEY_FILE}" ]; then + log-helper error "Certificate file ${CERT_FILE} exists but not key file ${KEY_FILE}" + exit 1 + elif [ ! -e "${CERT_FILE}" ]; then + log-helper error "Key file ${KEY_FILE} exists but not certificate file ${CERT_FILE}" + exit 1 else - log-helper debug "Files $CERT_FILE and $KEY_FILE exists, fix files permissions" - chmod 644 $CERT_FILE - chmod 600 $KEY_FILE + log-helper debug "Files ${CERT_FILE} and ${KEY_FILE} exists, fix files permissions" + chmod 644 "${CERT_FILE}" + chmod 600 "${KEY_FILE}" fi - -exit 0 diff --git a/image/service-available/:ssl-tools/assets/tool/jsonssl-helper b/image/service-available/:ssl-tools/assets/tool/jsonssl-helper index 35beec40..abd524aa 100755 --- a/image/service-available/:ssl-tools/assets/tool/jsonssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/jsonssl-helper @@ -13,112 +13,110 @@ CA_FILE=$4 log-helper debug "jsonssl-helper is launched, everybody on the floor!" -if [ -z "$PREFIX" ] || [ -z "$CERT_FILE" ] || [ -z "$KEY_FILE" ] || [ -z "$CA_FILE" ]; then - log-helper error "Usage: jsonssl-helper prefix cert_file key_file ca_file" - exit 1 -fi - -if [ ! -e "$CERT_FILE" ] && [ ! -e "$KEY_FILE" ]; then - - # set env vars - PREFIX=${PREFIX^^} # uppercase - - # search for prefixed env var first - - # set prefix variable name - # example : PREFIX_JSONSSL_FILE='MARIADB_JSONSSL_FILE' - PREFIX_JSONSSL_FILE=${PREFIX}_JSONSSL_FILE - PREFIX_JSONSSL_HOSTNAME=${PREFIX}_JSONSSL_HOSTNAME - - PREFIX_JSONSSL_PROFILE=${PREFIX}_JSONSSL_PROFILE - PREFIX_JSONSSL_GET_CA_CERT_CMD=${PREFIX}_JSONSSL_GET_CA_CERT_CMD - PREFIX_JSONSSL_GET_CERT_CMD=${PREFIX}_JSONSSL_GET_CERT_CMD - PREFIX_JSONSSL_GET_KEY_CMD=${PREFIX}_JSONSSL_GET_KEY_CMD - - # assign JSONSSL_FILE=${!PREFIX_JSONSSL_FILE} if value is not empty otherwise JSONSSL_FILE=JSONSSL_FILE - JSONSSL_FILE=${!PREFIX_JSONSSL_FILE:-$JSONSSL_FILE} - JSONSSL_HOSTNAME=${!PREFIX_JSONSSL_HOSTNAME:-$JSONSSL_HOSTNAME} - - JSONSSL_PROFILE=${!PREFIX_JSONSSL_PROFILE:-$JSONSSL_PROFILE} - JSONSSL_GET_CA_CERT_CMD=${!PREFIX_JSONSSL_GET_CA_CERT_CMD:-$JSONSSL_GET_CA_CERT_CMD} - JSONSSL_GET_CERT_CMD=${!PREFIX_JSONSSL_GET_CERT_CMD:-$JSONSSL_GET_CERT_CMD} - JSONSSL_GET_KEY_CMD=${!PREFIX_JSONSSL_GET_KEY_CMD:-$JSONSSL_GET_KEY_CMD} - - source ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/jsonssl-default-env - - if [ -z "$JSONSSL_FILE" ]; then - log-helper info "Variable JSONSSL_FILE is empty, set to default location:" - log-helper info "JSONSSL_FILE=$JSONSSL_FILE_DEFAULT" - JSONSSL_FILE=$JSONSSL_FILE_DEFAULT - fi - - if [ ! -e "$JSONSSL_FILE" ]; then - log-helper error "JSONSSL_FILE file '$JSONSSL_FILE' not found" +if [ -z "${PREFIX}" ] || [ -z "${CERT_FILE}" ] || [ -z "${KEY_FILE}" ] || [ -z "${CA_FILE}" ]; then + log-helper error "Usage: jsonssl-helper prefix cert_file key_file ca_file" exit 1 - fi - - # Json file profile, only traefik for now - if [ "${JSONSSL_PROFILE,,}" = "traefik" ]; then - # Let's Encrypt CA certificate is in cert file after the domain certificate. - # So we took what's after the first cert. - JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' $CERT_FILE" - - JSONSSL_GET_CERT_CMD="cat $JSONSSL_FILE | jq -r '[.Certificates[]] | map(select(.Domain.Main == \"$JSONSSL_HOSTNAME\")) | .[0].Certificate' | base64 -d" - JSONSSL_GET_KEY_CMD="cat $JSONSSL_FILE | jq -r '[.Certificates[]] | map(select(.Domain.Main == \"$JSONSSL_HOSTNAME\")) | .[0].Key' | base64 -d" - elif [ "${JSONSSL_PROFILE,,}" = "traefik_up_to_v1_6" ]; then - # Let's Encrypt CA certificate is in cert file after the domain certificate. - # So we took what's after the first cert. - JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' $CERT_FILE" - - JSONSSL_GET_CERT_CMD="cat $JSONSSL_FILE | jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] | map(select(.Domain == \"$JSONSSL_HOSTNAME\")) | .[0].Certificate' | base64 -d" - JSONSSL_GET_KEY_CMD="cat $JSONSSL_FILE | jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] | map(select(.Domain == \"$JSONSSL_HOSTNAME\")) | .[0].PrivateKey' | base64 -d" - fi - - log-helper debug "Run JSONSSL_GET_CERT_CMD: $JSONSSL_GET_CERT_CMD" - log-helper debug "put return in $CERT_FILE" - eval "$JSONSSL_GET_CERT_CMD" > $CERT_FILE +fi - if [ ! -s "$CERT_FILE" ]; then - log-helper error "Generated file '$CERT_FILE' is empty" - log-helper error "Set loglevel to debug for more information" +if [ ! -e "${CERT_FILE}" ] && [ ! -e "${KEY_FILE}" ]; then + + # set env vars + PREFIX=${PREFIX^^} # uppercase + + # search for prefixed env var first + + # set prefix variable name + # example : PREFIX_JSONSSL_FILE='MARIADB_JSONSSL_FILE' + PREFIX_JSONSSL_FILE=${PREFIX}_JSONSSL_FILE + PREFIX_JSONSSL_HOSTNAME=${PREFIX}_JSONSSL_HOSTNAME + + PREFIX_JSONSSL_PROFILE=${PREFIX}_JSONSSL_PROFILE + PREFIX_JSONSSL_GET_CA_CERT_CMD=${PREFIX}_JSONSSL_GET_CA_CERT_CMD + PREFIX_JSONSSL_GET_CERT_CMD=${PREFIX}_JSONSSL_GET_CERT_CMD + PREFIX_JSONSSL_GET_KEY_CMD=${PREFIX}_JSONSSL_GET_KEY_CMD + + # assign JSONSSL_FILE=${!PREFIX_JSONSSL_FILE} if value is not empty otherwise JSONSSL_FILE=JSONSSL_FILE + JSONSSL_FILE=${!PREFIX_JSONSSL_FILE:-$JSONSSL_FILE} + JSONSSL_HOSTNAME=${!PREFIX_JSONSSL_HOSTNAME:-$JSONSSL_HOSTNAME} + + JSONSSL_PROFILE=${!PREFIX_JSONSSL_PROFILE:-$JSONSSL_PROFILE} + JSONSSL_GET_CA_CERT_CMD=${!PREFIX_JSONSSL_GET_CA_CERT_CMD:-$JSONSSL_GET_CA_CERT_CMD} + JSONSSL_GET_CERT_CMD=${!PREFIX_JSONSSL_GET_CERT_CMD:-$JSONSSL_GET_CERT_CMD} + JSONSSL_GET_KEY_CMD=${!PREFIX_JSONSSL_GET_KEY_CMD:-$JSONSSL_GET_KEY_CMD} + + source "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/jsonssl-default-env" + + if [ -z "${JSONSSL_FILE}" ]; then + log-helper info "Variable JSONSSL_FILE is empty, set to default location:" + log-helper info "JSONSSL_FILE=${JSONSSL_FILE_DEFAULT}" + JSONSSL_FILE=${JSONSSL_FILE_DEFAULT} + fi + + if [ ! -e "${JSONSSL_FILE}" ]; then + log-helper error "JSONSSL_FILE file '${JSONSSL_FILE}' not found" + exit 1 + fi + + # Json file profile, only traefik for now + if [ "${JSONSSL_PROFILE,,}" = "traefik" ]; then + # Let's Encrypt CA certificate is in cert file after the domain certificate. + # So we took what's after the first cert. + JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' ${CERT_FILE}" + + JSONSSL_GET_CERT_CMD="cat ${JSONSSL_FILE} | jq -r '[.Certificates[]] | map(select(.Domain.Main == \"${JSONSSL_HOSTNAME}\")) | .[0].Certificate' | base64 -d" + JSONSSL_GET_KEY_CMD="cat ${JSONSSL_FILE} | jq -r '[.Certificates[]] | map(select(.Domain.Main == \"${JSONSSL_HOSTNAME}\")) | .[0].Key' | base64 -d" + elif [ "${JSONSSL_PROFILE,,}" = "traefik_up_to_v1_6" ]; then + # Let's Encrypt CA certificate is in cert file after the domain certificate. + # So we took what's after the first cert. + JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' ${CERT_FILE}" + + JSONSSL_GET_CERT_CMD="cat ${JSONSSL_FILE} | jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] | map(select(.Domain == \"${JSONSSL_HOSTNAME}\")) | .[0].Certificate' | base64 -d" + JSONSSL_GET_KEY_CMD="cat ${JSONSSL_FILE} | jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] | map(select(.Domain == \"${JSONSSL_HOSTNAME}\")) | .[0].PrivateKey' | base64 -d" + fi + + log-helper debug "Run JSONSSL_GET_CERT_CMD: ${JSONSSL_GET_CERT_CMD}" + log-helper debug "put return in ${CERT_FILE}" + eval "${JSONSSL_GET_CERT_CMD}" > "${CERT_FILE}" + + if [ ! -s "$CERT_FILE" ]; then + log-helper error "Generated file '${CERT_FILE}' is empty" + log-helper error "Set loglevel to debug for more information" + exit 1 + fi + + log-helper debug "Run JSONSSL_GET_KEY_CMD: ${JSONSSL_GET_KEY_CMD}" + log-helper debug "put return in ${KEY_FILE}" + eval "$JSONSSL_GET_KEY_CMD" > "${KEY_FILE}" + + if [ ! -s "${KEY_FILE}" ]; then + log-helper error "Generated file '${KEY_FILE}' is empty" + log-helper error "Set loglevel to debug for more information" + exit 1 + fi + + # if CA cert doesn't exist + if [ ! -e "$CA_FILE" ]; then + log-helper debug "Run JSONSSL_GET_CA_CERT_CMD: ${JSONSSL_GET_CA_CERT_CMD}" + log-helper debug "put return in ${CA_FILE}" + eval "$JSONSSL_GET_CA_CERT_CMD" > "${CA_FILE}" + + if [ ! -s "$CA_FILE" ]; then + log-helper error "Generated file '${CA_FILE}' is empty" + log-helper error "Set loglevel to debug for more information" + exit 1 + fi + fi + + log-helper debug "done :)" + + elif [ ! -e "${KEY_FILE}" ]; then + log-helper error "Certificate file ${CERT_FILE} exists but not key file ${KEY_FILE}" exit 1 - fi - - log-helper debug "Run JSONSSL_GET_KEY_CMD: $JSONSSL_GET_KEY_CMD" - log-helper debug "put return in $KEY_FILE" - eval "$JSONSSL_GET_KEY_CMD" > $KEY_FILE - - if [ ! -s "$KEY_FILE" ]; then - log-helper error "Generated file '$KEY_FILE' is empty" - log-helper error "Set loglevel to debug for more information" + elif [ ! -e "${CERT_FILE}" ]; then + log-helper error "Key file ${KEY_FILE} exists but not certificate file ${CERT_FILE}" exit 1 - fi - - # if CA cert doesn't exist - if [ ! -e "$CA_FILE" ]; then - log-helper debug "Run JSONSSL_GET_CA_CERT_CMD: $JSONSSL_GET_CA_CERT_CMD" - log-helper debug "put return in $CA_FILE" - eval "$JSONSSL_GET_CA_CERT_CMD" > $CA_FILE - - if [ ! -s "$CA_FILE" ]; then - log-helper error "Generated file '$CA_FILE' is empty" - log-helper error "Set loglevel to debug for more information" - exit 1 - fi - fi - - log-helper debug "done :)" - -elif [ ! -e "$KEY_FILE" ]; then - log-helper error "Certificate file $CERT_FILE exists but not key file $KEY_FILE" - exit 1 -elif [ ! -e "$CERT_FILE" ]; then - log-helper error "Key file $KEY_FILE exists but not certificate file $CERT_FILE" - exit 1 else - log-helper debug "Files $CERT_FILE and $KEY_FILE exists, fix files permissions" - chmod 644 $CERT_FILE - chmod 600 $KEY_FILE + log-helper debug "Files ${CERT_FILE} and ${KEY_FILE} exists, fix files permissions" + chmod 644 "${CERT_FILE}" + chmod 600 "${KEY_FILE}" fi - -exit 0 diff --git a/image/service-available/:ssl-tools/assets/tool/ssl-auto-renew b/image/service-available/:ssl-tools/assets/tool/ssl-auto-renew index 3a2ab985..78d8f7de 100755 --- a/image/service-available/:ssl-tools/assets/tool/ssl-auto-renew +++ b/image/service-available/:ssl-tools/assets/tool/ssl-auto-renew @@ -18,137 +18,135 @@ KEY_FROM_FILE=${10} CA_CERT_FROM_FILE=${11} function stop_impacted_services() { - # Stop impacted services - if [ -n "$IMPACTED_SERVICES" ]; then - log-helper info "Services to stop: $IMPACTED_SERVICES" - - impacted_services_table=("$IMPACTED_SERVICES") - for service in $impacted_services_table - do - log-helper info "Stopping $service..." - sv stop /container/run/process/$service - done - - log-helper info "All services are stopped" - fi + # Stop impacted services + if [ -n "${IMPACTED_SERVICES}" ]; then + log-helper info "Services to stop: ${IMPACTED_SERVICES}" + + impacted_services_table=("${IMPACTED_SERVICES}") + for service in "${impacted_services_table[@]}" + do + log-helper info "Stopping ${service}..." + sv stop "/container/run/process/${service}" + done + + log-helper info "All services are stopped" + fi } function start_impacted_services() { - # restart impacted services - if [ -n "$IMPACTED_SERVICES" ]; then - - impacted_services_table=("$IMPACTED_SERVICES") - for service in $impacted_services_table - do - log-helper info "Starting $service..." - sv start /container/run/process/$service - done - - log-helper info "All services are started" - fi + # restart impacted services + if [ -n "${IMPACTED_SERVICES}" ]; then + + impacted_services_table=("${IMPACTED_SERVICES}") + for service in "${impacted_services_table[@]}" + do + log-helper info "Starting ${service}..." + sv start "/container/run/process/${service}" + done + + log-helper info "All services are started" + fi } # renew from container files if [ "${FROM_FILES,,}" = "true" ]; then - - log-helper info "Check renew from files" - renew=false - - # File previous md5 - CERT_PREVIOUS_MD5=$(cat ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$CERT_FILE.md5) || true - KEY_PREVIOUS_MD5=$(cat ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$KEY_FILE.md5) || true - CA_CERT_PREVIOUS_MD5=$(cat ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$CA_FILE.md5) || true - - # from file current md5 - FROM_CERT_MD5=$(md5sum ${CERT_FROM_FILE} | awk '{ print $1 }') - FROM_KEY_MD5=$(md5sum ${KEY_FROM_FILE} | awk '{ print $1 }') - FROM_CA_CERT_MD5=$(md5sum ${CA_CERT_FROM_FILE} | awk '{ print $1 }') - - [[ "$CERT_PREVIOUS_MD5" != "$FROM_CERT_MD5" ]] && renew=true - [[ "$KEY_PREVIOUS_MD5" != "$FROM_KEY_MD5" ]] && renew=true - [[ "$CA_CERT_PREVIOUS_MD5" != "$FROM_CA_CERT_MD5" ]] && renew=true - - if ! $renew; then - log-helper info "Certificate files are identicals" - exit 0 - fi - - log-helper info "Certificate files are differents" - - stop_impacted_services - - if [ "$CERT_FROM_FILE" != "$CERT_FILE" ]; then - log-helper info "Copy $CERT_FROM_FILE to $CERT_FILE" - cp -f $CERT_FROM_FILE $CERT_FILE - fi - - if [ "$KEY_FROM_FILE" != "$KEY_FILE" ]; then - log-helper info "Copy $KEY_FROM_FILE to $KEY_FILE" - cp -f $KEY_FROM_FILE $KEY_FILE - fi - - if [ "$CA_CERT_FROM_FILE" != "$CA_FILE" ]; then - log-helper info "Copy $CA_CERT_FROM_FILE to $CA_FILE" - cp -f $CA_CERT_FROM_FILE $CA_FILE - fi - - log-helper info "Update file md5 with new values" - echo $FROM_CERT_MD5 > ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$CERT_FILE.md5 - echo $FROM_KEY_MD5 > ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$KEY_FILE.md5 - echo $FROM_CA_CERT_MD5 > ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$CA_FILE.md5 - - start_impacted_services - -# renew with cfssl or jsonssl -else - log-helper info "Check renew for cfssl or jsonssl" - - cert_ok=false - ca_ok=false - - # the certificate will expired in the next day - if openssl x509 -checkend 259200 -noout -in $CERT_FILE; then - log-helper info "The certificate '$CERT_FILE' is ok for the next 3 days at least." - cert_ok=true - fi - - if openssl x509 -checkend 259200 -noout -in $CA_FILE; then - log-helper info "The CA certificate '$CA_FILE' is ok for the next 3 days at least." - ca_ok=true - fi - - if [ "${SSL_HELPER_TOOL}" = "jsonssl-helper" ]; then - log-helper info "Check if $JSONSSL_FILE has changed" - JSONSSL_FILE_PREVIOUS_MD5=$(cat ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$JSONSSL_FILE.md5) || true - JSONSSL_FILE_MD5=$(md5sum ${JSONSSL_FILE} | awk '{ print $1 }') - - [[ "$JSONSSL_FILE_PREVIOUS_MD5" != "$JSONSSL_FILE_MD5" ]] && cert_ok=false - fi - - if $cert_ok && $ca_ok; then - log-helper info "Nothing to do :)" - exit 0 - fi - - log-helper info "Auto-renew on the way!" - - stop_impacted_services - - log-helper info "Remove certificate files" - rm -f $CERT_FILE $KEY_FILE $CA_FILE - - log-helper info "Regenerate certificate with $SSL_HELPER_TOOL" - $SSL_HELPER_TOOL $PREFIX $CERT_FILE $KEY_FILE $CA_FILE - - start_impacted_services - - if [ "${SSL_HELPER_TOOL}" = "jsonssl-helper" ]; then + + log-helper info "Check renew from files" + renew=false + + # File previous md5 + CERT_PREVIOUS_MD5=$(cat "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CERT_FILE}.md5") || true + KEY_PREVIOUS_MD5=$(cat "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${KEY_FILE}.md5") || true + CA_CERT_PREVIOUS_MD5=$(cat "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CA_FILE}.md5") || true + + # from file current md5 + FROM_CERT_MD5=$(md5sum "${CERT_FROM_FILE}" | awk '{ print $1 }') + FROM_KEY_MD5=$(md5sum "${KEY_FROM_FILE}" | awk '{ print $1 }') + FROM_CA_CERT_MD5=$(md5sum "${CA_CERT_FROM_FILE}" | awk '{ print $1 }') + + [[ "$CERT_PREVIOUS_MD5" != "$FROM_CERT_MD5" ]] && renew=true + [[ "$KEY_PREVIOUS_MD5" != "$FROM_KEY_MD5" ]] && renew=true + [[ "$CA_CERT_PREVIOUS_MD5" != "$FROM_CA_CERT_MD5" ]] && renew=true + + if ! $renew; then + log-helper info "Certificate files are identicals" + exit 0 + fi + + log-helper info "Certificate files are differents" + + stop_impacted_services + + if [ "${CERT_FROM_FILE}" != "${CERT_FILE}" ]; then + log-helper info "Copy ${CERT_FROM_FILE} to ${CERT_FILE}" + cp -f "${CERT_FROM_FILE}" "${CERT_FILE}" + fi + + if [ "${KEY_FROM_FILE}" != "${KEY_FILE}" ]; then + log-helper info "Copy ${KEY_FROM_FILE} to ${KEY_FILE}" + cp -f "${KEY_FROM_FILE}" "${KEY_FILE}" + fi + + if [ "${CA_CERT_FROM_FILE}" != "${CA_FILE}" ]; then + log-helper info "Copy ${CA_CERT_FROM_FILE} to ${CA_FILE}" + cp -f "${CA_CERT_FROM_FILE}" "${CA_FILE}" + fi + log-helper info "Update file md5 with new values" - echo "$JSONSSL_FILE_MD5" > ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$JSONSSL_FILE.md5 - fi - + echo "${FROM_CERT_MD5}" > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CERT_FILE}.md5" + echo "${FROM_KEY_MD5}" > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${KEY_FILE}.md5" + echo "${FROM_CA_CERT_MD5}" > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CA_FILE}.md5" + + start_impacted_services + + # renew with cfssl or jsonssl +else + log-helper info "Check renew for cfssl or jsonssl" + + cert_ok=false + ca_ok=false + + # the certificate will expired in the next day + if openssl x509 -checkend 259200 -noout -in "${CERT_FILE}"; then + log-helper info "The certificate '${CERT_FILE}' is ok for the next 3 days at least." + cert_ok=true + fi + + if openssl x509 -checkend 259200 -noout -in "${CA_FILE}"; then + log-helper info "The CA certificate '${CA_FILE}' is ok for the next 3 days at least." + ca_ok=true + fi + + if [ "${SSL_HELPER_TOOL}" = "jsonssl-helper" ]; then + log-helper info "Check if ${JSONSSL_FILE} has changed" + JSONSSL_FILE_PREVIOUS_MD5=$(cat "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${JSONSSL_FILE}.md5") || true + JSONSSL_FILE_MD5=$(md5sum "${JSONSSL_FILE}" | awk '{ print $1 }') + + [[ "${JSONSSL_FILE_PREVIOUS_MD5}" != "${JSONSSL_FILE_MD5}" ]] && cert_ok=false + fi + + if ${cert_ok} && ${ca_ok}; then + log-helper info "Nothing to do :)" + exit 0 + fi + + log-helper info "Auto-renew on the way!" + + stop_impacted_services + + log-helper info "Remove certificate files" + rm -f "${CERT_FILE}" "${KEY_FILE}" "${CA_FILE}" + + log-helper info "Regenerate certificate with ${SSL_HELPER_TOOL}" + ${SSL_HELPER_TOOL} "${PREFIX}" "${CERT_FILE}" "${KEY_FILE}" "${CA_FILE}" + + start_impacted_services + + if [ "${SSL_HELPER_TOOL}" = "jsonssl-helper" ]; then + log-helper info "Update file md5 with new values" + echo "${JSONSSL_FILE_MD5}" > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${JSONSSL_FILE}.md5" + fi + fi log-helper info "Auto-renew finished! Champagne!" - -exit 0 diff --git a/image/service-available/:ssl-tools/assets/tool/ssl-helper b/image/service-available/:ssl-tools/assets/tool/ssl-helper index 311390a5..8a5d717f 100755 --- a/image/service-available/:ssl-tools/assets/tool/ssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/ssl-helper @@ -32,71 +32,69 @@ SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE=${!PREFIX_SSL_HELPER_AUTO_RENEW_CERT_FROM_F SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE=${!PREFIX_SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE:-$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE} SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE=${!PREFIX_SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE:-$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE} -source ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/default-env +source "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/default-env" # call the certificate tool cfssl-helper (default) or jsonssl-helper -${SSL_HELPER_TOOL,,} $PREFIX $CERT_FILE $KEY_FILE $CA_FILE +${SSL_HELPER_TOOL,,} "${PREFIX}" "${CERT_FILE}" "${KEY_FILE}" "${CA_FILE}" # auto-renew certificates just before it expired # or if source files have changed if [ "${SSL_HELPER_AUTO_RENEW,,}" = "true" ]; then - - # only for multiple process images (uses cron) - if [ ! -e "/container/multiple_process_stack_added" ]; then - log-helper error "auto-renew is available only with multiple process images" - exit 1 - fi - - # if SSL_HELPER_AUTO_RENEW_FROM_FILES=true check certificate source files - if [ "${SSL_HELPER_AUTO_RENEW_FROM_FILES,,}" = "true" ]; then - - [[ -z "$SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE" ]] && SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE=$CERT_FILE - [[ -z "$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE" ]] && SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE=$KEY_FILE - [[ -z "$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE" ]] && SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE=$CA_FILE - - if [ ! -e "$SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE" ] || [ ! -e "$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE" ] || [ ! -e "$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE" ]; then - log-helper error "with SSL_HELPER_AUTO_RENEW_FROM_FILES=true the following files must exists:" - log-helper error "SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE=$SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE" - log-helper error "SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE=$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE" - log-helper error "SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE=$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE" - exit 1 + + # only for multiple process images (uses cron) + if [ ! -e "/container/multiple_process_stack_added" ]; then + log-helper error "auto-renew is available only with multiple process images" + exit 1 fi - - mkdir -p ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$(dirname "${CERT_FILE}") - mkdir -p ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$(dirname "${KEY_FILE}") - mkdir -p ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$(dirname "${CA_FILE}") - - # calculate certificates files md5 - md5sum ${CERT_FILE} | awk '{ print $1 }' > ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$CERT_FILE.md5 - md5sum ${KEY_FILE} | awk '{ print $1 }' > ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$KEY_FILE.md5 - md5sum ${CA_FILE} | awk '{ print $1 }' > ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$CA_FILE.md5 - - fi - - if [ "${SSL_HELPER_TOOL,,}" = "jsonssl-helper" ]; then - - PREFIX_JSONSSL_FILE=${PREFIX}_JSONSSL_FILE - JSONSSL_FILE=${!PREFIX_JSONSSL_FILE:-$JSONSSL_FILE} - - source ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/jsonssl-default-env - - if [ -z "$JSONSSL_FILE" ]; then - JSONSSL_FILE=$JSONSSL_FILE_DEFAULT + + # if SSL_HELPER_AUTO_RENEW_FROM_FILES=true check certificate source files + if [ "${SSL_HELPER_AUTO_RENEW_FROM_FILES,,}" = "true" ]; then + + [[ -z "${SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE}" ]] && SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE=${CERT_FILE} + [[ -z "${SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE}" ]] && SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE=${KEY_FILE} + [[ -z "${SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE}" ]] && SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE=${CA_FILE} + + if [ ! -e "${SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE}" ] || [ ! -e "${SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE}" ] || [ ! -e "${SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE}" ]; then + log-helper error "with SSL_HELPER_AUTO_RENEW_FROM_FILES=true the following files must exists:" + log-helper error "SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE=${SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE}" + log-helper error "SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE=${SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE}" + log-helper error "SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE=${SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE}" + exit 1 + fi + + mkdir -p "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$(dirname "${CERT_FILE}")" + mkdir -p "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$(dirname "${KEY_FILE}")" + mkdir -p "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$(dirname "${CA_FILE}")" + + # calculate certificates files md5 + md5sum "${CERT_FILE}" | awk '{ print $1 }' > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CERT_FILE}.md5" + md5sum "${KEY_FILE}" | awk '{ print $1 }' > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${KEY_FILE}.md5" + md5sum "${CA_FILE}" | awk '{ print $1 }' > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CA_FILE}.md5" + fi - - # calculate jsonssl file md5 - mkdir -p ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$(dirname "${JSONSSL_FILE}") - md5sum ${JSONSSL_FILE} | awk '{ print $1 }' > ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$JSONSSL_FILE.md5 - - fi - - # add cron job - echo "$SSL_HELPER_AUTO_RENEW_CRON_EXP