Merge tag 'v2.0.0' into develop

v2.0.0
2018-04-09 15:00:23 +02:00 · 2018-04-09 15:00:23 +02:00 · 5868ec6d82
parent ebd204dca0 c0cb3d7ea7
commit 5868ec6d82
6 changed files with 92 additions and 41 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,12 @@
+spec
+.git
+.github
+.editorconfig
+.gitignore
+Gemfile
+Gemfile.lock
+Rakefile
+*.md
+*.yml
+scripts
+env
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,7 +2,41 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).

-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc2...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.0...HEAD)
+
+## [2.0.0](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc2...v2.0.0) - 2018-04-09
+
+### Changed
+
+- Base image switched to php:7-fpm (debian based) due performance issues with passbolt and alpine based images
+- Web user is now www-data
+- Supervisor provides better logging to stdout
+- Upload max filesize increased to 5M for avatar uploads
+- README documentation updated
+- Composer file loads images directory in passbolt container as a docker volume
+
+### Added
+
+- Added composer installer signature check according to official composer docs [#91](https://github.com/passbolt/passbolt_docker/pull/91)
+
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v1.6.10...HEAD)
+
+## [1.6.10](https://github.com/passbolt/passbolt_docker/compare/v1.6.9-1...v1.6.10) - 2018-03-28
+
+### Fixed
+
+- chown fails with Docker Secrets, can't start container [#89](https://github.com/passbolt/passbolt_docker/pull/89)
+
+### Changed
+
+The container base image has been migrated from alpine to debian. The reason behind this change
+is that we have detected slower performance in alpine based images. Changing the image introduced a few changes
+in the structure of the container:
+- Bigger images
+- www user is now www-data user
+- cron jobs are managed as crontabs in /var/spool/cron/crontabs/root
+- Permissions check on the passbolt base dir has been removed as it was a big performance penalty on startup times.
+- Docker hub tags will now follow the PASSBOLT_VERSION-debian pattern

 ## [2.0.0-rc2](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc1...v2.0.0-rc2) - 2018-02-20

--- a/8
+++ b/8
@ -2,9 +2,15 @@ FROM php:7-fpm

 LABEL maintainer="diego@passbolt.com"

-ARG PASSBOLT_VERSION="2.0.0-rc2"
+ARG PASSBOLT_VERSION="2.0.0"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"

+ARG PHP_EXTENSIONS="gd \
+      intl \
+      pdo_mysql \
+      xsl"
+
+
 ARG PHP_EXTENSIONS="gd \
      intl \
      pdo_mysql \
--- a/README.md
+++ b/README.md
@ -15,10 +15,6 @@
 [![license](https://img.shields.io/github/license/passbolt/passbolt_docker.svg?style=flat-square)](https://github.com/passbolt/passbolt_docker/LICENSE)
 [![Twitter Follow](https://img.shields.io/twitter/follow/passbolt.svg?style=social&label=Follow)](https://twitter.com/passbolt)

-# Warning
-
-This is a work in progress branch use at your own risk.
-
 # What is passbolt?

 Passbolt is a free and open source password manager that allows team members to
@ -70,40 +66,41 @@ available browsing `https://yourdomain.com`

 Passbolt docker image provides several environment variables to configure different aspects:

-```
-* APP_FULL_BASE_URL:                   Passbolt base url                     (Example https://yourdomain.com)
-* DATASOURCES_DEFAULT_HOST:            database hostname                     (default: localhost)
-* DATASOURCES_DEFAULT_PORT:            database port                         (default: 3306)
-* DATASOURCES_DEFAULT_USERNAME:        database username                     (default: my_app)
-* DATASOURCES_DEFAULT_PASSWORD:        database password                     (default: secret)
-* DATASOURCES_DEFAULT_DATABASE:        database name                         (default: my_app)
-* EMAIL_TRANSPORT_DEFAULT_CLASS_NAME:  Email classname                       (default: Smtp)
-* EMAIL_DEFAULT_FROM:                  from email address                    (default: contact@mydomain.local)
-* EMAIL_DEFAULT_TRANSPORT:             sets transport method                 (default: default)
-* EMAIL_TRANSPORT_DEFAULT_HOST:        server hostname                       (default: localhost)
-* EMAIL_TRANSPORT_DEFAULT_PORT:        server port                           (default: 25)
-* EMAIL_TRANSPORT_DEFAULT_TIMEOUT:     timeout                               (default: 30)
-* EMAIL_TRANSPORT_DEFAULT_USERNAME:    username for email server auth        (default: null)
-* EMAIL_TRANSPORT_DEFAULT_PASSWORD:    password for email server auth        (default: null)
-* EMAIL_TRANSPORT_DEFAULT_CLIENT:      client                                (default: null)
-* EMAIL_TRANSPORT_DEFAULT_TLS:         set tls                               (default: null)
-* EMAIL_TRANSPORT_DEFAULT_URL:         set url                               (default: null)
-* GNUPGHOME:                           Path to gnupghome directory           (default: web_user_home_directory/.gnupg )
-* PASSBOLT_KEY_LENGTH:                 gpg desired key length                (default: 2048)
-* PASSBOLT_SUBKEY_LENGTH:              gpg desired subkey length             (default: 2048)
-* PASSBOLT_KEY_NAME:                   key owner name                        (default: Passbolt default user)
-* PASSBOLT_KEY_EMAIL:                  key owner email address               (default: passbolt@yourdomain.com)
-* PASSBOLT_KEY_EXPIRATION:             key expiration date                   (default: 0, never expires)
-* PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: GnuPG fingerprint
-* PASSBOLT_GPG_SERVER_KEY_PUBLIC:      Path to GnuPG public server key       (default: to /var/www/passbolt/config/gpg/serverkey.asc)
-* PASSBOLT_GPG_SERVER_KEY_PRIVATE:     Path to GnuPG private server key      (default: to /var/www/passbolt/config/gpg/serverkey_private.asc)
-* PASSBOLT_REGISTRATION_PUBLIC:        Defines if users can register         (default: to false)
-* PASSBOLT_SSL_FORCE:                  Redirects http to https from passbolt (default: to true)
-* PASSBOLT_SECURITY_SET_HEADERS:       Send CSP Headers from passbolt        (default: to true)
-* SECURITY_SALT:                       A random number user in security hashing methods.
-```
+| Variable name                       | Description                      | Default value       |
+| ----------------------------------- | -------------------------------- | ------------------- |
+| APP_FULL_BASE_URL                   | Passbolt base url                | false |
+| DATASOURCES_DEFAULT_HOST            | Database hostname                | localhost |
+| DATASOURCES_DEFAULT_PORT            | Database port                    | 3306 |
+| DATASOURCES_DEFAULT_USERNAME        | Database username                | '' |
+| DATASOURCES_DEFAULT_PASSWORD        | Database password                | '' |
+| DATASOURCES_DEFAULT_DATABASE        | Database name                    | '' |
+| EMAIL_TRANSPORT_DEFAULT_CLASS_NAME  | Email classname                  | Smtp |
+| EMAIL_DEFAULT_FROM                  | From email address               | you@localhost |
+| EMAIL_DEFAULT_TRANSPORT             | Sets transport method            | default |
+| EMAIL_TRANSPORT_DEFAULT_HOST        | Server hostname                  | localhost |
+| EMAIL_TRANSPORT_DEFAULT_PORT        | Server port                      | 25 |
+| EMAIL_TRANSPORT_DEFAULT_TIMEOUT     | Timeout                          | 30 |
+| EMAIL_TRANSPORT_DEFAULT_USERNAME    | Username for email server auth   | null |
+| EMAIL_TRANSPORT_DEFAULT_PASSWORD    | Password for email server auth   | null |
+| EMAIL_TRANSPORT_DEFAULT_CLIENT      | Client                           | null |
+| EMAIL_TRANSPORT_DEFAULT_TLS         | Set tls                          | null |
+| EMAIL_TRANSPORT_DEFAULT_URL         | Set url                          | null |
+| GNUPGHOME                           | path to gnupghome directory      | /home/www-data/.gnupg |
+| PASSBOLT_KEY_LENGTH                 | Gpg desired key length           | 2048 |
+| PASSBOLT_SUBKEY_LENGTH              | Gpg desired subkey length        | 2048 |
+| PASSBOLT_KEY_NAME                   | Key owner name                   | Passbolt default user |
+| PASSBOLT_KEY_EMAIL                  | Key owner email address          | passbolt@yourdomain.com |
+| PASSBOLT_KEY_EXPIRATION             | Key expiration date              | 0, never expires |
+| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | GnuPG fingerprint                | null |
+| PASSBOLT_GPG_SERVER_KEY_PUBLIC      | Path to GnuPG public server key  | /var/www/passbolt/config/gpg/serverkey.asc |
+| PASSBOLT_GPG_SERVER_KEY_PRIVATE     | Path to GnuPG private server key | /var/www/passbolt/config/gpg/serverkey_private.asc |
+| PASSBOLT_REGISTRATION_PUBLIC        | Defines if users can register    | false |
+| PASSBOLT_SSL_FORCE                  | Redirects http to https          | true |
+| PASSBOLT_SECURITY_SET_HEADERS       | Send CSP Headers                 | true |
+| SECURITY_SALT                       | CakePHP security salt            | __SALT__ |

-For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/develop/config/default.php)
+For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/master/config/default.php)
+For more env variables supported please check [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/config/app.default.php)

 ### Configuration files

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -10,13 +10,15 @@ services:
      - 3306

  passbolt:
-    image: passbolt/passbolt:develop-debian
+    image: passbolt/passbolt:2.0.0-debian
    tty: true
    depends_on:
      - db
    env_file:
      - env/passbolt.env
    volumes:
+      - gpg_volume:/var/www/passbolt/config/gpg
+      - images_volume:/var/www/passbolt/webroot/img/public
      - ./scripts/wait-for.sh:/usr/bin/wait-for.sh
    tmpfs:
      - /run
--- a/env/passbolt.env
+++ b/env/passbolt.env
@ -8,5 +8,5 @@ DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt
 DATASOURCES_DEFAULT_DATABASE=passbolt
 DATASOURCES_DEFAULT_PORT=3306

-# Misc
+# Registration
 PASSBOLT_REGISTRATION_PUBLIC=true