CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changed: initial revamp with passbolt debian package

This commit is contained in:
Diego Lendoiro 2020-07-09 15:07:39 +02:00
parent 81988a7fa5
commit e83ea269ae
No known key found for this signature in database
GPG Key ID: 3808AD1A50FF0B59
3 changed files with 26 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
Dockerfile
View File

@ -1,84 +1,23 @@
FROM php:7.3.16-fpm FROM debian:buster-slim
LABEL maintainer="Passbolt SA <contact@passbolt.com>" LABEL maintainer="Passbolt SA <contact@passbolt.com>"
ARG PASSBOLT_VERSION="2.12.1" ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz" ENV PASSBOLT_PKG=passbolt-ce-server
ARG PASSBOLT_CURL_HEADERS=""
ARG PHP_EXTENSIONS="gd \
intl \
pdo_mysql \
opcache \
xsl"
ARG PECL_PASSBOLT_EXTENSIONS="gnupg \
redis \
mcrypt"
ARG PASSBOLT_DEV_PACKAGES="libgpgme11-dev \
libpng-dev \
libjpeg62-turbo-dev \
libicu-dev \
libxslt1-dev \
libmcrypt-dev \
unzip"
ARG PASSBOLT_BASE_PACKAGES="nginx \
gnupg \
libgpgme11 \
libmcrypt4 \
mariadb-client \
supervisor \
cron"
ENV PECL_BASE_URL="https://pecl.php.net/get"
ENV PHP_EXT_DIR="/usr/src/php/ext"
WORKDIR /var/www/passbolt
RUN apt-get update \ RUN apt-get update \
&& apt-get -y install --no-install-recommends \ && DEBIAN_FRONTEND=non-interactive apt-get -y install \
$PASSBOLT_DEV_PACKAGES \ ca-certificates \
$PASSBOLT_BASE_PACKAGES \ gnupg \
&& mkdir /home/www-data \ && apt-key adv --keyserver keys.gnupg.net --recv-keys $PASSBOLT_PKG_KEY \
&& chown -R www-data:www-data /home/www-data \ && echo "deb https://download.passbolt.com/ce/debian buster stable" > /etc/apt/sources.list.d/passbolt.list \
&& usermod -d /home/www-data www-data \ && apt-get update \
&& docker-php-source extract \ && DEBIAN_FRONTEND=non-interactive apt-get -y install --no-install-recommends \
&& for i in $PECL_PASSBOLT_EXTENSIONS; do \ nginx \
mkdir $PHP_EXT_DIR/$i; \ $PASSBOLT_PKG \
curl -sSL $PECL_BASE_URL/$i | tar zxf - -C $PHP_EXT_DIR/$i --strip-components 1; \ supervisor
done \
&& docker-php-ext-configure gd --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j4 $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \
&& docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \
&& docker-php-source delete \
&& EXPECTED_SIGNATURE=$(curl -s https://composer.github.io/installer.sig) \
&& curl -o composer-setup.php https://getcomposer.org/installer \
&& ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');") \
&& if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then \
>&2 echo 'ERROR: Invalid installer signature'; \
rm composer-setup.php; \
exit 1; \
fi \
&& php composer-setup.php \
&& mv composer.phar /usr/local/bin/composer \
&& rm composer-setup.php \
&& curl -sSL -H "$PASSBOLT_CURL_HEADERS" "$PASSBOLT_URL" | tar zxf - -C . --strip-components 1 \
&& composer install -n --no-dev --optimize-autoloader \
&& chown -R www-data:www-data . \
&& chmod 775 $(find /var/www/passbolt/tmp -type d) \
&& chmod 664 $(find /var/www/passbolt/tmp -type f) \
&& chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \
&& chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) \
&& rm /etc/nginx/sites-enabled/default \
&& apt-get purge -y --auto-remove $PASSBOLT_DEV_PACKAGES \
&& rm -rf /var/lib/apt/lists/* \
&& rm /usr/local/bin/composer \
&& echo 'php_flag[expose_php] = off' > /usr/local/etc/php-fpm.d/expose.conf \
&& sed -i 's/# server_tokens/server_tokens/' /etc/nginx/nginx.conf \
&& mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
COPY conf/supervisor/*.conf /etc/supervisor/conf.d/ COPY conf/supervisor/*.conf /etc/supervisor/conf.d/
COPY bin/docker-entrypoint.sh /docker-entrypoint.sh COPY bin/docker-entrypoint.sh /docker-entrypoint.sh
COPY scripts/wait-for.sh /usr/bin/wait-for.sh COPY scripts/wait-for.sh /usr/bin/wait-for.sh

