From 4c3c18551bcab102a74fe99bda7666337aa6d467 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Alfonsi?= <cedric@passbolt.com>
Date: Tue, 17 Oct 2017 18:20:56 +0200
Subject: [PATCH] PHP7 Dev

---
 Dockerfile               | 66 ++++++++++++++++++++++------------------
 bin/docker-entrypoint.sh | 56 ++++++++++++++++++----------------
 conf/passbolt.conf       |  4 +--
 3 files changed, 69 insertions(+), 57 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e459854..3a0d25c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,29 +2,37 @@ FROM alpine:3.6
 
 MAINTAINER diego@passbolt.com
 
-ENV PASSBOLT_VERSION 1.6.3
+ENV PASSBOLT_VERSION 1.6.5
 ENV PASSBOLT_URL https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz
 
-ARG BASE_PHP_DEPS="php5-curl \
-      php5-common \
-      php5-gd \
-      php5-intl \
-      php5-json \
-      php5-mcrypt \
-      php5-mysql \
-      php5-xsl \
-      php5-fpm \
-      php5-phar \
-      php5-posix \
-      php5-xml \
-      php5-openssl \
-      php5-zlib \
-      php5-ctype \
-      php5-pdo \
-      php5-pdo_mysql \
-      php5-pear"
+ARG BASE_PHP_DEPS="php7-curl \
+      php7-common \
+      php7-gd \
+      php7-intl \
+      php7-json \
+      php7-mcrypt \
+      php7-mysqli \
+      php7-xsl \
+      php7-fpm \
+      php7-phar \
+      php7-posix \
+      php7-xml \
+      php7-openssl \
+      php7-zlib \
+      php7-ctype \
+      php7-pdo \
+      php7-pdo_mysql \
+      php7-pear \
+      php7-session \
+      php7-iconv \
+      php7-mbstring"
 
-ARG PHP_GNUPG_DEPS="php5-dev \
+ARG BASE_PHP_DEV_DEPS="php7-tokenizer \
+    php7-xmlwriter \
+    php7-simplexml \
+    php7-xdebug"
+
+ARG PHP_GNUPG_DEPS="php7-dev \
       make \
       gcc \
       g++ \
@@ -37,6 +45,7 @@ ARG PHP_GNUPG_DEPS="php5-dev \
       file"
 
 RUN apk add --no-cache $BASE_PHP_DEPS \
+      $BASE_PHP_DEV_DEPS \
       sed \
       tar \
       bash \
@@ -51,22 +60,21 @@ RUN apk add --no-cache $BASE_PHP_DEPS \
       mysql-client \
       ca-certificates
 
-RUN apk add --no-cache $PHP_GNUPG_DEPS  \
-    && ln -s /usr/bin/php5 /usr/bin/php \
-    && ln -s /usr/bin/phpize5 /usr/bin/phpize \
+RUN apk add --no-cache $PHP_GNUPG_DEPS \
     #https://bugs.alpinelinux.org/issues/5378
     && sed -i "s/ -n / /" $(which pecl) \
-    && pecl install gnupg memcache \
-    && echo "extension=memcache.so" > /etc/php5/conf.d/memcache.ini \
-    && echo "extension=gnupg.so" > /etc/php5/conf.d/gnupg.ini \
+    && pecl install gnupg \
+    && echo "extension=gnupg.so" > /etc/php7/conf.d/gnupg.ini \
     && apk del $PHP_GNUPG_DEPS \
     && curl -sS https://getcomposer.org/installer | php \
-    && mv composer.phar /usr/local/bin/composer \
-    && mkdir /var/www/passbolt \
+    && mv composer.phar /usr/local/bin/composer
+
+RUN mkdir /var/www/passbolt \
     && curl -sSL $PASSBOLT_URL | tar zxf - -C /var/www/passbolt --strip-components 1 \
     && chown -R nginx:nginx /var/www/passbolt \
+    && chmod -R a-w /var/www/passbolt \
     && chmod -R +w /var/www/passbolt/app/tmp \
-    && chmod +w /var/www/passbolt/app/webroot/img/public
+    && chmod -R +w /var/www/passbolt/app/webroot/img/public
 
 COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
 COPY bin/docker-entrypoint.sh /docker-entrypoint.sh
diff --git a/bin/docker-entrypoint.sh b/bin/docker-entrypoint.sh
index e3645f2..30fd748 100755
--- a/bin/docker-entrypoint.sh
+++ b/bin/docker-entrypoint.sh
@@ -2,8 +2,8 @@
 
 set -eo pipefail
 
-gpg_private_key=/var/www/passbolt/app/Config/gpg/serverkey.private.asc
-gpg_public_key=/var/www/passbolt/app/Config/gpg/serverkey.asc
+gpg_private_key=/var/www/passbolt/config/gpg/serverkey.private.asc
+gpg_public_key=/var/www/passbolt/config/gpg/serverkey.asc
 gpg=$(which gpg)
 
 core_config='/var/www/passbolt/app/Config/core.php'
@@ -14,7 +14,7 @@ ssl_key='/etc/ssl/certs/certificate.key'
 ssl_cert='/etc/ssl/certs/certificate.crt'
 
 gpg_gen_key() {
-  su -m -c "$gpg --batch --gen-key <<EOF
+  $gpg --batch --gen-key <<EOF
     Key-Type: 1
 		Key-Length: ${KEY_LENGTH:-2048}
 		Subkey-Type: 1
@@ -23,14 +23,14 @@ gpg_gen_key() {
 		Name-Email: ${KEY_EMAIL:-passbolt@yourdomain.com}
 		Expire-Date: ${KEY_EXPIRATION:-0}
 		%commit
-EOF" -ls /bin/bash nginx
+EOF
 