root /usr/sbin/ssl-auto-renew ${SSL_HELPER_TOOL,,} $PREFIX $CERT_FILE $KEY_FILE $CA_FILE \"$SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED\" \"$JSONSSL_FILE\" \"$SSL_HELPER_AUTO_RENEW_FROM_FILES\" \"$SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE\" \"$SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE\" 2>&1 | /usr/bin/logger -t cron_ssl_auto_renew" > /etc/cron.d/$PREFIX - chmod 600 /etc/cron.d/$PREFIX - -# disable auto-renew if it was added -elif [ -e "/etc/cron.d/$PREFIX" ]; then - rm -f /etc/cron.d/$PREFIX + + if [ "${SSL_HELPER_TOOL,,}" = "jsonssl-helper" ]; then + + PREFIX_JSONSSL_FILE=${PREFIX}_JSONSSL_FILE + JSONSSL_FILE=${!PREFIX_JSONSSL_FILE:-$JSONSSL_FILE} + + source "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/jsonssl-default-env" + + if [ -z "${JSONSSL_FILE}" ]; then + JSONSSL_FILE=${JSONSSL_FILE_DEFAULT} + fi + + # calculate jsonssl file md5 + mkdir -p "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5$(dirname "${JSONSSL_FILE}")" + md5sum "${JSONSSL_FILE}" | awk '{ print $1 }' > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${JSONSSL_FILE}.md5" + + fi + + # add cron job + echo "${SSL_HELPER_AUTO_RENEW_CRON_EXP} root /usr/sbin/ssl-auto-renew ${SSL_HELPER_TOOL,,} ${PREFIX} ${CERT_FILE} ${KEY_FILE} ${CA_FILE} \"${SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED}\" \"${JSONSSL_FILE}\" \"${SSL_HELPER_AUTO_RENEW_FROM_FILES}\" \"${SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE}\" \"${SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE}\" \"${SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE}\" 2>&1 | /usr/bin/logger -t cron_ssl_auto_renew" > "/etc/cron.d/${PREFIX}" + chmod 600 "/etc/cron.d/${PREFIX}" + + # disable auto-renew if it was added + elif [ -e "/etc/cron.d/${PREFIX}" ]; then + rm -f "/etc/cron.d/${PREFIX}" fi - -exit 0 diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index 740f84ea..1c0708c4 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -1,18 +1,18 @@ -#!/bin/sh -e +#!/bin/bash -e # download curl and ca-certificate from apt-get if needed -to_install="" +to_install=() -if [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") -eq 0 ]; then - to_install="curl" +if [ "$(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then + to_install+=("curl") fi -if [ $(dpkg-query -W -f='${Status}' ca-certificates 2>/dev/null | grep -c "ok installed") -eq 0 ]; then - to_install="$to_install ca-certificates" +if [ "$(dpkg-query -W -f='${Status}' ca-certificates 2>/dev/null | grep -c "ok installed")" -eq 0 ]; then + to_install+=("ca-certificates") fi -if [ -n "$to_install" ]; then - LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $to_install +if [ ${#to_install[@]} -ne 0 ]; then + LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends "${to_install[@]}" fi LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends openssl jq @@ -28,8 +28,6 @@ chmod 700 /usr/sbin/cfssljson echo "Project sources: https://github.com/cloudflare/cfssl" # remove tools installed to download cfssl -if [ -n "$to_install" ]; then - apt-get remove -y --purge --auto-remove $to_install +if [ ${#to_install[@]} -ne 0 ]; then + apt-get remove -y --purge --auto-remove "${to_install[@]}" fi - -exit 0 diff --git a/image/service-available/:ssl-tools/startup.sh b/image/service-available/:ssl-tools/startup.sh index 27a66418..01890998 100755 --- a/image/service-available/:ssl-tools/startup.sh +++ b/image/service-available/:ssl-tools/startup.sh @@ -1,7 +1,5 @@ #!/bin/sh -e log-helper level eq trace && set -x -chmod 700 ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/tool/* -ln -sf ${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/tool/* /usr/sbin - -exit 0 +chmod 700 "${CONTAINER_SERVICE_DIR}"/:ssl-tools/assets/tool/* +ln -sf "${CONTAINER_SERVICE_DIR}"/:ssl-tools/assets/tool/* /usr/sbin diff --git a/image/service-available/:syslog-ng-core/download.sh b/image/service-available/:syslog-ng-core/download.sh index 5d98f1ef..92bc3df3 100755 --- a/image/service-available/:syslog-ng-core/download.sh +++ b/image/service-available/:syslog-ng-core/download.sh @@ -2,5 +2,3 @@ # download syslog-ng-core from apt-get LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends syslog-ng-core - -exit 0 diff --git a/image/service-available/:syslog-ng-core/install.sh b/image/service-available/:syslog-ng-core/install.sh index eb09ac5d..cc8a4a22 100755 --- a/image/service-available/:syslog-ng-core/install.sh +++ b/image/service-available/:syslog-ng-core/install.sh @@ -6,5 +6,3 @@ rm -f /etc/default/syslog-ng touch /var/log/syslog chmod u=rw,g=r,o= /var/log/syslog rm -f /etc/syslog-ng/syslog-ng.conf - -exit 0 diff --git a/image/service-available/:syslog-ng-core/startup.sh b/image/service-available/:syslog-ng-core/startup.sh index 76d66ac3..e0e1c5a5 100755 --- a/image/service-available/:syslog-ng-core/startup.sh +++ b/image/service-available/:syslog-ng-core/startup.sh @@ -1,8 +1,8 @@ #!/bin/sh -e log-helper level eq trace && set -x -ln -sf ${CONTAINER_SERVICE_DIR}/:syslog-ng-core/assets/config/syslog_ng_default /etc/default/syslog-ng -ln -sf ${CONTAINER_SERVICE_DIR}/:syslog-ng-core/assets/config/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf +ln -sf "${CONTAINER_SERVICE_DIR}/:syslog-ng-core/assets/config/syslog_ng_default" /etc/default/syslog-ng +ln -sf "${CONTAINER_SERVICE_DIR}/:syslog-ng-core/assets/config/syslog-ng.conf" /etc/syslog-ng/syslog-ng.conf # If /dev/log is either a named pipe or it was placed there accidentally, # e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25, @@ -20,5 +20,3 @@ fi # If /var/log is writable by another user logrotate will fail /bin/chown root:root /var/log /bin/chmod 0755 /var/log - -exit 0 diff --git a/image/tool/add-multiple-process-stack b/image/tool/add-multiple-process-stack index 9cee988e..131d8a7f 100755 --- a/image/tool/add-multiple-process-stack +++ b/image/tool/add-multiple-process-stack @@ -2,5 +2,3 @@ echo "Install the multiple process stack: runit, syslog-ng-core, logrotate and cron" /container/tool/add-service-available :runit :syslog-ng-core :logrotate :cron touch /container/multiple_process_stack_added - -exit 0 diff --git a/image/tool/add-service-available b/image/tool/add-service-available index 384566da..081f7c38 100755 --- a/image/tool/add-service-available +++ b/image/tool/add-service-available @@ -7,26 +7,24 @@ SERVICE_DIR="/container/service" SERVICE_AVAILABLE_DIR="/container/service-available" DOWNLOAD_FILENAME="download.sh" -for i in $@ +for i in "$@" do - - echo "add-service-available: $i" - if [ -d "${SERVICE_AVAILABLE_DIR}/$i" ]; then - - if [ -f ${SERVICE_AVAILABLE_DIR}/$i/${DOWNLOAD_FILENAME} ]; then - echo "run ${SERVICE_AVAILABLE_DIR}/$i/${DOWNLOAD_FILENAME}" - ${SERVICE_AVAILABLE_DIR}/$i/${DOWNLOAD_FILENAME} - echo "remove ${SERVICE_AVAILABLE_DIR}/$i/${DOWNLOAD_FILENAME}" - rm -f ${SERVICE_AVAILABLE_DIR}/$i/${DOWNLOAD_FILENAME} + + echo "add-service-available: ${i}" + if [ -d "${SERVICE_AVAILABLE_DIR}/${i}" ]; then + + if [ -f "${SERVICE_AVAILABLE_DIR}/${i}/${DOWNLOAD_FILENAME}" ]; then + echo "run ${SERVICE_AVAILABLE_DIR}/${i}/${DOWNLOAD_FILENAME}" + ${SERVICE_AVAILABLE_DIR}/"${i}"/"${DOWNLOAD_FILENAME}" + echo "remove ${SERVICE_AVAILABLE_DIR}/${i}/${DOWNLOAD_FILENAME}" + rm -f "${SERVICE_AVAILABLE_DIR}/${i}/${DOWNLOAD_FILENAME}" + fi + + echo "move ${SERVICE_AVAILABLE_DIR}/${i} to ${SERVICE_DIR}/${i}" + mv "${SERVICE_AVAILABLE_DIR}/${i}" "${SERVICE_DIR}/${i}" + + else + echo "service-available: ${i} not found in ${SERVICE_AVAILABLE_DIR}/${i}" + exit 1 fi - - echo "move ${SERVICE_AVAILABLE_DIR}/$i to ${SERVICE_DIR}/$i" - mv ${SERVICE_AVAILABLE_DIR}/$i ${SERVICE_DIR}/$i - - else - echo "service-available: $i not found in ${SERVICE_AVAILABLE_DIR}/$i" - exit 1 - fi done - -exit 0 diff --git a/image/tool/complex-bash-env b/image/tool/complex-bash-env index 0cebacaa..829bcd1b 100755 --- a/image/tool/complex-bash-env +++ b/image/tool/complex-bash-env @@ -3,87 +3,89 @@ call=$1 function iterate() { - local env_var_name=$1 - local env_var=${!env_var_name} - - if [ $(complex-bash-env isTable "$env_var") = true ]; then - echo $(complex-bash-env stripTablePrefix "$env_var") - else - echo "$env_var_name" - fi + local env_var_name=$1 + local env_var=${!env_var_name} + + if [ "$(complex-bash-env isTable "$env_var")" = true ]; then + complex-bash-env stripTablePrefix "${env_var}" + else + echo "${env_var_name}" + fi } function isTable() { - local env_var=$1 - if [ $(echo $env_var | grep "#COMPLEX_BASH_ENV:TABLE:" -c ) -eq 1 ]; then - echo true - else - echo false - fi + local env_var=$1 + if [ "$(echo "${env_var}" | grep "#COMPLEX_BASH_ENV:TABLE:" -c )" -eq 1 ]; then + echo true + else + echo false + fi } function isRow() { - local env_var=$1 - if [ $(echo $env_var | grep "#COMPLEX_BASH_ENV:ROW:" -c ) -eq 1 ]; then - echo true - else - echo false - fi + local env_var=$1 + if [ "$(echo "${env_var}" | grep "#COMPLEX_BASH_ENV:ROW:" -c )" -eq 1 ]; then + echo true + else + echo false + fi } function getRowKey() { - local env_var=$1 - local row_key_var_name=$(complex-bash-env getRowKeyVarName "$env_var") - echo "${!row_key_var_name}" + local env_var=$1 + local row_key_var_name + row_key_var_name=$(complex-bash-env getRowKeyVarName "$env_var") + echo "${!row_key_var_name}" } function getRowValue() { - local env_var=$1 - local row_value_var_name=$(complex-bash-env getRowValueVarName "$env_var") - echo "${!row_value_var_name}" + local env_var=$1 + local row_value_var_name + row_value_var_name=$(complex-bash-env getRowValueVarName "$env_var") + echo "${!row_value_var_name}" } function getRowKeyVarName() { - local env_var=$1 - local row=($(complex-bash-env getRow "$env_var")) - echo "${row[0]}" + local env_var=$1 + local row=($(complex-bash-env getRow "$env_var")) + echo "${row[0]}" } function getRowValueVarName() { - local env_var=$1 - local row=($(complex-bash-env getRow "$env_var")) - echo "${row[1]}" + local env_var=$1 + local row=($(complex-bash-env getRow "$env_var")) + echo "${row[1]}" } function getRow() { - local env_var=$1 - if [ $(complex-bash-env isRow "$env_var") = true ]; then - local env_var=$(complex-bash-env stripRowPrefix "$env_var") - echo "${env_var}" - else - echo "$env_var is not a complex bash env row" - exit 1 - fi + local env_var + env_var=$1 + if [ "$(complex-bash-env isRow "$env_var")" = true ]; then + local env_var + env_var=$(complex-bash-env stripRowPrefix "$env_var") + echo "${env_var}" + else + echo "$env_var is not a complex bash env row" + exit 1 + fi } function stripTablePrefix() { - local env_var=$1 - stripPrefix "$env_var" "#COMPLEX_BASH_ENV:TABLE:" + local env_var=$1 + stripPrefix "$env_var" "#COMPLEX_BASH_ENV:TABLE:" } function stripRowPrefix() { - local env_var=$1 - stripPrefix "$env_var" "#COMPLEX_BASH_ENV:ROW:" + local env_var=$1 + stripPrefix "$env_var" "#COMPLEX_BASH_ENV:ROW:" } function stripPrefix() { - local env_var=$1 - local prefix=$2 - local r=${env_var#$prefix} - echo $r + local env_var=$1 + local prefix=$2 + local r=${env_var#$prefix} + echo "${r}" } shift $call "$@" - -exit 0 diff --git a/image/tool/log-helper b/image/tool/log-helper index 1b7f910e..ad1c527b 100755 --- a/image/tool/log-helper +++ b/image/tool/log-helper @@ -19,10 +19,10 @@ log_level=${CONTAINER_LOG_LEVEL:-${LOG_LEVEL_INFO}} call=$1 # function to call (error, warning, info, debug, trace, level) if [[ ! "$call" =~ ^(error|warning|info|debug|trace|level)$ ]]; then - echo "Error: Function $call not found" - echo "Allowed functions are: error, warning, info, debug, trace, level" - echo "usage example: log-helper info hello !" - exit 1 + echo "Error: Function $call not found" + echo "Allowed functions are: error, warning, info, debug, trace, level" + echo "usage example: log-helper info hello !" + exit 1 fi @@ -30,94 +30,92 @@ echo_msg="" # message to print if required log level is set echo_param="" # echo command parameters function error() { - getEchoParams $@ - - if [ $log_level -ge 1 ]; then - echo $echo_param "$echo_msg" - fi + getEchoParams $@ + + if [ $log_level -ge 1 ]; then + echo $echo_param "$echo_msg" + fi } function warning() { - getEchoParams $@ - - if [ $log_level -ge 2 ]; then - echo $echo_param "$echo_msg" - fi + getEchoParams $@ + + if [ $log_level -ge 2 ]; then + echo $echo_param "$echo_msg" + fi } function