From 4effa19d91a779508261d4b9e3e4f277d010ead0 Mon Sep 17 00:00:00 2001
From: h44z <christoph.h@sprinternet.at>
Date: Mon, 8 Jun 2020 12:17:57 +0200
Subject: [PATCH] Fix build for official and supported releases (#15)

* Fix build for official and supported releases
* Fix config generation: skip missing config files
* kopano-search ignores KOPANO_CONFIG_PATH env var
* Use kopano core 8.7 by default
* Include APT release key in this repo
* Copy APT release key into image
---
 README.md             |  2 +-
 base/Dockerfile       |  9 +++-----
 base/Release.key      | 51 +++++++++++++++++++++++++++++++++++++++++++
 base/kcconf.py        |  2 +-
 core/Dockerfile       |  2 +-
 core/start-service.sh |  2 +-
 kdav/Dockerfile       |  2 +-
 meet/Dockerfile       |  2 +-
 php/Dockerfile        |  2 +-
 python/Dockerfile     |  2 +-
 setup.sh              |  6 ++---
 utils/Dockerfile      |  2 +-
 webapp/Dockerfile     |  2 +-
 zpush/Dockerfile      |  2 +-
 14 files changed, 68 insertions(+), 20 deletions(-)
 create mode 100644 base/Release.key

diff --git a/README.md b/README.md
index a787beb..cc308ad 100644
--- a/README.md
+++ b/README.md
@@ -99,7 +99,7 @@ COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:docker-compose.db.yml:d
 
 # Modify below to build a different version, than the Kopano nightly release
 # credentials for repositories are handled through a file called apt_auth.conf (which will be created through setup.sh or Makefile)
-#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/9.x/Debian_10/
+#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/8.7/Debian_10/
 #KOPANO_MEET_REPOSITORY_URL=https://download.kopano.io/supported/meet:/final/Debian_10/
 #KOPANO_WEBAPP_REPOSITORY_URL=https://download.kopano.io/supported/webapp:/final/Debian_10/
 #KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://download.kopano.io/supported/files:/final/Debian_10/
diff --git a/base/Dockerfile b/base/Dockerfile
index b6c5c72..027ef0d 100644
--- a/base/Dockerfile
+++ b/base/Dockerfile
@@ -44,11 +44,7 @@ RUN apt-get update && \
         moreutils \
         python3-minimal \
         && \
-    rm -rf /var/cache/apt /var/lib/apt/lists/*; \
-    # install apt key if supported kopano
-    if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \
-        curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \
-    fi
+    rm -rf /var/cache/apt /var/lib/apt/lists/*
 
 # Create kopano user and group
 RUN groupadd --system --gid ${KOPANO_GID} kopano
@@ -73,7 +69,8 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
 
 # get common utilities
 COPY create-kopano-repo.sh /kopano/helper/
-COPY kcconf.py defaultconfigs/ /kopano/
+COPY kcconf.py Release.key defaultconfigs/ /kopano/
+RUN apt-key add /kopano/Release.key
 
 SHELL [ "/bin/bash", "-c"]
 