-  su -m -c "$gpg --armor --export-secret-keys $KEY_EMAIL > $gpg_private_key" -ls /bin/bash nginx
-  su -m -c "$gpg --armor --export $KEY_EMAIL > $gpg_public_key" -ls /bin/bash nginx
+  $gpg --armor --export-secret-keys $KEY_EMAIL > $gpg_private_key
+  $gpg --armor --export $KEY_EMAIL > $gpg_public_key
+  gpg_auto_fingerprint=`$gpg --fingerprint $KEY_EMAIL | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'`
 }
 
 gpg_import_key() {
-
   local key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/bash nginx)
 
   su -m -c "$gpg --batch --import $gpg_public_key" -ls /bin/bash nginx
@@ -83,18 +83,14 @@ app_setup() {
   # REGISTRATION
   # SSL
 
-  local default_home='/home/www-data/.gnupg'
   local default_public_key='unsecure.key'
   local default_private_key='unsecure_private.key'
   local default_fingerprint='2FC8945833C51946E937F9FED47B0811573EE67E'
-  local gpg_home='/var/lib/nginx/.gnupg'
-  local auto_fingerprint=$(su -m -c "$gpg --fingerprint |grep fingerprint| awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/bash nginx)
 
   cp $app_config{.default,}
-  sed -i s:$default_home:$gpg_home:g $app_config
   sed -i s:$default_public_key:serverkey.asc:g $app_config
   sed -i s:$default_private_key:serverkey.private.asc:g $app_config
-  sed -i s:$default_fingerprint:${FINGERPRINT:-$auto_fingerprint}:g $app_config
+  sed -i s:$default_fingerprint:${FINGERPRINT:-$gpg_auto_fingerprint}:g $app_config
   sed -i "/force/ s:true:${SSL:-true}:" $app_config
   sed -i "/'registration'/{n; s:false:${REGISTRATION:-false}:}" $app_config
 }
@@ -152,10 +148,8 @@ install() {
 }
 
 php_fpm_setup() {
-  sed -i '/^user\s/ s:nobody:nginx:g' /etc/php5/php-fpm.conf
-  sed -i '/^group\s/ s:nobody:nginx:g' /etc/php5/php-fpm.conf
-  cp /etc/php5/php-fpm.conf /etc/php5/fpm.d/www.conf
-  sed -i '/^include\s/ s:^:#:' /etc/php5/fpm.d/www.conf
+  sed -i '/^user\s/ s:nobody:nginx:g' /etc/php7/php-fpm.d/www.conf
+  sed -i '/^group\s/ s:nobody:nginx:g' /etc/php7/php-fpm.d/www.conf
 }
 
 email_cron_job() {
@@ -177,25 +171,33 @@ email_cron_job() {
 
 if [ ! -f $gpg_private_key ] && [ ! -L $gpg_private_key ] || \
    [ ! -f $gpg_public_key ] && [ ! -L $gpg_public_key ]; then
-  gpg_gen_key
+  echo 'not yet implemented'
+  #su -c "gpg --list-keys" -ls /bin/bash nginx
+  #gpg_gen_key
+  #gpg_import_key
 else
-  gpg_import_key
+  echo 'not yet implemented'
+  #gpg_import_key
 fi
 
 if [ ! -f $core_config ] && [ ! -L $core_config ]; then
-  core_setup
+  echo 'not yet implemented'
+  #core_setup
 fi
 
 if [ ! -f $db_config ] && [ ! -L $db_config ]; then
-  db_setup
+  echo 'not yet implemented'
+  #db_setup
 fi
 
 if [ ! -f $app_config ] && [ ! -L $app_config ]; then
-  app_setup
+  echo 'not yet implemented'
+  #app_setup
 fi
 
 if [ ! -f $email_config ] && [ ! -L $email_config ]; then
-  email_setup
+  echo 'not yet implemented'
+  #email_setup
 fi
 
 if [ ! -f $ssl_key ] && [ ! -L $ssl_key ] && \
@@ -205,10 +207,12 @@ fi
 
 php_fpm_setup
 
-install
+# not yet implemented
+#install
 
-php-fpm5
+php-fpm7
 
-nginx -g "pid /tmp/nginx.pid; daemon off;" &
+nginx -g "pid /tmp/nginx.pid; daemon off;"
 
-email_cron_job
+# not yet implemented
+#email_cron_job
diff --git a/conf/passbolt.conf b/conf/passbolt.conf
index af68783..773e5c5 100644
--- a/conf/passbolt.conf
+++ b/conf/passbolt.conf
@@ -42,7 +42,7 @@ server {
   location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
     access_log off;
     log_not_found off;
-    try_files $uri /app/webroot/$uri /index.php?$args;
+    try_files $uri /webroot/$uri /index.php?$args;
   }
 
 }
@@ -93,6 +93,6 @@ server {
   location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
     access_log off;
     log_not_found off;
-    try_files $uri /app/webroot/$uri /index.php?$args;
+    try_files $uri /webroot/$uri /index.php?$args;
   }
 }