info() { - getEchoParams $@ - - if [ $log_level -ge 3 ]; then - echo $echo_param "$echo_msg" - fi + getEchoParams $@ + + if [ $log_level -ge 3 ]; then + echo $echo_param "$echo_msg" + fi } function debug() { - getEchoParams $@ - - if [ $log_level -ge 4 ]; then - echo $echo_param "$echo_msg" - fi + getEchoParams $@ + + if [ $log_level -ge 4 ]; then + echo $echo_param "$echo_msg" + fi } function trace() { - getEchoParams $@ - - if [ $log_level -ge 5 ]; then - echo $echo_param "$echo_msg" - fi + getEchoParams $@ + + if [ $log_level -ge 5 ]; then + echo $echo_param "$echo_msg" + fi } function getMsgFromStdin() { - if [ -z "$2" ]; then - echo_msg=$(cat) - fi + if [ -z "$2" ]; then + echo_msg=$(cat) + fi } function getEchoParams() { - - echo_msg="$@" - - if [[ "$1" =~ ^(-e|-n|-E)$ ]]; then - echo_param=$1 - echo_msg=${echo_msg#$1 } - fi - - # read from pipe if echo_msg is empty - [[ -n "$echo_msg" ]] || getMsgFromStdin + + echo_msg="$@" + + if [[ "$1" =~ ^(-e|-n|-E)$ ]]; then + echo_param=$1 + echo_msg=${echo_msg#$1 } + fi + + # read from pipe if echo_msg is empty + [[ -n "$echo_msg" ]] || getMsgFromStdin } function level() { - - local operator=$1 - local loglevel_str=$2 - local loglevel_str=${loglevel_str^^} # uppercase - - if [[ ! "$operator" =~ ^(eq|ne|gt|ge|lt|le)$ ]]; then - echo "Error: Operator $operator not allowed" - echo "Allowed operators are: eq, ne, gt, ge, lt, le" - echo "Help: http://www.tldp.org/LDP/abs/html/comparison-ops.html" - exit 1 - fi - - if [ -z "$loglevel_str" ]; then - echo "Error: No log level provided" - echo "Allowed log level are: none, error, warning, info, debug, trace" - echo "usage example: log-helper level eq info" - exit 1 - fi - - local log_level_var=LOG_LEVEL_$loglevel_str - - if [ $log_level -$operator ${!log_level_var} ]; then - exit 0 - else - exit 1 - fi + + local operator=$1 + local loglevel_str=$2 + local loglevel_str=${loglevel_str^^} # uppercase + + if [[ ! "$operator" =~ ^(eq|ne|gt|ge|lt|le)$ ]]; then + echo "Error: Operator $operator not allowed" + echo "Allowed operators are: eq, ne, gt, ge, lt, le" + echo "Help: http://www.tldp.org/LDP/abs/html/comparison-ops.html" + exit 1 + fi + + if [ -z "$loglevel_str" ]; then + echo "Error: No log level provided" + echo "Allowed log level are: none, error, warning, info, debug, trace" + echo "usage example: log-helper level eq info" + exit 1 + fi + + local log_level_var=LOG_LEVEL_$loglevel_str + + if [ $log_level -$operator ${!log_level_var} ]; then + exit 0 + else + exit 1 + fi } shift $call "$@" - -exit 0 diff --git a/image/tool/wait-process b/image/tool/wait-process index 3ad9f3ec..8ac03f7e 100755 --- a/image/tool/wait-process +++ b/image/tool/wait-process @@ -3,16 +3,14 @@ # wait startup to finish while ! test -f /container/run/state/startup-done do - sleep 0.5 + sleep 0.5 done for process in "$@" do - # wait service - while ! ps cax | grep -c $process > /dev/null - do - sleep 0.5 - done + # wait service + while ! pgrep -c "${process}" > /dev/null + do + sleep 0.5 + done done - -exit 0 diff --git a/test/test_helper.bash b/test/test_helper.bash index 2297afad..15f5dc07 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -1,75 +1,75 @@ setup() { - IMAGE_NAME="$NAME:$VERSION" + IMAGE_NAME="$NAME:$VERSION" } # function relative to the current container / image build_image() { - #disable outputs - docker build -t $IMAGE_NAME $BATS_TEST_DIRNAME/../image &> /dev/null + #disable outputs + docker build -t $IMAGE_NAME $BATS_TEST_DIRNAME/../image &> /dev/null } run_image() { - CONTAINER_ID=$(docker run $@ -d $IMAGE_NAME) - CONTAINER_IP=$(get_container_ip_by_cid $CONTAINER_ID) + CONTAINER_ID=$(docker run $@ -d $IMAGE_NAME) + CONTAINER_IP=$(get_container_ip_by_cid $CONTAINER_ID) } start_container() { - start_containers_by_cid $CONTAINER_ID + start_containers_by_cid $CONTAINER_ID } stop_container() { - stop_containers_by_cid $CONTAINER_ID + stop_containers_by_cid $CONTAINER_ID } remove_container() { - remove_containers_by_cid $CONTAINER_ID + remove_containers_by_cid $CONTAINER_ID } clear_container() { - stop_containers_by_cid $CONTAINER_ID - remove_containers_by_cid $CONTAINER_ID + stop_containers_by_cid $CONTAINER_ID + remove_containers_by_cid $CONTAINER_ID } wait_process() { - wait_process_by_cid $CONTAINER_ID $@ + wait_process_by_cid $CONTAINER_ID $@ } # generic functions get_container_ip_by_cid() { - local IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $1) - echo "$IP" + local IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $1) + echo "$IP" } start_containers_by_cid() { - for cid in "$@" - do - #disable outputs - docker start $cid &> /dev/null - done + for cid in "$@" + do + #disable outputs + docker start $cid &> /dev/null + done } stop_containers_by_cid() { - for cid in "$@" - do - #disable outputs - docker stop $cid &> /dev/null - done + for cid in "$@" + do + #disable outputs + docker stop $cid &> /dev/null + done } remove_containers_by_cid() { - for cid in "$@" - do - #disable outputs - docker rm $cid &> /dev/null - done + for cid in "$@" + do + #disable outputs + docker rm $cid &> /dev/null + done } clear_containers_by_cid() { - stop_containers_by_cid $@ - remove_containers_by_cid $@ + stop_containers_by_cid $@ + remove_containers_by_cid $@ } wait_process_by_cid() { - cid=$1 - docker exec $cid /container/tool/wait-process ${@:2} + cid=$1 + docker exec $cid /container/tool/wait-process ${@:2} } From 8222da14ec8358e7022d09b18bff273781ac9d7e Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 11 Jun 2019 22:13:56 +0200 Subject: [PATCH 26/51] python3 --- image/build.sh | 2 +- image/tool/install-service | 10 +++++----- image/tool/run | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/image/build.sh b/image/build.sh index 4367dc9f..9a39e430 100755 --- a/image/build.sh +++ b/image/build.sh @@ -39,7 +39,7 @@ dpkg-divert --local --rename --add /usr/bin/ischroot ln -sf /bin/true /usr/bin/ischroot ## Install apt-utils. -$MINIMAL_APT_GET_INSTALL apt-utils apt-transport-https ca-certificates locales procps dirmngr gnupg iproute python-minimal python-yaml +$MINIMAL_APT_GET_INSTALL apt-utils apt-transport-https ca-certificates locales procps dirmngr gnupg iproute python3-minimal python3-yaml ## Upgrade all packages. apt-get dist-upgrade -y --no-install-recommends -o Dpkg::Options::="--force-confold" diff --git a/image/tool/install-service b/image/tool/install-service index 40835746..bb1deeca 100755 --- a/image/tool/install-service +++ b/image/tool/install-service @@ -9,27 +9,27 @@ nb_process = 0 print("install-service") # Auto run global install script if available if os.path.isfile(SERVICE_DIR + os.sep + INSTALL_FILENAME): - print("run " + SERVICE_DIR + os.sep + INSTALL_FILENAME) + print(("run " + SERVICE_DIR + os.sep + INSTALL_FILENAME)) subprocess.call([SERVICE_DIR + os.sep + INSTALL_FILENAME],shell=True) - print("remove " + SERVICE_DIR + os.sep + INSTALL_FILENAME + "\n") + print(("remove " + SERVICE_DIR + os.sep + INSTALL_FILENAME + "\n")) os.remove(SERVICE_DIR + os.sep + INSTALL_FILENAME) # Process install script of services in /container/service for service in sorted(os.listdir(SERVICE_DIR)): if os.path.isfile(SERVICE_DIR + os.sep + service + os.sep + INSTALL_FILENAME): - print("run " + SERVICE_DIR + os.sep + service + os.sep + INSTALL_FILENAME) + print(("run " + SERVICE_DIR + os.sep + service + os.sep + INSTALL_FILENAME)) subprocess.call([SERVICE_DIR + os.sep + service + os.sep + INSTALL_FILENAME],shell=True) - print("remove " + SERVICE_DIR + os.sep + service + os.sep + INSTALL_FILENAME) + print(("remove " + SERVICE_DIR + os.sep + service + os.sep + INSTALL_FILENAME)) os.remove(SERVICE_DIR + os.sep + service + os.sep + INSTALL_FILENAME) if os.path.isfile(SERVICE_DIR + os.sep + service + os.sep + PROCESS_FILENAME): nb_process += 1 -print(str(nb_process) + " process found.") +print((str(nb_process) + " process found.")) # Multiple process image if nb_process > 1: diff --git a/image/tool/run b/image/tool/run index 556c65ff..52d113b4 100755 --- a/image/tool/run +++ b/image/tool/run @@ -71,7 +71,7 @@ def trace(message): def debug_env_dump(): debug("------------ Environment dump ------------") - for name, value in os.environ.items(): + for name, value in list(os.environ.items()): debug(name + " = " + value) debug("------------------------------------------") @@ -159,14 +159,14 @@ def python_to_bash_envvar(name, value): def decode_python_envvars(): _environ = dict(os.environ) - for name, value in _environ.items(): + for name, value in list(_environ.items()): if value.startswith("#PYTHON2BASH:") : value = value.replace("#PYTHON2BASH:","",1) python_to_bash_envvar(name, value) def decode_json_envvars(): _environ = dict(os.environ) - for name, value in _environ.items(): + for name, value in list(_environ.items()): if value.startswith("#JSON2BASH:") : value = value.replace("#JSON2BASH:","",1) try: @@ -198,7 +198,7 @@ def generic_import_envvars(path, override_existing_environment): new_env[name] = value trace("import " + name + " from " + filePath + " --- ") - for name, value in new_env.items(): + for name, value in list(new_env.items()): if override_existing_environment or name not in os.environ: os.environ[name] = value trace("set : " + name + " = "+ os.environ[name]) @@ -218,7 +218,7 @@ def export_run_envvars(to_dir = True): warning("export_run_envvars: "+RUN_ENVIRONMENT_DIR+" don't exists") return shell_dump = "" - for name, value in os.environ.items(): + for name, value in list(os.environ.items()): if name in ['USER', 'GROUP', 'UID', 'GID', 'SHELL']: continue if to_dir: @@ -296,7 +296,7 @@ def import_env_files(): elif file.endswith(ENV_FILES_JSON_EXTENSIONS): env_vars = json.load(f) - for name, value in env_vars.items(): + for name, value in list(env_vars.items()): if not name in os.environ: if isinstance(value, list) or isinstance(value, dict): os.environ[name] = '#PYTHON2BASH:' + xstr(value) From 952c8163844cd5efeb018fe04b86a42161517eaa Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 11 Jun 2019 22:30:36 +0200 Subject: [PATCH 27/51] cfssl 1.3.3 --- image/service-available/:ssl-tools/download.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index 1c0708c4..3a271288 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -18,11 +18,11 @@ fi LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends openssl jq echo "Download cfssl ..." -curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.3.2/cfssl_linux-amd64 +curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.3.3/cfssl_linux-amd64 chmod 700 /usr/sbin/cfssl echo "Download cfssljson ..." -curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.3.2/cfssljson_linux-amd64 +curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.3.3/cfssljson_linux-amd64 chmod 700 /usr/sbin/cfssljson echo "Project sources: https://github.com/cloudflare/cfssl" From e4341f6731e56ecb89ae0b354f5da21ba096f230 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 11 Jun 2019 22:43:40 +0200 Subject: [PATCH 28/51] fix python3 shebang --- image/tool/install-service | 2 +- image/tool/run | 8 ++++---- image/tool/setuser | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/image/tool/install-service b/image/tool/install-service index bb1deeca..b8a57827 100755 --- a/image/tool/install-service +++ b/image/tool/install-service @@ -1,4 +1,4 @@ -#!/usr/bin/python -u +#!/usr/bin/python3 -u import os, os.path, subprocess SERVICE_DIR = "/container/service" diff --git a/image/tool/run b/image/tool/run index 52d113b4..d2544859 100755 --- a/image/tool/run +++ b/image/tool/run @@ -1,4 +1,4 @@ -#!/usr/bin/python -u +#!