Merge branch 'release/v3.0.2'

CHANGELOG.md

@@ -4,6 +4,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.0.1...HEAD)
 
+## [3.0.2](https://github.com/passbolt/passbolt_docker/compare/v3.0.1...v3.0.2) - 2021-03-12
+
+- This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.0.1...v3.0.2) for passbolt_api
+
 ## [3.0.1](https://github.com/passbolt/passbolt_docker/compare/v3.0.0...v3.0.1) - 2021-02-24
 
 - This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v3.0.0...v3.0.1) for passbolt_api

spec/docker_image/image_spec.rb

@@ -11,7 +11,7 @@ describe 'Dockerfile' do
       'PASSBOLT_GPG_KEYRING'         => '/var/lib/passbolt/.gnupg'
     }
 
-    @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' })
+    @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => $dockerfile })
     set :docker_image, @image.id
     set :docker_container_create_options, { 'Cmd' => '/bin/sh' }
   end
@@ -28,7 +28,7 @@ describe 'Dockerfile' do
   let(:passbolt_tmp)    { '/var/lib/passbolt/tmp' }
   let(:passbolt_image)  { "#{passbolt_home}/webroot/img/public" }
   let(:passbolt_owner)  { 'www-data' }
-  let(:exposed_ports)   { [ '80', '443' ] }
+  let(:exposed_ports)   { [ $http_port, $https_port ] }
   let(:php_extensions)  { [
     'gd', 'intl', 'json', 'mysqlnd', 'xsl', 'phar',
     'posix', 'xml', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
@@ -55,6 +55,10 @@ describe 'Dockerfile' do
     end
   end
 
+  describe file($cron_service) do
+    it { should exist and be_executable }
+  end
+
   describe 'wait-for' do
     it 'is installed' do
       expect(file(wait_for)).to exist and be_executable
@@ -99,7 +103,7 @@ describe 'Dockerfile' do
     end
 
     it 'has the correct permissions' do
-      expect(file(nginx_conf)).to be_owned_by 'root'
+      expect(file(nginx_conf)).to be_owned_by $root_user
     end
   end
 
@@ -109,16 +113,12 @@ describe 'Dockerfile' do
     end
 
     it 'has the correct permissions' do
-      expect(file(site_conf)).to be_owned_by 'root'
+      expect(file(site_conf)).to be_owned_by $root_user
     end
 
     it 'points to the correct root folder' do
       expect(file(site_conf).content).to match "root #{passbolt_home}/webroot"
     end
-
-    it 'has server tokens off' do
-      expect(file(nginx_conf).content).to match(/^\s+server_tokens off;/)
-    end
   end
 
   describe 'ports exposed' do

spec/docker_runtime/runtime_spec.rb

@@ -24,7 +24,7 @@ describe 'passbolt_api service' do
       sleep 1
     end
 
-    @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' })
+    @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => $dockerfile })
     @container = Docker::Container.create(
       'Env' => [
         "DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}",
@@ -48,7 +48,7 @@ describe 'passbolt_api service' do
 
   let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
   let(:uri)               { "/healthcheck/status.json" }
-  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
+  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/#{uri}" }
 
   describe 'php service' do
     it 'is running supervised' do
@@ -67,12 +67,12 @@ describe 'passbolt_api service' do
       expect(service('nginx')).to be_running.under('supervisor')
     end
 
-    it 'is listening on port 80' do
-      expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp')
+    it "is listening on port #{$http_port}" do
+      expect(@container.json['Config']['ExposedPorts']).to have_key("#{$http_port}/tcp")
     end
 
-    it 'is listening on port 443' do
-      expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp')
+    it "is listening on port #{$https_port}" do
+      expect(@container.json['Config']['ExposedPorts']).to have_key("#{$https_port}/tcp")
     end
   end
 
@@ -90,13 +90,13 @@ describe 'passbolt_api service' do
   end
 
   describe 'hide information' do
-    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
+    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/" }
     it 'hides php version' do
       expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
     end
 
     it 'hides nginx version' do
-      expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx$/)
+      expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx.*$/)
     end
   end
 

spec/docker_runtime_no_envs/runtime_no_envs_spec.rb

@@ -24,7 +24,7 @@ describe 'passbolt_api service' do
       sleep 1
     end
 
-    @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => 'debian/Dockerfile' })
+    @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => $dockerfile })
 
     @container = Docker::Container.create(
       'Env' => [
@@ -47,7 +47,7 @@ describe 'passbolt_api service' do
 
   let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
   let(:uri)               { "/healthcheck/status.json" }
-  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
+  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/#{uri}" }
 
   describe 'php service' do
     it 'is running supervised' do
@@ -67,11 +67,11 @@ describe 'passbolt_api service' do
     end
 
     it 'is listening on port 80' do
-      expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp')
+      expect(@container.json['Config']['ExposedPorts']).to have_key("#{$http_port}/tcp")
     end
 
     it 'is listening on port 443' do
-      expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp')
+      expect(@container.json['Config']['ExposedPorts']).to have_key("#{$https_port}/tcp")
     end
   end
 
@@ -89,13 +89,13 @@ describe 'passbolt_api service' do
   end
 
   describe 'hide information' do
-    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
+    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/" }
     it 'hides php version' do
       expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
     end
 
     it 'hides nginx version' do
-      expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx$/)
+      expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx.*$/)
     end
   end
 

spec/spec_helper.rb

@@ -4,7 +4,23 @@ require 'docker'
 ROOT_DOCKERFILES = File.expand_path('../../', __FILE__)
 FIXTURES_PATH    = File::expand_path("fixtures", File::dirname(__FILE__))
 
+$cron_binary = '/usr/sbin/cron'
+$dockerfile = 'debian/Dockerfile'
+$http_port = '80'
+$https_port = '443'
+$root_user = 'root'
+
 set :backend, :docker
 Docker.options[:read_timeout]  = 3600
 Docker.options[:write_timeout] = 3600
 
+if ENV['ROOTLESS'] == "true"
+  $cron_binary = '/usr/local/bin/supercronic'
+  $dockerfile = 'debian/Dockerfile.rootless'
+  $http_port = '8080'
+  $https_port = '4433'
+  # Where www-data has to be the owner instead of root
+  $root_user = 'www-data'
+end
+
+puts($root_user)