22
bin/docker-entrypoint.sh
View File

@ -8,7 +8,7 @@ gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-/var/www/passbolt/config/gpg/s
ssl_key='/etc/ssl/certs/certificate.key' ssl_key='/etc/ssl/certs/certificate.key'
ssl_cert='/etc/ssl/certs/certificate.crt' ssl_cert='/etc/ssl/certs/certificate.crt'
export GNUPGHOME="/home/www-data/.gnupg" export GNUPGHOME="/var/lib/passbolt/.gnupg"
entropy_check() { entropy_check() {
local entropy_avail local entropy_avail
@ -42,7 +42,7 @@ gpg_gen_key() {
entropy_check entropy_check
su -c "gpg --batch --no-tty --gen-key <<EOF su -c "gpg --homedir $GNUPGHOME --batch --no-tty --gen-key <<EOF
Key-Type: default Key-Type: default
Key-Length: $key_length Key-Length: $key_length
Subkey-Type: default Subkey-Type: default
@ -54,13 +54,13 @@ gpg_gen_key() {
%commit %commit
EOF" -ls /bin/bash www-data EOF" -ls /bin/bash www-data
su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/bash www-data su -c "gpg --homedir $GNUPGHOME --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/bash www-data
su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/bash www-data su -c "gpg --homedir $GNUPGHOME --armor --export $key_email > $gpg_public_key" -ls /bin/bash www-data
} }
gpg_import_key() { gpg_import_key() {
su -c "gpg --batch --import $gpg_public_key" -ls /bin/bash www-data su -c "gpg --homedir $GNUPGHOME --batch --import $gpg_public_key" -ls /bin/bash www-data
su -c "gpg --batch --import $gpg_private_key" -ls /bin/bash www-data su -c "gpg --homedir $GNUPGHOME --batch --import $gpg_private_key" -ls /bin/bash www-data
} }
gen_ssl_cert() { gen_ssl_cert() {
@ -70,18 +70,18 @@ gen_ssl_cert() {
} }
install() { install() {
local app_config="/var/www/passbolt/config/app.php" local app_config="/etc/passbolt/app.php"
if [ ! -f "$app_config" ]; then if [ ! -f "$app_config" ]; then
su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/bash www-data su -c "cp $app_config/app.default.php $app_config/app.php" -s /bin/bash www-data
fi fi
if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f '/var/www/passbolt/config/passbolt.php' ]; then if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$app_config/passbolt.php" ]; then
gpg_auto_fingerprint="$(su -c "gpg --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)" gpg_auto_fingerprint="$(su -c "gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
fi fi
su -c '/var/www/passbolt/bin/cake passbolt install --no-admin' -s /bin/bash www-data || su -c '/var/www/passbolt/bin/cake passbolt migrate' -s /bin/bash www-data && echo "Enjoy! ☮" su -c '/usr/share/php/passbolt/bin/cake passbolt install --no-admin' -s /bin/bash www-data || su -c '/usr/share/php/passbolt/bin/cake passbolt migrate' -s /bin/bash www-data && echo "Enjoy! ☮"
} }
email_cron_job() { email_cron_job() {

2
docker-compose.yml
View File

@ -10,7 +10,7 @@ services:
- "127.0.0.1:3306:3306" - "127.0.0.1:3306:3306"
passbolt: passbolt:
image: passbolt/passbolt:2.12.0-debian image: localpassbolt
tty: true tty: true
depends_on: depends_on:
- db - db