/usr/bin/python3 -u # -*- coding: utf-8 -*- import os, os.path, sys, stat, signal, errno, argparse, time, json, re, yaml, ast, socket, shutil, pwd, grp @@ -50,7 +50,7 @@ class AlarmException(Exception): pass def error(message): - if log_level >= LOG_LEVEL_ERROR: + if log_level >= LOG_LEVEL_ERROR: sys.stderr.write("*** %s\n" % message) def warning(message): @@ -463,9 +463,9 @@ def state_set_startup_done(): def state_reset_startup_done(): try: - os.remove(RUN_STATE_DIR+"/startup-done") + os.remove(RUN_STATE_DIR+"/startup-done") except OSError: - pass + pass def is_multiple_process_container(): return len(listdir(RUN_PROCESS_DIR)) > 1 diff --git a/image/tool/setuser b/image/tool/setuser index f5a04306..06d7430a 100755 --- a/image/tool/setuser +++ b/image/tool/setuser @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 ''' Copyright (c) 2013-2015 Phusion Holding B.V. From 4d62ebb7cb0658774d8d12acb20829e34b04d0eb Mon Sep 17 00:00:00 2001 From: anagno Date: Sat, 6 Jul 2019 15:59:24 +0200 Subject: [PATCH 29/51] Updating the reference to the bats automated testing system --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e6704364..e9e6c61c 100644 --- a/README.md +++ b/README.md @@ -859,7 +859,7 @@ Can also be set by command line converted in python or json: We use **Bats** (Bash Automated Testing System) to test this image: -> [https://github.com/sstephenson/bats](https://github.com/sstephenson/bats) +> [https://github.com/bats-core/bats-core](https://github.com/bats-core/bats-core) Install Bats, and in this project directory run: From d80f8289f99527ed92cd29aa51a153f4fa7b395f Mon Sep 17 00:00:00 2001 From: anagno Date: Sat, 6 Jul 2019 17:48:53 +0200 Subject: [PATCH 30/51] Updating the travis.yml Improving the travis.yml to inject the necessary dependencies to cross build our images. This leads to less duplication of code, since our Dockerfile do not need to be replicated. --- .travis.yml | 116 ++++++++++++++++++--------- Makefile | 18 +++-- image/{Dockerfile.old => Dockerfile} | 0 image/Dockerfile.amd64 | 12 --- image/Dockerfile.arm64 | 12 --- image/Dockerfile.armv7 | 12 --- 6 files changed, 87 insertions(+), 83 deletions(-) rename image/{Dockerfile.old => Dockerfile} (100%) delete mode 100644 image/Dockerfile.amd64 delete mode 100644 image/Dockerfile.arm64 delete mode 100644 image/Dockerfile.armv7 diff --git a/.travis.yml b/.travis.yml index ba5cd935..60234fa5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,54 +1,80 @@ -sudo: required - -language: generic +language: bash services: - docker - env: global: - - qemu_version=4.0.0 - - target_version=1.1.2 + - NAME="anagno/light-baseimage" + - VERSION="${TRAVIS_BRANCH}-${TRAVIS_COMMIT}" matrix: - - target_arch=amd64 qemu_arch=x86_64 - - target_arch=armv7 qemu_arch=arm -# - target_arch=armv6 qemu_arch=arm <------ NOT SUPPORTED BY DEBIAN STRETCH BASE IMAGE - - target_arch=arm64 qemu_arch=aarch64 + - TARGET_ARCH=amd64 QEMU_ARCH=x86_64 + - TARGET_ARCH=i386 QEMU_ARCH=i386 + - TARGET_ARCH=arm32v7 QEMU_ARCH=arm + - TARGET_ARCH=arm64v8 QEMU_ARCH=aarch64 + +addons: + apt: + # The docker manifest command was added in docker-ee version 18.x + # So update our current installation and we also have to enable the experimental features. + sources: + - sourceline: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable' + key_url: 'https://download.docker.com/linux/ubuntu/gpg' + packages: + - docker-ce before_install: - - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - - sudo apt-get update - - sudo apt-get -y install docker-ce + - docker --version - mkdir $HOME/.docker - 'echo "{" > $HOME/.docker/config.json' - 'echo " \"experimental\": \"enabled\"" >> $HOME/.docker/config.json' - 'echo "}" >> $HOME/.docker/config.json' - sudo service docker restart - - git clone https://github.com/sstephenson/bats.git - - cd bats + +install: + # For cross buidling our images + # This is necessary because travis-ci.org has only x86_64 machines. + # If travis-ci.org gets native arm builds, probably this step is not + # necessary any more. + - docker run --rm --privileged multiarch/qemu-user-static:register --reset + # Bats is necessary for the UT + - curl -o bats.tar.gz -SL https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz + - mkdir bats-core && tar -xf bats.tar.gz -C bats-core --strip-components=1 + - cd bats-core/ - sudo ./install.sh /usr/local - cd .. -install: - - docker run --rm --privileged multiarch/qemu-user-static:register - - curl -sLO https://github.com/multiarch/qemu-user-static/releases/download/v${qemu_version}/qemu-${qemu_arch}-static.tar.gz; - - tar -xzvf qemu-${qemu_arch}-static.tar.gz; - - mv qemu-${qemu_arch}-static image/ - - make build ARCH=${target_arch} +before_script: + # Injecting the necessary information and binaries for cross-compiling the images. + # In native builds this information and binaries are not necessary and that is why + # we are injecting them in the build scripts and we do not include them in the Dockerfiles + - if [[ "${TARGET_ARCH}" != 'amd64' ]]; then + sed -i "s/FROM debian/FROM ${TARGET_ARCH}\/debian/" image/Dockerfile; + fi + - if [[ "${TARGET_ARCH}" != 'amd64' ]]; then + sed -i "/${TARGET_ARCH}\/debian/a COPY \ + --from=multiarch/qemu-user-static:x86_64-${QEMU_ARCH} \ + /usr/bin/qemu-${QEMU_ARCH}-static /usr/bin/" image/Dockerfile; + fi + - cat image/Dockerfile; + # If this is a tag then change the VERSION variable to only have the + # tag name and not also the commit hash. + - if [ -n "$TRAVIS_TAG" ]; then + VERSION="${TRAVIS_TAG}"; + fi script: - - docker run -d --name test_image osixia/light-baseimage-${target_arch}:${target_version} sleep 10 - - sleep 5 - - sudo docker ps | grep -q test_image + - make build-nocache NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} after_success: - - if [ -z "$DOCKER_USER" ]; then - echo "PR build, skipping Docker Hub push"; - else - docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; - make tag-latest push push-latest ARCH=${target_arch}; - fi + - make test NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} + - docker run -d --name test_image ${NAME}:${VERSION}-${TARGET_ARCH} sleep 10 + - sleep 5 + - sudo docker ps | grep -q test_image + # To have `DOCKER_USER` and `DOCKER_PASS` + # use `travis env set`. + - docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; + - make tag NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} + - make push NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} jobs: include: @@ -56,12 +82,24 @@ jobs: install: skip script: skip after_success: - - if [ -z "$DOCKER_USER" ]; then - echo "PR build, skipping Docker Hub push"; - else - docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; - docker manifest create osixia/light-baseimage:${target_version} osixia/light-baseimage-armv7:${target_version} osixia/light-baseimage-arm64:${target_version} osixia/light-baseimage-amd64:${target_version}; - docker manifest create osixia/light-baseimage:latest osixia/light-baseimage-armv7:latest osixia/light-baseimage-amd64:latest osixia/light-baseimage-arm64:latest; - docker manifest push osixia/light-baseimage:${target_version}; - docker manifest push osixia/light-baseimage:latest; + - docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; + - docker manifest create ${NAME}:${VERSION} ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-i386 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8; + docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-amd64 --os linux --arch amd64; + docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-i386 --os linux --arch 386; + docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-arm32v7 --os linux --arch arm --variant v7; + docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-arm64v8 --os linux --arch arm64 --variant v8; + + # The latest tag is coming from the stable branch of the repo + - if [ "${TRAVIS_BRANCH}" == 'stable' ]; then + docker manifest create ${NAME}:latest ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-i386 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8; + docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-amd64 --os linux --arch amd64; + docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-i386 --os linux --arch 386; + docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm32v7 --os linux --arch arm --variant v7; + docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm64v8 --os linux --arch arm64 --variant v8; + fi + + - docker manifest push ${NAME}:${VERSION}; + if [ "${TRAVIS_BRANCH}" == 'stable' ]; then + docker manifest push ${NAME}:latest; fi + diff --git a/Makefile b/Makefile index eefcf2e1..9d59c978 100644 --- a/Makefile +++ b/Makefile @@ -1,26 +1,28 @@ -NAME = osixia/light-baseimage +NAME = anagno/light-baseimage VERSION = 1.2.0 -ARCH = amd64 .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version build: - docker build -f image/Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --rm image + docker build -f image/Dockerfile -t $(NAME):$(VERSION) --rm image build-nocache: - docker build -f image/Dockerfile.$(ARCH) -t $(NAME)-$(ARCH):$(VERSION) --no-cache --rm image + docker build -f image/Dockerfile -t $(NAME):$(VERSION) --no-cache --rm image test: - env NAME=$(NAME)-$(ARCH) VERSION=$(VERSION) bats test/test.bats + env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats + +tag: + docker tag $(NAME):$(VERSION) $(NAME):$(VERSION) tag-latest: - docker tag $(NAME)-$(ARCH):$(VERSION) $(NAME)-$(ARCH):latest + docker tag $(NAME):$(VERSION) $(NAME):latest push: - docker push $(NAME)-$(ARCH):$(VERSION) + docker push $(NAME):$(VERSION) push-latest: - docker push $(NAME)-$(ARCH):latest + docker push $(NAME):latest release: build test tag-latest push push-latest diff --git a/image/Dockerfile.old b/image/Dockerfile similarity index 100% rename from image/Dockerfile.old rename to image/Dockerfile diff --git a/image/Dockerfile.amd64 b/image/Dockerfile.amd64 deleted file mode 100644 index 606e2fdd..00000000 --- a/image/Dockerfile.amd64 +++ /dev/null @@ -1,12 +0,0 @@ -FROM debian:stretch-slim - -#COPY qemu-x86_64-static /usr/bin - -COPY . /container -RUN /container/build.sh - -ENV LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - LC_ALL="en_US.UTF-8" - -ENTRYPOINT ["/container/tool/run"] diff --git a/image/Dockerfile.arm64 b/image/Dockerfile.arm64 deleted file mode 100644 index 8596127b..00000000 --- a/image/Dockerfile.arm64 +++ /dev/null @@ -1,12 +0,0 @@ -FROM arm64v8/debian:stretch-slim - -COPY qemu-aarch64-static /usr/bin - -COPY . /container -RUN /container/build.sh - -ENV LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - LC_ALL="en_US.UTF-8" - -ENTRYPOINT ["/container/tool/run"] diff --git a/image/Dockerfile.armv7 b/image/Dockerfile.armv7 deleted file mode 100644 index a6cabe4a..00000000 --- a/image/Dockerfile.armv7 +++ /dev/null @@ -1,12 +0,0 @@ -FROM arm32v7/debian:stretch-slim - -COPY qemu-arm-static /usr/bin - -COPY . /container -RUN /container/build.sh - -ENV LANG="en_US.UTF-8" \ - LANGUAGE="en_US:en" \ - LC_ALL="en_US.UTF-8" - -ENTRYPOINT ["/container/tool/run"] From c34ae246d89e63d57125a77be3f767f4e303b365 Mon Sep 17 00:00:00 2001 From: anagno Date: Sun, 7 Jul 2019 03:30:09 +0200 Subject: [PATCH 31/51] Changing the default name and version of the image --- .travis.yml | 2 +- Makefile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 60234fa5..0c4e3316 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ services: - docker env: global: - - NAME="anagno/light-baseimage" + - NAME="osixia/light-baseimage" - VERSION="${TRAVIS_BRANCH}-${TRAVIS_COMMIT}" matrix: - TARGET_ARCH=amd64 QEMU_ARCH=x86_64 diff --git a/Makefile b/Makefile index 9d59c978..b3bc5b7f 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ -NAME = anagno/light-baseimage -VERSION = 1.2.0 +NAME = osixia/light-baseimage +VERSION = latest .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version From 4d958862d44cc54f6cf42bd82a9b87d792894af6 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 9 Jul 2019 10:46:14 +0200 Subject: [PATCH 32/51] Add multiarch support. Thanks to @ndanyluk and @anagno ! --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d64c5bef..5eb30944 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## [1.2.0] - Unreleased ### Added - - Add multiarch support. Thanks to @ndanyluk ! + - Add multiarch support. Thanks to @ndanyluk and @anagno ! ## [1.1.2] - 2019-04-05 ### Added From 3a9001ad4c65fb52ba36bae877d03f1e06ce0851 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 9 Jul 2019 10:55:17 +0200 Subject: [PATCH 33/51] Update README.