Merge tag 'v2.0.0' into develop

v2.0.0

.dockerignore

@@ -0,0 +1,12 @@
+spec
+.git
+.github
+.editorconfig
+.gitignore
+Gemfile
+Gemfile.lock
+Rakefile
+*.md
+*.yml
+scripts
+env

CHANGELOG.md

@@ -2,7 +2,41 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc2...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.0...HEAD)
+
+## [2.0.0](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc2...v2.0.0) - 2018-04-09
+
+### Changed
+
+- Base image switched to php:7-fpm (debian based) due performance issues with passbolt and alpine based images
+- Web user is now www-data
+- Supervisor provides better logging to stdout
+- Upload max filesize increased to 5M for avatar uploads
+- README documentation updated
+- Composer file loads images directory in passbolt container as a docker volume
+
+### Added
+
+- Added composer installer signature check according to official composer docs [#91](https://github.com/passbolt/passbolt_docker/pull/91)
+
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v1.6.10...HEAD)
+
+## [1.6.10](https://github.com/passbolt/passbolt_docker/compare/v1.6.9-1...v1.6.10) - 2018-03-28
+
+### Fixed
+
+- chown fails with Docker Secrets, can't start container [#89](https://github.com/passbolt/passbolt_docker/pull/89)
+
+### Changed
+
+The container base image has been migrated from alpine to debian. The reason behind this change
+is that we have detected slower performance in alpine based images. Changing the image introduced a few changes
+in the structure of the container:
+- Bigger images
+- www user is now www-data user
+- cron jobs are managed as crontabs in /var/spool/cron/crontabs/root
+- Permissions check on the passbolt base dir has been removed as it was a big performance penalty on startup times.
+- Docker hub tags will now follow the PASSBOLT_VERSION-debian pattern
 
 ## [2.0.0-rc2](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc1...v2.0.0-rc2) - 2018-02-20
 

Dockerfile

@@ -2,9 +2,15 @@ FROM php:7-fpm
 
 LABEL maintainer="diego@passbolt.com"
 
-ARG PASSBOLT_VERSION="2.0.0-rc2"
+ARG PASSBOLT_VERSION="2.0.0"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
 
+ARG PHP_EXTENSIONS="gd \
+      intl \
+      pdo_mysql \
+      xsl"
+
+
 ARG PHP_EXTENSIONS="gd \
       intl \
       pdo_mysql \

README.md

@@ -15,10 +15,6 @@
 [![license](https://img.shields.io/github/license/passbolt/passbolt_docker.svg?style=flat-square)](https://github.com/passbolt/passbolt_docker/LICENSE)
 [![Twitter Follow](https://img.shields.io/twitter/follow/passbolt.svg?style=social&label=Follow)](https://twitter.com/passbolt)
 
-# Warning
-
-This is a work in progress branch use at your own risk.
-
 # What is passbolt?
 
 Passbolt is a free and open source password manager that allows team members to
@@ -70,40 +66,41 @@ available browsing `https://yourdomain.com`
 
 Passbolt docker image provides several environment variables to configure different aspects:
 
