diff --git a/Dockerfile b/Dockerfile index 0925fa8..588181a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,27 +14,28 @@ ARG PECL_PASSBOLT_EXTENSIONS="gnupg \ redis \ mcrypt" -ENV PECL_BASE_URL="https://pecl.php.net/get" -ENV PHP_EXT_DIR="/usr/src/php/ext" - -WORKDIR /var/www/passbolt -RUN apt-get update && apt-get -y install \ - --no-install-recommends \ - nginx \ - libgpgme11-dev \ - gnupg1 \ - mysql-client \ +ARG PASSBOLT_DEV_PACKAGES="libgpgme11-dev \ libpng-dev \ libicu-dev \ libxslt1-dev \ libmcrypt-dev \ - supervisor \ - git \ - netcat \ - procps \ - cron \ - && mv /usr/bin/gpg /usr/bin/gpg2 \ - && update-alternatives --verbose --install /usr/bin/gpg gnupg /usr/bin/gpg1 50 \ + unzip \ + git" + +ENV PECL_BASE_URL="https://pecl.php.net/get" +ENV PHP_EXT_DIR="/usr/src/php/ext" + +WORKDIR /var/www/passbolt +RUN apt-get update \ + && apt-get -y install --no-install-recommends $PASSBOLT_DEV_PACKAGES \ + nginx \ + gnupg \ + libgpgme11 \ + libmcrypt4 \ + mysql-client \ + supervisor \ + netcat \ + cron \ && mkdir /home/www-data \ && chown -R www-data:www-data /home/www-data \ && usermod -d /home/www-data www-data \ @@ -45,19 +46,22 @@ RUN apt-get update && apt-get -y install \ done \ && docker-php-ext-install -j4 $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \ && docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \ + && docker-php-source delete \ && curl -sS https://getcomposer.org/installer | php \ && mv composer.phar /usr/local/bin/composer \ && curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \ - && composer install --no-dev --optimize-autoloader \ + && composer install -n --no-dev --optimize-autoloader \ && chown -R www-data:www-data . \ && chmod 775 $(find /var/www/passbolt/tmp -type d) \ && chmod 664 $(find /var/www/passbolt/tmp -type f) \ && chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \ && chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) \ - && rm /etc/nginx/sites-enabled/default + && rm /etc/nginx/sites-enabled/default \ + && apt-get purge -y --auto-remove $PASSBOLT_DEV_PACKAGES \ + && rm -rf /var/lib/apt/lists/* COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf -COPY conf/supervisord.conf /etc/supervisord.conf +COPY conf/supervisord.conf /etc/supervisor/supervisord.conf COPY bin/docker-entrypoint.sh /docker-entrypoint.sh EXPOSE 80 443 diff --git a/bin/docker-entrypoint.sh b/bin/docker-entrypoint.sh index bc93558..418513f 100755 --- a/bin/docker-entrypoint.sh +++ b/bin/docker-entrypoint.sh @@ -18,24 +18,26 @@ gpg_gen_key() { expiration="${PASSBOLT_KEY_EXPIRATION:-0}" su -m -c "gpg --batch --no-tty --gen-key < $gpg_private_key" -ls /bin/sh www-data su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh www-data } gpg_import_key() { - key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh www-data) - su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh www-data - su -c "gpg -K $key_id" -ls /bin/sh www-data || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh www-data + su -c "gpg --batch --import $gpg_public_key" -ls /bin/bash www-data + su -c "gpg --batch --import $gpg_private_key" -ls /bin/bash www-data } gen_ssl_cert() { @@ -46,11 +48,11 @@ gen_ssl_cert() { install() { tables=$(mysql \ - -u "$DATASOURCES_DEFAULT_USERNAME" \ - -h "$DATASOURCES_DEFAULT_HOST" \ - -P "$DATASOURCES_DEFAULT_PORT" \ - -BN -e "SHOW TABLES FROM $DATASOURCES_DEFAULT_DATABASE" \ - -p"$DATASOURCES_DEFAULT_PASSWORD" |wc -l) + -u "${DATASOURCES_DEFAULT_USERNAME:-passbolt}" \ + -h "${DATASOURCES_DEFAULT_HOST:-localhost}" \ + -P "${DATASOURCES_DEFAULT_PORT:-3306}" \ + -BN -e "SHOW TABLES FROM ${DATASOURCES_DEFAULT_DATABASE:-passbolt}" \ + -p"${DATASOURCES_DEFAULT_PASSWORD:-P4ssb0lt}" |wc -l) app_config="/var/www/passbolt/config/app.php" if [ ! -f "$app_config" ]; then @@ -58,21 +60,23 @@ install() { fi if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ]; then - gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh www-data)" + gpg_auto_fingerprint="$(su -c "gpg --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/sh www-data)" export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint fi if [ "$tables" -eq 0 ]; then su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh www-data else + su -c '/var/www/passbolt/bin/cake migrations migrate' -s /bin/sh www-data echo "Enjoy! ☮" fi } email_cron_job() { + printenv > /etc/environment + sed -i 's/=\(.