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5eb30944..9dd5a8ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ ### Added - Add multiarch support. Thanks to @ndanyluk and @anagno ! +### Changed + - Upgrade python script to python3 + - Upgrade CFSSL version to 1.3.3 + +### Fixed + - Fix shellcheck errors and warnings on all scripts + ## [1.1.2] - 2019-04-05 ### Added - jsonssl add support for traefik >= v1.6 acme.json file From b2718f9bd559d3408b2e6a744591565750594f7c Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 9 Jul 2019 11:12:19 +0200 Subject: [PATCH 34/51] Use debian buster-slim as baseimage --- CHANGELOG.md | 1 + README.md | 79 ++++++++++++++++++++++++------------------------ image/Dockerfile | 2 +- 3 files changed, 41 insertions(+), 41 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9dd5a8ca..3b5328be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Add multiarch support. Thanks to @ndanyluk and @anagno ! ### Changed + - Use debian buster-slim as baseimage - Upgrade python script to python3 - Upgrade CFSSL version to 1.3.3 diff --git a/README.md b/README.md index e9e6c61c..fcfa7c73 100644 --- a/README.md +++ b/README.md @@ -6,65 +6,64 @@ [hub]: https://hub.docker.com/r/osixia/light-baseimage/ -Latest release: 1.2.0 (debian stretch) - 1.0.2 (debian jessie) [Changelog](CHANGELOG.md) +Latest release: 1.2.0 [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/light-baseimage/)  -A Debian 9 (Stretch) based docker image to build reliable image quickly. This image provide a simple opinionated solution to build multiple or single process image with minimum of layers and an optimized build. +A **Debian 10 (Buster)** based docker image to build reliable image quickly. This image provide a simple opinionated solution to build multiple or single process image with minimum of layers and an optimized build. The aims of this image is to be used as a base for your own Docker images. It's base on the awesome work of: [phusion/baseimage-docker](https://github.com/phusion/baseimage-docker) Other base distribution are available: - [Alpine 3.6](https://github.com/osixia/docker-light-baseimage/tree/feature-linux-alpine) | Beta | [Docker Hub](https://hub.docker.com/r/osixia/alpine-light-baseimage/) | [![](https://images.microbadger.com/badges/image/osixia/alpine-light-baseimage.svg)](http://microbadger.com/images/osixia/alpine-light-baseimage "Get your own image badge on microbadger.com") -- [Ubuntu 16:04](https://github.com/osixia/docker-light-baseimage/tree/ubuntu) | [Docker Hub](https://hub.docker.com/r/osixia/ubuntu-light-baseimage/) | [![](https://images.microbadger.com/badges/image/osixia/ubuntu-light-baseimage.svg)](http://microbadger.com/images/osixia/ubuntu-light-baseimage "Get your own image badge on microbadger.com") Table of Contents - [osixia/light-baseimage](#osixialight-baseimage) - - [Contributing](#contributing) - - [Overview](#overview) - - [Quick Start](#quick-start) - - [Image directories structure](#image-directories-structure) - - [Service directory structure](#service-directory-structure) - - [Create a single process image](#create-a-single-process-image) - - [Overview](#overview-1) - - [Dockerfile](#dockerfile) - - [Service files](#service-files) + - [Contributing](#Contributing) + - [Overview](#Overview) + - [Quick Start](#Quick-Start) + - [Image directories structure](#Image-directories-structure) + - [Service directory structure](#Service-directory-structure) + - [Create a single process image](#Create-a-single-process-image) + - [Overview](#Overview-1) + - [Dockerfile](#Dockerfile) + - [Service files](#Service-files) - [startup.sh](#startupsh) - [process.sh](#processsh) - - [Environment files](#environment-files) + - [Environment files](#Environment-files) - [default.yaml](#defaultyaml) - [default.startup.yaml](#defaultstartupyaml) - - [Build and test](#build-and-test) - - [Overriding default environment files at run time:](#overriding-default-environment-files-at-run-time) - - [Create a multiple process image](#create-a-multiple-process-image) - - [Overview](#overview-2) - - [Dockerfile](#dockerfile-1) - - [Service files](#service-files-1) + - [Build and test](#Build-and-test) + - [Overriding default environment files at run time:](#Overriding-default-environment-files-at-run-time) + - [Create a multiple process image](#Create-a-multiple-process-image) + - [Overview](#Overview-2) + - [Dockerfile](#Dockerfile-1) + - [Service files](#Service-files-1) - [install.sh](#installsh) - [process.sh](#processsh-1) - - [Build and test](#build-and-test-1) - - [Images Based On Light-Baseimage](#images-based-on-light-baseimage) - - [Image Assets](#image-assets) - - [Tools](#tools) - - [Services available](#services-available) - - [Advanced User Guide](#advanced-user-guide) - - [Service available](#service-available) - - [Fix docker mounted file problems](#fix-docker-mounted-file-problems) - - [Distribution packages documentation and locales](#distribution-packages-documentation-and-locales) - - [Mastering image tools](#mastering-image-tools) + - [Build and test](#Build-and-test-1) + - [Images Based On Light-Baseimage](#Images-Based-On-Light-Baseimage) + - [Image Assets](#Image-Assets) + - [Tools](#Tools) + - [Services available](#Services-available) + - [Advanced User Guide](#Advanced-User-Guide) + - [Service available](#Service-available) + - [Fix docker mounted file problems](#Fix-docker-mounted-file-problems) + - [Distribution packages documentation and locales](#Distribution-packages-documentation-and-locales) + - [Mastering image tools](#Mastering-image-tools) - [run](#run) - - [Run command line options](#run-command-line-options) - - [Run directory setup](#run-directory-setup) - - [Startup files environment setup](#startup-files-environment-setup) - - [Startup files execution](#startup-files-execution) - - [Process execution](#process-execution) - - [Single process image](#single-process-image) - - [Multiple process image](#multiple-process-image) - - [No process image](#no-process-image) - - [Extra environment variables](#extra-environment-variables) + - [Run command line options](#Run-command-line-options) + - [Run directory setup](#Run-directory-setup) + - [Startup files environment setup](#Startup-files-environment-setup) + - [Startup files execution](#Startup-files-execution) + - [Process execution](#Process-execution) + - [Single process image](#Single-process-image) + - [Multiple process image](#Multiple-process-image) + - [No process image](#No-process-image) + - [Extra environment variables](#Extra-environment-variables) - [log-helper](#log-helper) - [complex-bash-env](#complex-bash-env) - - [Tests](#tests) - - [Changelog](#changelog) + - [Tests](#Tests) + - [Changelog](#Changelog) ## Contributing diff --git a/image/Dockerfile b/image/Dockerfile index 0762141c..be4b87b1 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:stretch-slim +FROM debian:buster-slim COPY . /container RUN /container/build.sh From 7a43fb9c804b3e6d18839b3d1d5f5250ae1d05c5 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 9 Jul 2019 11:35:35 +0200 Subject: [PATCH 35/51] iproute2 --- image/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/build.sh b/image/build.sh index 9a39e430..342444e6 100755 --- a/image/build.sh +++ b/image/build.sh @@ -39,7 +39,7 @@ dpkg-divert --local --rename --add /usr/bin/ischroot ln -sf /bin/true /usr/bin/ischroot ## Install apt-utils. -$MINIMAL_APT_GET_INSTALL apt-utils apt-transport-https ca-certificates locales procps dirmngr gnupg iproute python3-minimal python3-yaml +$MINIMAL_APT_GET_INSTALL apt-utils apt-transport-https ca-certificates locales procps dirmngr gnupg iproute2 python3-minimal python3-yaml ## Upgrade all packages. apt-get dist-upgrade -y --no-install-recommends -o Dpkg::Options::="--force-confold" From d2e03d36bc19ef33a6c4e1cb0667c77b2229ef7e Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 10 Jul 2019 14:53:52 +0200 Subject: [PATCH 36/51] suffix tag with -dev --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 0c4e3316..1fc1506d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ services: env: global: - NAME="osixia/light-baseimage" - - VERSION="${TRAVIS_BRANCH}-${TRAVIS_COMMIT}" + - VERSION="${TRAVIS_BRANCH}-dev" matrix: - TARGET_ARCH=amd64 QEMU_ARCH=x86_64 - TARGET_ARCH=i386 QEMU_ARCH=i386 From 24ffdcdbce3a437bd20d4f8c17102460857918b8 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 10 Jul 2019 16:54:56 +0200 Subject: [PATCH 37/51] remove maintainer tag in dockerfiles --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index fcfa7c73..d60db9e0 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,6 @@ In the Dockerfile we are going to: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage FROM osixia/light-baseimage:1.2.0 - MAINTAINER Your Name # Download nginx from apt-get and clean apt-get files RUN apt-get -y update \ @@ -393,7 +392,6 @@ In the Dockerfile we are going to: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage FROM osixia/light-baseimage:1.2.0 - MAINTAINER Your Name # Install multiple process stack, nginx and php7.0-fpm and clean apt-get files # https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-multiple-process-stack @@ -595,7 +593,6 @@ Here simple Dockerfile example how to add a service-available to an image: # Use osixia/light-baseimage # https://github.com/osixia/docker-light-baseimage FROM osixia/light-baseimage:1.2.0 - MAINTAINER Your Name # Add cfssl and cron service-available # https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-service-available From 7aebae83614c4ffe663a8030cb71ebf4f49651fb Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 10 Jul 2019 16:57:30 +0200 Subject: [PATCH 38/51] Alpine link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d60db9e0..dcd4fcb2 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ A **Debian 10 (Buster)** based docker image to build reliable image quickly. Thi The aims of this image is to be used as a base for your own Docker images. It's base on the awesome work of: [phusion/baseimage-docker](https://github.com/phusion/baseimage-docker) Other base distribution are available: -- [Alpine 3.6](https://github.com/osixia/docker-light-baseimage/tree/feature-linux-alpine) | Beta | [Docker Hub](https://hub.docker.com/r/osixia/alpine-light-baseimage/) | [![](https://images.microbadger.com/badges/image/osixia/alpine-light-baseimage.svg)](http://microbadger.com/images/osixia/alpine-light-baseimage "Get your own image badge on microbadger.com") +- [Alpine](https://github.com/osixia/docker-light-baseimage/tree/feature-linux-alpine) | [Docker Hub](https://hub.docker.com/r/osixia/alpine-light-baseimage/) | [![](https://images.microbadger.com/badges/image/osixia/alpine-light-baseimage.svg)](http://microbadger.com/images/osixia/alpine-light-baseimage "Get your own image badge on microbadger.com") Table of Contents - [osixia/light-baseimage](#osixialight-baseimage) From 12db20d9b41c80d8f81ecd40d27e0ef71d956cec Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 10 Jul 2019 17:02:37 +0200 Subject: [PATCH 39/51] fix alpine link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dcd4fcb2..0d7229b2 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ A **Debian 10 (Buster)** based docker image to build reliable image quickly. Thi The aims of this image is to be used as a base for your own Docker images. It's base on the awesome work of: [phusion/baseimage-docker](https://github.com/phusion/baseimage-docker) Other base distribution are available: -- [Alpine](https://github.com/osixia/docker-light-baseimage/tree/feature-linux-alpine) | [Docker Hub](https://hub.docker.com/r/osixia/alpine-light-baseimage/) | [![](https://images.microbadger.com/badges/image/osixia/alpine-light-baseimage.svg)](http://microbadger.com/images/osixia/alpine-light-baseimage "Get your own image badge on microbadger.com") +- [Alpine](https://github.com/osixia/docker-light-baseimage/tree/alpine) | [Docker Hub](https://hub.docker.com/r/osixia/alpine-light-baseimage/) | [![](https://images.microbadger.com/badges/image/osixia/alpine-light-baseimage.svg)](http://microbadger.com/images/osixia/alpine-light-baseimage "Get your own image badge on microbadger.com") Table of Contents - [osixia/light-baseimage](#osixialight-baseimage) From a46dd16e7632d21e56fab75ae540b18f8646d889 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 10 Jul 2019 17:32:56 +0200 Subject: [PATCH 40/51] fix tag docker image name --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1fc1506d..9e448f3f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -59,7 +59,7 @@ before_script: # If this is a tag then change the VERSION variable to only have the # tag name and not also the commit hash. - if [ -n "$TRAVIS_TAG" ]; then - VERSION="${TRAVIS_TAG}"; + VERSION=$(echo "${TRAVIS_TAG}" | sed -e 's/\(.