-```
+| Variable name                       | Description                      | Default value       |
-* APP_FULL_BASE_URL:                   Passbolt base url                     (Example https://yourdomain.com)
+| ----------------------------------- | -------------------------------- | ------------------- |
-* DATASOURCES_DEFAULT_HOST:            database hostname                     (default: localhost)
+| APP_FULL_BASE_URL                   | Passbolt base url                | false |
-* DATASOURCES_DEFAULT_PORT:            database port                         (default: 3306)
+| DATASOURCES_DEFAULT_HOST            | Database hostname                | localhost |
-* DATASOURCES_DEFAULT_USERNAME:        database username                     (default: my_app)
+| DATASOURCES_DEFAULT_PORT            | Database port                    | 3306 |
-* DATASOURCES_DEFAULT_PASSWORD:        database password                     (default: secret)
+| DATASOURCES_DEFAULT_USERNAME        | Database username                | '' |
-* DATASOURCES_DEFAULT_DATABASE:        database name                         (default: my_app)
+| DATASOURCES_DEFAULT_PASSWORD        | Database password                | '' |
-* EMAIL_TRANSPORT_DEFAULT_CLASS_NAME:  Email classname                       (default: Smtp)
+| DATASOURCES_DEFAULT_DATABASE        | Database name                    | '' |
-* EMAIL_DEFAULT_FROM:                  from email address                    (default: contact@mydomain.local)
+| EMAIL_TRANSPORT_DEFAULT_CLASS_NAME  | Email classname                  | Smtp |
-* EMAIL_DEFAULT_TRANSPORT:             sets transport method                 (default: default)
+| EMAIL_DEFAULT_FROM                  | From email address               | you@localhost |
-* EMAIL_TRANSPORT_DEFAULT_HOST:        server hostname                       (default: localhost)
+| EMAIL_DEFAULT_TRANSPORT             | Sets transport method            | default |
-* EMAIL_TRANSPORT_DEFAULT_PORT:        server port                           (default: 25)
+| EMAIL_TRANSPORT_DEFAULT_HOST        | Server hostname                  | localhost |
-* EMAIL_TRANSPORT_DEFAULT_TIMEOUT:     timeout                               (default: 30)
+| EMAIL_TRANSPORT_DEFAULT_PORT        | Server port                      | 25 |
-* EMAIL_TRANSPORT_DEFAULT_USERNAME:    username for email server auth        (default: null)
+| EMAIL_TRANSPORT_DEFAULT_TIMEOUT     | Timeout                          | 30 |
-* EMAIL_TRANSPORT_DEFAULT_PASSWORD:    password for email server auth        (default: null)
+| EMAIL_TRANSPORT_DEFAULT_USERNAME    | Username for email server auth   | null |
-* EMAIL_TRANSPORT_DEFAULT_CLIENT:      client                                (default: null)
+| EMAIL_TRANSPORT_DEFAULT_PASSWORD    | Password for email server auth   | null |
-* EMAIL_TRANSPORT_DEFAULT_TLS:         set tls                               (default: null)
+| EMAIL_TRANSPORT_DEFAULT_CLIENT      | Client                           | null |
-* EMAIL_TRANSPORT_DEFAULT_URL:         set url                               (default: null)
+| EMAIL_TRANSPORT_DEFAULT_TLS         | Set tls                          | null |
-* GNUPGHOME:                           Path to gnupghome directory           (default: web_user_home_directory/.gnupg )
+| EMAIL_TRANSPORT_DEFAULT_URL         | Set url                          | null |
-* PASSBOLT_KEY_LENGTH:                 gpg desired key length                (default: 2048)
+| GNUPGHOME                           | path to gnupghome directory      | /home/www-data/.gnupg |
-* PASSBOLT_SUBKEY_LENGTH:              gpg desired subkey length             (default: 2048)
+| PASSBOLT_KEY_LENGTH                 | Gpg desired key length           | 2048 |
-* PASSBOLT_KEY_NAME:                   key owner name                        (default: Passbolt default user)
+| PASSBOLT_SUBKEY_LENGTH              | Gpg desired subkey length        | 2048 |
-* PASSBOLT_KEY_EMAIL:                  key owner email address               (default: passbolt@yourdomain.com)
+| PASSBOLT_KEY_NAME                   | Key owner name                   | Passbolt default user |
-* PASSBOLT_KEY_EXPIRATION:             key expiration date                   (default: 0, never expires)
+| PASSBOLT_KEY_EMAIL                  | Key owner email address          | passbolt@yourdomain.com |
-* PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: GnuPG fingerprint
+| PASSBOLT_KEY_EXPIRATION             | Key expiration date              | 0, never expires |
-* PASSBOLT_GPG_SERVER_KEY_PUBLIC:      Path to GnuPG public server key       (default: to /var/www/passbolt/config/gpg/serverkey.asc)
+| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | GnuPG fingerprint                | null |
-* PASSBOLT_GPG_SERVER_KEY_PRIVATE:     Path to GnuPG private server key      (default: to /var/www/passbolt/config/gpg/serverkey_private.asc)
+| PASSBOLT_GPG_SERVER_KEY_PUBLIC      | Path to GnuPG public server key  | /var/www/passbolt/config/gpg/serverkey.asc |
-* PASSBOLT_REGISTRATION_PUBLIC:        Defines if users can register         (default: to false)
+| PASSBOLT_GPG_SERVER_KEY_PRIVATE     | Path to GnuPG private server key | /var/www/passbolt/config/gpg/serverkey_private.asc |
-* PASSBOLT_SSL_FORCE:                  Redirects http to https from passbolt (default: to true)
+| PASSBOLT_REGISTRATION_PUBLIC        | Defines if users can register    | false |
-* PASSBOLT_SECURITY_SET_HEADERS:       Send CSP Headers from passbolt        (default: to true)
+| PASSBOLT_SSL_FORCE                  | Redirects http to https          | true |
-* SECURITY_SALT:                       A random number user in security hashing methods.
+| PASSBOLT_SECURITY_SET_HEADERS       | Send CSP Headers                 | true |
-```
+| SECURITY_SALT                       | CakePHP security salt            | __SALT__ |
 
-For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/develop/config/default.php)
+For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/master/config/default.php)
+For more env variables supported please check [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/config/app.default.php)
 
 ### Configuration files
 

docker-compose.yml

@@ -10,13 +10,15 @@ services:
       - 3306
 
   passbolt:
-    image: passbolt/passbolt:develop-debian
+    image: passbolt/passbolt:2.0.0-debian
     tty: true
     depends_on:
       - db
     env_file:
       - env/passbolt.env
     volumes:
+      - gpg_volume:/var/www/passbolt/config/gpg
+      - images_volume:/var/www/passbolt/webroot/img/public
       - ./scripts/wait-for.sh:/usr/bin/wait-for.sh
     tmpfs:
       - /run

env/passbolt.env

@@ -8,5 +8,5 @@ DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt
 DATASOURCES_DEFAULT_DATABASE=passbolt
 DATASOURCES_DEFAULT_PORT=3306
 
-# Misc
+# Registration
 PASSBOLT_REGISTRATION_PUBLIC=true