*\)/="\1"/g' /etc/environment cron_task='/etc/cron.d/passbolt_email' - process_email="/var/www/passbolt/bin/cake EmailQueue.sender --quiet" - echo "* * * * * su -c \"$process_email\" -s /bin/sh www-data" >> $cron_task + echo "* * * * * su -c \"source /etc/environment ; /var/www/passbolt/bin/cake EmailQueue.sender\" -s /bin/bash www-data >> /var/log/cron.log 2>&1" >> $cron_task crontab /etc/cron.d/passbolt_email } @@ -93,4 +97,4 @@ fi install email_cron_job -/usr/bin/supervisord -n -c /etc/supervisord.conf +/usr/bin/supervisord -n diff --git a/conf/supervisord.conf b/conf/supervisord.conf index 3ba74ba..cb90377 100644 --- a/conf/supervisord.conf +++ b/conf/supervisord.conf @@ -1,15 +1,13 @@ +; supervisor config file + [unix_http_server] -file=/tmp/supervisor.sock ; (the path to the socket file) +file=/var/run/supervisor.sock ; (the path to the socket file) +chmod=0700 ; sockef file mode (default 0700) [supervisord] -logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log) -logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) -logfile_backups=10 ; (num of main logfile rotation backups;default 10) -loglevel=info ; (log level;default info; others: debug,warn,trace) -pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid) -nodaemon=false ; (start in foreground if true;default false) -minfds=1024 ; (min. avail startup file descriptors;default 1024) -minprocs=200 ; (min. avail process descriptors;default 200) +logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) +pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP) ; the below section must remain in the config file for RPC ; (supervisorctl/web interface) to work, additional interfaces may be @@ -18,19 +16,37 @@ minprocs=200 ; (min. avail process descriptors;default 200) supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] -serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket +serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. [program:php-fpm] command=php-fpm autostart=true priority=5 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 [program:nginx] command=nginx -g "daemon off;" autostart=true priority=10 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 [program:cron] -command=cron +command=cron -f -l autostart=true priority=20 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 diff --git a/docker-compose.yml b/docker-compose.yml index 75361c9..56177fd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,8 @@ services: - 3306 passbolt: - image: gcr.io/passbolt-production/passbolt-api:2.0.0-rc2-debian + image: passbolt/passbolt:develop-debian + tty: true depends_on: - db env_file: diff --git a/spec/docker_image/image_spec.rb b/spec/docker_image/image_spec.rb index ef89ec5..81288ef 100644 --- a/spec/docker_image/image_spec.rb +++ b/spec/docker_image/image_spec.rb @@ -26,7 +26,7 @@ describe 'Dockerfile' do let(:composer) { '/usr/local/bin/composer'} let(:php_extensions) { [ 'curl', 'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'xsl', 'phar', - 'posix', 'xml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql' + 'posix', 'xml', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql' ] } describe 'passbolt required php extensions' do diff --git a/spec/docker_runtime/runtime_spec.rb b/spec/docker_runtime/runtime_spec.rb index 752f6a4..0ce9062 100644 --- a/spec/docker_runtime/runtime_spec.rb +++ b/spec/docker_runtime/runtime_spec.rb @@ -49,17 +49,17 @@ describe 'passbolt_api service' do describe 'php service' do it 'is running supervised' do - expect(process('php-fpm')).to be_running.under('supervisor') + expect(service('php-fpm')).to be_running.under('supervisor') end it 'has its port open' do - expect(port(9000)).to be_listening.with('tcp') + expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp') end end describe 'email cron' do it 'is running supervised' do - expect(service('crond')).to be_running.under('supervisor') + expect(service('cron')).to be_running.under('supervisor') end end @@ -69,11 +69,11 @@ describe 'passbolt_api service' do end it 'is listening on port 80' do - expect(port(80)).to be_listening.with('tcp') + expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp') end it 'is listening on port 443' do - expect(port(443)).to be_listening.with('tcp') + expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp') end end