*\)[-v]\(.*\)/\1\2/g'); fi script: From c7eedb72c542abbb606b4c241fa917b4237aa2ae Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 15 Jul 2019 20:26:52 +0200 Subject: [PATCH 41/51] fix cfssl-helper --- .../service-available/:ssl-tools/assets/tool/cfssl-helper | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/image/service-available/:ssl-tools/assets/tool/cfssl-helper b/image/service-available/:ssl-tools/assets/tool/cfssl-helper index 5ae964f4..2e1859fb 100755 --- a/image/service-available/:ssl-tools/assets/tool/cfssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/cfssl-helper @@ -177,7 +177,7 @@ if [ ! -e "${CERT_FILE}" ] && [ ! -e "${KEY_FILE}" ]; then retry=0 while [ $retry -lt "${CFSSL_RETRY}" ]; do log-helper debug "cfssl gencert ${LOG_LEVEL_PARAM} ${REMOTE_PARAM} ${CA_CERT_PARAM} ${CA_KEY_PARAM} ${CONFIG_PARAM} ${HOSTNAME_PARAM} ${PROFILE_PARAM} ${LABEL_PARAM} ${CSR_FILE} | cfssljson -bare /tmp/${CERT_NAME}" - cfssl gencert "${LOG_LEVEL_PARAM}" "${REMOTE_PARAM}" "${CA_CERT_PARAM}" "${CA_KEY_PARAM}" "${CONFIG_PARAM}" "${HOSTNAME_PARAM}" "${PROFILE_PARAM}" "${LABEL_PARAM}" "${CSR_FILE}" | cfssljson -bare "/tmp/${CERT_NAME}" && break + eval cfssl gencert "${LOG_LEVEL_PARAM}" "${REMOTE_PARAM}" "${CA_CERT_PARAM}" "${CA_KEY_PARAM}" "${CONFIG_PARAM}" "${HOSTNAME_PARAM}" "${PROFILE_PARAM}" "${LABEL_PARAM}" "${CSR_FILE}" | cfssljson -bare "/tmp/${CERT_NAME}" && break sleep "${CFSSL_RETRY_DELAY}" ((retry++)) done @@ -195,13 +195,12 @@ if [ ! -e "${CERT_FILE}" ] && [ ! -e "${KEY_FILE}" ]; then if [ -n "${CFSSL_REMOTE}" ]; then log-helper debug "Get CA certificate from ${CFSSL_REMOTE}" - log-helper debug "cfssl info ${LOG_LEVEL_PARAM} ${REMOTE_PARAM} ${CONFIG_PARAM} ${PROFILE_PARAM} ${LABEL_PARAM}" retry=0 while [ $retry -lt "${CFSSL_RETRY}" ]; do - cfssl info "${LOG_LEVEL_PARAM}" "${REMOTE_PARAM}" "${CONFIG_PARAM}" "${PROFILE_PARAM}" "${LABEL_PARAM}" | sed -e "s/.*certificate\":\"\(.*-----\)\".*/\1/g" | sed 's/\\n/\n/g' > "${CA_FILE}" && break + log-helper debug "cfssl info ${LOG_LEVEL_PARAM} ${REMOTE_PARAM} ${CONFIG_PARAM} ${PROFILE_PARAM} ${LABEL_PARAM}" + eval cfssl info "${LOG_LEVEL_PARAM}" "${REMOTE_PARAM}" "${CONFIG_PARAM}" "${PROFILE_PARAM}" "${LABEL_PARAM}" | sed -e "s/.*certificate\":\"\(.*-----\)\".*/\1/g" | sed 's/\\n/\n/g' > "${CA_FILE}" && log-helper debug "CA certificate returned save as ${CA_FILE}" && break sleep "${CFSSL_RETRY_DELAY}" - log-helper debug "CA certificate returned save as ${CA_FILE}" ((retry++)) done From 98e1fe02da9dae3858669b6eceb91ae788481da7 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 18 Jul 2019 09:41:21 +0200 Subject: [PATCH 42/51] Upgrade cfssl 1.3.4 --- CHANGELOG.md | 2 +- image/service-available/:ssl-tools/download.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b5328be..2e83289e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ ### Changed - Use debian buster-slim as baseimage - Upgrade python script to python3 - - Upgrade CFSSL version to 1.3.3 + - Upgrade CFSSL version to 1.3.4 ### Fixed - Fix shellcheck errors and warnings on all scripts diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index 3a271288..265f748a 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -18,11 +18,11 @@ fi LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends openssl jq echo "Download cfssl ..." -curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.3.3/cfssl_linux-amd64 +curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.3.4/cfssl_linux-amd64 chmod 700 /usr/sbin/cfssl echo "Download cfssljson ..." -curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.3.3/cfssljson_linux-amd64 +curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.3.4/cfssljson_linux-amd64 chmod 700 /usr/sbin/cfssljson echo "Project sources: https://github.com/cloudflare/cfssl" From 86392ca0c28e8776cd3c2dc28477b62b9fc8f484 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Thu, 29 Aug 2019 10:58:38 +0200 Subject: [PATCH 43/51] cfssl multiarch support --- .travis.yml | 54 ++++++++++--------- .../service-available/:ssl-tools/download.sh | 40 +++++++++++++- 2 files changed, 68 insertions(+), 26 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9e448f3f..ce9ba640 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,8 +17,8 @@ addons: # The docker manifest command was added in docker-ee version 18.x # So update our current installation and we also have to enable the experimental features. sources: - - sourceline: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable' - key_url: 'https://download.docker.com/linux/ubuntu/gpg' + - sourceline: "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + key_url: "https://download.docker.com/linux/ubuntu/gpg" packages: - docker-ce @@ -31,10 +31,10 @@ before_install: - sudo service docker restart install: - # For cross buidling our images - # This is necessary because travis-ci.org has only x86_64 machines. - # If travis-ci.org gets native arm builds, probably this step is not - # necessary any more. + # For cross buidling our images + # This is necessary because travis-ci.org has only x86_64 machines. + # If travis-ci.org gets native arm builds, probably this step is not + # necessary any more. - docker run --rm --privileged multiarch/qemu-user-static:register --reset # Bats is necessary for the UT - curl -o bats.tar.gz -SL https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz @@ -46,27 +46,28 @@ install: before_script: # Injecting the necessary information and binaries for cross-compiling the images. # In native builds this information and binaries are not necessary and that is why - # we are injecting them in the build scripts and we do not include them in the Dockerfiles + # we are injecting them in the build scripts and we do not include them in the Dockerfiles - if [[ "${TARGET_ARCH}" != 'amd64' ]]; then - sed -i "s/FROM debian/FROM ${TARGET_ARCH}\/debian/" image/Dockerfile; + sed -i "s/FROM debian/FROM ${TARGET_ARCH}\/debian/" image/Dockerfile; fi - if [[ "${TARGET_ARCH}" != 'amd64' ]]; then - sed -i "/${TARGET_ARCH}\/debian/a COPY \ - --from=multiarch/qemu-user-static:x86_64-${QEMU_ARCH} \ - /usr/bin/qemu-${QEMU_ARCH}-static /usr/bin/" image/Dockerfile; + sed -i "/${TARGET_ARCH}\/debian/a COPY \ + --from=multiarch/qemu-user-static:x86_64-${QEMU_ARCH} \ + /usr/bin/qemu-${QEMU_ARCH}-static /usr/bin/" image/Dockerfile; fi - cat image/Dockerfile; # If this is a tag then change the VERSION variable to only have the # tag name and not also the commit hash. - if [ -n "$TRAVIS_TAG" ]; then - VERSION=$(echo "${TRAVIS_TAG}" | sed -e 's/\(.*\)[-v]\(.*\)/\1\2/g'); + VERSION=$(echo "${TRAVIS_TAG}" | sed -e 's/\(.*\)[-v]\(.*\)/\1\2/g'); fi script: - make build-nocache NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} - -after_success: + # Run the test and if the test fails mark the build as failed. - make test NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} + +before_deploy: - docker run -d --name test_image ${NAME}:${VERSION}-${TARGET_ARCH} sleep 10 - sleep 5 - sudo docker ps | grep -q test_image @@ -74,14 +75,20 @@ after_success: # use `travis env set`. - docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; - make tag NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} - - make push NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} + +deploy: + provider: script + on: + repo: osixia/docker-light-baseimage + all_branches: true + script: make push NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} jobs: include: - - stage: deploy + - stage: Manifest creation install: skip script: skip - after_success: + after_deploy: - docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; - docker manifest create ${NAME}:${VERSION} ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-i386 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8; docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-amd64 --os linux --arch amd64; @@ -91,15 +98,14 @@ jobs: # The latest tag is coming from the stable branch of the repo - if [ "${TRAVIS_BRANCH}" == 'stable' ]; then - docker manifest create ${NAME}:latest ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-i386 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8; - docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-amd64 --os linux --arch amd64; - docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-i386 --os linux --arch 386; - docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm32v7 --os linux --arch arm --variant v7; - docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm64v8 --os linux --arch arm64 --variant v8; + docker manifest create ${NAME}:latest ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-i386 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8; + docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-amd64 --os linux --arch amd64; + docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-i386 --os linux --arch 386; + docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm32v7 --os linux --arch arm --variant v7; + docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm64v8 --os linux --arch arm64 --variant v8; fi - docker manifest push ${NAME}:${VERSION}; if [ "${TRAVIS_BRANCH}" == 'stable' ]; then - docker manifest push ${NAME}:latest; + docker manifest push ${NAME}:latest; fi - diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index 265f748a..0c631504 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -1,5 +1,34 @@ #!/bin/bash -e +UARCH=$(uname -m) +echo "Architecture is ${UARCH}" + +case "${UARCH}" in + + "x86_64") + HOST_ARCH="amd64" + ;; + + "aarch64") + HOST_ARCH="arm64" + ;; + + "armv7l") + HOST_ARCH="arm" + ;; + + "i386") + HOST_ARCH="386" + ;; + + *) + echo "Architecture not supported. Exiting." + exit 1 + ;; +esac + +echo "Going to use ${HOST_ARCH} cfssl binaries" + # download curl and ca-certificate from apt-get if needed to_install=() @@ -17,12 +46,19 @@ fi LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends openssl jq +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923479 +if [[ "${HOST_ARCH}" == 'arm' ]]; then + LC_ALL=C DEBIAN_FRONTEND=noninteractive c_rehash +fi + echo "Download cfssl ..." -curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.3.4/cfssl_linux-amd64 +echo "curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.3.4/cfssl_linux-${HOST_ARCH}" +curl -o /usr/sbin/cfssl -SL "https://github.com/osixia/cfssl/releases/download/1.3.4/cfssl_linux-${HOST_ARCH}" chmod 700 /usr/sbin/cfssl echo "Download cfssljson ..." -curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.3.4/cfssljson_linux-amd64 +echo "curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.3.4/cfssljson_linux-${HOST_ARCH}" +curl -o /usr/sbin/cfssljson -SL "https://github.com/osixia/cfssl/releases/download/1.3.4/cfssljson_linux-${HOST_ARCH}" chmod 700 /usr/sbin/cfssljson echo "Project sources: https://github.com/cloudflare/cfssl" From a722b828eaf2bc57886a4af9029a133dba396485 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 4 Sep 2019 12:04:13 +0200 Subject: [PATCH 44/51] update syslog config --- .../:syslog-ng-core/assets/config/syslog-ng.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/image/service-available/:syslog-ng-core/assets/config/syslog-ng.conf b/image/service-available/:syslog-ng-core/assets/config/syslog-ng.conf index d9b964c0..839c118e 100644 --- a/image/service-available/:syslog-ng-core/assets/config/syslog-ng.conf +++ b/image/service-available/:syslog-ng-core/assets/config/syslog-ng.conf @@ -1,11 +1,11 @@ -@version: 3.8 +@version: 3.19 @include "scl.conf" # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # First, set some global options. -options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); +options { chain_hostnames(off); flush_lines(0); use_dns(no); dns-cache(no); use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); }; From 317d9724e7240667485f8a5b7708cf06f3d3c7f6 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Wed, 4 Sep 2019 12:04:29 +0200 Subject: [PATCH 45/51] update travis config --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ce9ba640..8ea81d04 100644 --- a/.travis.yml +++ b/.travis.yml @@ -79,7 +79,6 @@ before_deploy: deploy: provider: script on: - repo: osixia/docker-light-baseimage all_branches: true script: make push NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} From c37798a5b1598ad690e06df0f5fd99f371c8ce77 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Tue, 10 Sep 2019 19:29:36 +0200 Subject: [PATCH 46/51] add arm flavors --- image/service-available/:ssl-tools/download.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index 0c631504..eab4db68 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -9,11 +9,11 @@ case "${UARCH}" in HOST_ARCH="amd64" ;; - "aarch64") + "arm64" | "aarch64") HOST_ARCH="arm64" ;; - "armv7l") + "armv7l" | "armv6l" | "armhf" ) HOST_ARCH="arm" ;; From 776b2a16a154ea77fb133d59ea749e534043c8e8 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Fri, 11 Oct 2019 10:55:26 +0200 Subject: [PATCH 47/51] lint --- image/service-available/:ssl-tools/download.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index eab4db68..7226773e 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -13,7 +13,7 @@ case "${UARCH}" in HOST_ARCH="arm64" ;; - "armv7l" | "armv6l" | "armhf" ) + "armv7l" | "armv6l" | "armhf") HOST_ARCH="arm" ;; From da5294f30f17ddfcfbf6958fb0a7015604dfb3eb Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Sat, 9 Nov 2019 18:53:41 +0100 Subject: [PATCH 48/51] cfssl 1.4.0 --- CHANGELOG.md | 2 +- image/service-available/:ssl-tools/download.sh | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e83289e..114b5717 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ ### Changed - Use debian buster-slim as baseimage - Upgrade python script to python3 - - Upgrade CFSSL version to 1.3.4 + - Upgrade CFSSL version to 1.4.0 ### Fixed - Fix shellcheck errors and warnings on all scripts diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index 7226773e..2ef10e0f 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -52,13 +52,13 @@ if [[ "${HOST_ARCH}" == 'arm' ]]; then fi echo "Download cfssl ..." -echo "curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.3.4/cfssl_linux-${HOST_ARCH}" -curl -o /usr/sbin/cfssl -SL "https://github.com/osixia/cfssl/releases/download/1.3.4/cfssl_linux-${HOST_ARCH}" +echo "curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.4.0/cfssl_linux-${HOST_ARCH}" +curl -o /usr/sbin/cfssl -SL "https://github.com/osixia/cfssl/releases/download/1.4.0/cfssl_linux-${HOST_ARCH}" chmod 700 /usr/sbin/cfssl echo "Download cfssljson ..." -echo "curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.3.4/cfssljson_linux-${HOST_ARCH}" -curl -o /usr/sbin/cfssljson -SL "https://github.com/osixia/cfssl/releases/download/1.3.4/cfssljson_linux-${HOST_ARCH}" +echo "curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.4.0/cfssljson_linux-${HOST_ARCH}" +curl -o /usr/sbin/cfssljson -SL "https://github.com/osixia/cfssl/releases/download/1.4.0/cfssljson_linux-${HOST_ARCH}" chmod 700 /usr/sbin/cfssljson echo "Project sources: https://github.com/cloudflare/cfssl" From 5126572d1cdaad310502e34099e563563d67c261 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Fri, 15 Nov 2019 12:35:39 +0100 Subject: [PATCH 49/51] cfssl 1.4.1 --- CHANGELOG.md | 2 +- image/service-available/:ssl-tools/download.sh | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 114b5717..992349a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ ### Changed - Use debian buster-slim as baseimage - Upgrade python script to python3 - - Upgrade CFSSL version to 1.4.0 + - Upgrade CFSSL version to 1.4.1 ### Fixed - Fix shellcheck errors and warnings on all scripts diff --git a/image/service-available/:ssl-tools/download.sh b/image/service-available/:ssl-tools/download.sh index 2ef10e0f..985b1bb3 100755 --- a/image/service-available/:ssl-tools/download.sh +++ b/image/service-available/:ssl-tools/download.sh @@ -52,13 +52,13 @@ if [[ "${HOST_ARCH}" == 'arm' ]]; then fi echo "Download cfssl ..." -echo "curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.4.0/cfssl_linux-${HOST_ARCH}" -curl -o /usr/sbin/cfssl -SL "https://github.com/osixia/cfssl/releases/download/1.4.0/cfssl_linux-${HOST_ARCH}" +echo "curl -o /usr/sbin/cfssl -SL https://github.com/osixia/cfssl/releases/download/1.4.1/cfssl_linux-${HOST_ARCH}" +curl -o /usr/sbin/cfssl -SL "https://github.com/osixia/cfssl/releases/download/1.4.1/cfssl_linux-${HOST_ARCH}" chmod 700 /usr/sbin/cfssl echo "Download cfssljson ..." -echo "curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.4.0/cfssljson_linux-${HOST_ARCH}" -curl -o /usr/sbin/cfssljson -SL "https://github.com/osixia/cfssl/releases/download/1.4.0/cfssljson_linux-${HOST_ARCH}" +echo "curl -o /usr/sbin/cfssljson -SL https://github.com/osixia/cfssl/releases/download/1.4.1/cfssljson_linux-${HOST_ARCH}" +curl -o /usr/sbin/cfssljson -SL "https://github.com/osixia/cfssl/releases/download/1.4.1/cfssljson_linux-${HOST_ARCH}" chmod 700 /usr/sbin/cfssljson echo "Project sources: https://github.com/cloudflare/cfssl" From e608c371f04c9497ab0dd068bdaca374bed6bcef Mon Sep 17 00:00:00 2001 From: Bobonium Date: Mon, 17 Feb 2020 10:30:25 +0100 Subject: [PATCH 50/51] allow usage of additional hostnames in self signed certificate controlled by env var ADDITIONAL_HOSTNAMES should be comma separated list as per cfssl documentation --- image/service-available/:ssl-tools/assets/tool/cfssl-helper | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/image/service-available/:ssl-tools/assets/tool/cfssl-helper b/image/service-available/:ssl-tools/assets/tool/cfssl-helper index c79ddbe5..0936f1ad 100755 --- a/image/service-available/:ssl-tools/assets/tool/cfssl-helper +++ b/image/service-available/:ssl-tools/assets/tool/cfssl-helper @@ -170,6 +170,11 @@ if [ ! -e "$CERT_FILE" ] && [ ! -e "$KEY_FILE" ]; then CONFIG_PARAM="-config $CONFIG_FILE" fi + if [ -n "$ADDITIONAL_HOSTNAMES" ]; then + log-helper debug "additional hostnames found" + CFSSL_HOSTNAME="${CFSSL_HOSTNAME},${ADDITIONAL_HOSTNAMES}" + fi + [[ -n "$CFSSL_HOSTNAME" ]] && HOSTNAME_PARAM="-hostname $CFSSL_HOSTNAME" [[ -n "$CFSSL_PROFILE" ]] && PROFILE_PARAM="-profile $CFSSL_PROFILE" [[ -n "$CFSSL_LABEL" ]] && LABEL_PARAM="-label $CFSSL_LABEL" From 3292d04129fd58276c1f0b0e1ce4853c5c7633f1 Mon Sep 17 00:00:00 2001 From: Bertrand Gouny Date: Mon, 15 Jun 2020 15:38:17 +0200 Subject: [PATCH 51/51] v1.2.0 --- CHANGELOG.md | 4 ++- Makefile | 2 +- README.md | 78 ++++++++++++++++++++++++++-------------------------- 3 files changed, 43 insertions(+), 41 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 992349a4..e9d45ce1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,9 @@ # Changelog -## [1.2.0] - Unreleased +## [1.2.0] - 2020-06-15 ### Added - Add multiarch support. Thanks to @ndanyluk and @anagno ! + - Allow usage of additional hostnames in self signed certificate #19. Thanks to @Bobonium ### Changed - Use debian buster-slim as baseimage @@ -158,6 +159,7 @@ ## 0.1.0 - 2015-07-23 Initial release +[1.2.0]: https://github.com/osixia/docker-light-baseimage/compare/v1.1.2...v1.2.0 [1.1.2]: https://github.com/osixia/docker-light-baseimage/compare/v1.1.1...v1.1.2 [1.1.1]: https://github.com/osixia/docker-light-baseimage/compare/v1.1.0...v1.1.1 [1.1.0]: https://github.com/osixia/docker-light-baseimage/compare/v1.0.0...v1.1.0 diff --git a/Makefile b/Makefile index b3bc5b7f..ac8390ee 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ NAME = osixia/light-baseimage -VERSION = latest +VERSION = 1.2.0 .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version diff --git a/README.md b/README.md index 0d7229b2..75547675 100644 --- a/README.md +++ b/README.md @@ -18,52 +18,52 @@ Other base distribution are available: Table of Contents - [osixia/light-baseimage](#osixialight-baseimage) - - [Contributing](#Contributing) - - [Overview](#Overview) - - [Quick Start](#Quick-Start) - - [Image directories structure](#Image-directories-structure) - - [Service directory structure](#Service-directory-structure) - - [Create a single process image](#Create-a-single-process-image) - - [Overview](#Overview-1) - - [Dockerfile](#Dockerfile) - - [Service files](#Service-files) + - [Contributing](#contributing) + - [Overview](#overview) + - [Quick Start](#quick-start) + - [Image directories structure](#image-directories-structure) + - [Service directory structure](#service-directory-structure) + - [Create a single process image](#create-a-single-process-image) + - [Overview](#overview-1) + - [Dockerfile](#dockerfile) + - [Service files](#service-files) - [startup.sh](#startupsh) - [process.sh](#processsh) - - [Environment files](#Environment-files) + - [Environment files](#environment-files) - [default.yaml](#defaultyaml) - [default.startup.yaml](#defaultstartupyaml) - - [Build and test](#Build-and-test) - - [Overriding default environment files at run time:](#Overriding-default-environment-files-at-run-time) - - [Create a multiple process image](#Create-a-multiple-process-image) - - [Overview](#Overview-2) - - [Dockerfile](#Dockerfile-1) - - [Service files](#Service-files-1) + - [Build and test](#build-and-test) + - [Overriding default environment files at run time:](#overriding-default-environment-files-at-run-time) + - [Create a multiple process image](#create-a-multiple-process-image) + - [Overview](#overview-2) + - [Dockerfile](#dockerfile-1) + - [Service files](#service-files-1) - [install.sh](#installsh) - [process.sh](#processsh-1) - - [Build and test](#Build-and-test-1) - - [Images Based On Light-Baseimage](#Images-Based-On-Light-Baseimage) - - [Image Assets](#Image-Assets) - - [Tools](#Tools) - - [Services available](#Services-available) - - [Advanced User Guide](#Advanced-User-Guide) - - [Service available](#Service-available) - - [Fix docker mounted file problems](#Fix-docker-mounted-file-problems) - - [Distribution packages documentation and locales](#Distribution-packages-documentation-and-locales) - - [Mastering image tools](#Mastering-image-tools) + - [Build and test](#build-and-test-1) + - [Images Based On Light-Baseimage](#images-based-on-light-baseimage) + - [Image Assets](#image-assets) + - [Tools](#tools) + - [Services available](#services-available) + - [Advanced User Guide](#advanced-user-guide) + - [Service available](#service-available) + - [Fix docker mounted file problems](#fix-docker-mounted-file-problems) + - [Distribution packages documentation and locales](#distribution-packages-documentation-and-locales) + - [Mastering image tools](#mastering-image-tools) - [run](#run) - - [Run command line options](#Run-command-line-options) - - [Run directory setup](#Run-directory-setup) - - [Startup files environment setup](#Startup-files-environment-setup) - - [Startup files execution](#Startup-files-execution) - - [Process execution](#Process-execution) - - [Single process image](#Single-process-image) - - [Multiple process image](#Multiple-process-image) - - [No process image](#No-process-image) - - [Extra environment variables](#Extra-environment-variables) + - [Run command line options](#run-command-line-options) + - [Run directory setup](#run-directory-setup) + - [Startup files environment setup](#startup-files-environment-setup) + - [Startup files execution](#startup-files-execution) + - [Process execution](#process-execution) + - [Single process image](#single-process-image) + - [Multiple process image](#multiple-process-image) + - [No process image](#no-process-image) + - [Extra environment variables](#extra-environment-variables) - [log-helper](#log-helper) - [complex-bash-env](#complex-bash-env) - - [Tests](#Tests) - - [Changelog](#Changelog) + - [Tests](#tests) + - [Changelog](#changelog) ## Contributing @@ -754,7 +754,7 @@ The container environment is then exported to /container/run/environment and in If a main command is set for example: - docker run -it osixia/openldap:1.1.0 bash + docker run -it osixia/openldap:1.4.0 bash *Run tool* will execute the single process and the main command. If the main command exits the container exits. This is useful to debug or image development purpose. @@ -764,7 +764,7 @@ In a multiple process image *run tool* execute runit witch supervise /container/ If a main command is set for example: - docker run -it osixia/phpldapadmin:0.6.7 bash + docker run -it osixia/phpldapadmin:0.9.0 bash *run tool* will execute runit and the main command. If the main command exits the container exits. This is still useful to debug or image development purpose.