diff --git a/base/Release.key b/base/Release.key
new file mode 100644
index 0000000..87ea557
--- /dev/null
+++ b/base/Release.key
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFcjak8BEACl/9+3+hgGmkIgn/G8dzfo4BY8gRtLdQkFPw/dhvZWGznvFkdY
+GbSdIbcFNp8uMKva8P75rIq5XSYAU8o21gjoGuVSi55MB/JNnR22whpXHnx3Os2i
+pkoFZEWqGoW/7CWAk6QVOpVK+0UXEaXTkuEKVsB+hRL9wRQNpcWN8M894/I5egGB
+b1gPD9OFMTlHEVjLYFLUwGeMCSpcTU4kHu93g7S/s2xVng31xlZ2FqUgUT2GWTrR
+YfPuNib0srIZXwsqmVMJdu4qx3FoIJeAd3KH11fbb2oZEmwGKYfULoATGQ6s9/nG
+wVR2aJPPgZJv2YIpoE4CqKixj8ll6yc6DWzp2dOOj/4JJvpdpeO3Vu3dMy+8qBsR
+VlsCRKAFJLkmnliaUxtGM3oH3URb8LSnLXWPrvDB3sEq4o5mRxooqcwzi5FQ8bvG
+jzoqdw4NWIuH24Y7cC80X7o28qmN+DxySkeOtMQ9hVxYhK+bab3kw9Q9KCIT70r6
+YsCPX2+5RSBDpWI4bmP/3xMD2EUsdZBZYx79Qccai9+Syhw+GgIC/Yj9tdK8++5D
+XJWxTZLhYBAfoI3RsOmx38Yg9Z8fFF2l43jgveFORrv0EMcWBrJTtvLEXBPdCjBi
+AYBhAsuku/Kc6/zXrbWOYnmtxiYqjiqsyOXFdXat9Vw163rup2UoGjw8sQARAQAB
+tCpLb3Bhbm8gRGV2ZWxvcG1lbnQgPGRldmVsb3BtZW50QGtvcGFuby5pbz6JAj8E
+EwECACkFAlcjak8CGwMFCQlmAYAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAK
+CRBcsn4TWOLyp6nyEACKoLHrZHszq9FsNeCP+K44c30tMUaDMs65q+dR4AN6LVCF
+KTQPGdw1Ie5SKzjAFl4/wt7uEwyf1SAjpTWM+VM+X6GpcaNzdH0BhNWxdPagqYtt
+Rt0bLdYWuz/pvbv8xjbMXFRVaHbSs41gEMyYhI2y9tFg6/hvfe03GeK8xHnbFLlA
+mcP2SREGpApUGKSol3VR+5nZsBjf/o8fp/F0TQd2B72pvLQZtNBr/BAjNZ+rzmRP
+iXG4s+HejHceyMmDMyJ//jUsADm3GADZnP/3X3DHQz4A7ox/7Z9YB1SwPx3Th/8H
+/EZSDySL02F//V0+PU/0aYJSGCj8MKlVpPmoyMqhcLIj/c/25PzVsYfHi5lVcXs8
+tRUhFC10KYHtEZmpjFSxCMIuz8noxxBubF0cbXh+NoJBktf8DlI2ijOwgBwTqem2
+a7UoMYSb403m0eAfdNO7Jy4RJP0NnBYyWCSK8BtlYE9N4yAwmRK0gGwwyLiVHVgk
+uG8u1Wzzd0NHeJVZYdJePDCLfyvCtcbsOevUwVMCFOWnFialnleNeIF37LeBcpC9
+3A5MsH+aLFs0rAwGpEqBdS79/96zlf99oWC/DF6ZI/zWCKq563Zskk7tf0CN4zp0
+56j9hlYmgE7a9FGu31ExeQIoCNJ9maxC4akLh9gWLpZgVqxMGMwBmU72+OYA27kC
+DQRXI2pPARAAzc8kt99ckNuJ0BTEW+U802QafzZz7V663Sw0uVHYcGTFTFia0LsH
+spdjVJXj6vSfPxWqxpLSZygC2M70sgG8n7/TPTZZvKWxSTyVJBJLfd8xBhZiRgIa
+UpwRDlyM4roLQ/ZWZyENWDfOtT7KIxmLgidj5fxzIuJkBAfc3CfUs6sYwktg1Q9E
+tYSIzK8a1t5EzvK6EpXnR1efQJCtDOlsTiLpzeloNvcrO1cGJ6oNYVwqxT9o7akB
+3g/czplvS52f1A0zX4qVyVan29OPjkC1Gi2w9h3cwi0HKCI8Jjq9zWZG211tC7pJ
+c7uj0YpiyeJrnM9ZLAHxSaiQIRf9E4yYg2UZ/+68KUfpuG22vDCDJokX+nvlpaVY
+Ck2C9ugcLgkqch4yMbraF0wRmdn09W8uUf+kpdnIEFxiiZzR1gpWt7B1Rb0JlTAX
+pxRTIxnpfZdm75eiOjcruZMbQ9Kw8pxzJfTiNjpJRszi0pYYqEJ1mm7aMrvYJZhF
+PqH8jQXtASZhScR/Y6rzsFtmjB1uDRDEdaT+yzYC24EOkNUNVnoSu9E4grh+HdFl
+VUPnZfzq0EllpqqPBA8ufdFCU5Nrix+Zq3mpjtGlbsOxpMAKF6DKMMxiYxz/mwVq
+w7nX4i8GQaSB4NjoHLeWcSqYK/U8dIcIsan04+HjtJu+o9O9P4b4EZ0AEQEAAYkC
+JQQYAQIADwUCVyNqTwIbDAUJCWYBgAAKCRBcsn4TWOLyp0QvD/48u+aGGswkYTo7
+jSO3z69mueOm48eEwjTGT8t6p1oPajMAcfMzbMfXAIN3SuGkCzeL2nD0WcqVbeIC
+qBk9smpclavphN66EgMpI1vuennzuiRiD/8ux8kG9xebc2zCW+eTNQ9M3kCSS7wr
+rdlNDPU/LPc4otjdDMm1FoEhMfyB5k8TvTBGaEQT4yZH0QZ4aSfY0oj7YRLrZNhP
+sTLbYvNkalp+Wp7VMXb2fgF65/VV8TNZFFWctDiWS+LT3+MN0vshmIzrXuwRIQ7r
+PvDwPrK33a6EkgPvPdXxg6I6NpxcwuGuDLyD6rrccujLvlpLEVQOMNxPFiDbsBBK
+ZrFP7Fr0piY2jbuxLmZk4hf4D2qaPK+m9V1977TxOlBE7L5xp9iCo7AMx3HceSmK
+RqV0++YOOskar8JOG9MLFQwNv61wk6eDfcryDZmdCHA6gRtUWMEXSo0jeE1/rz7b
+uHIg2U703IH+wNrvzP23OTMWbHI3seqZ6P70ujfMle9bBmiqUCTiTTVODb3YJ2o1
+jCfSFXIcBliRRrmPPaEs1vg/TGXGCoSSoFOzeyYA2FJJ2NcSacE/lxY1gRmwY0AB
+ED0D3Bnq0wo0RvYowrK8rZdrkTBmxV7ni2JglQhKyEy41/YL3MTx9/MMTJDujEJ6
+7zUlfHQRsIWNhNJyXwU/2pk8F6DY5g==
+=PzW0
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/base/kcconf.py b/base/kcconf.py
index 2fb5692..bfa6827 100644
--- a/base/kcconf.py
+++ b/base/kcconf.py
@@ -10,7 +10,7 @@ def configkopano(configs):
     """ Changes configuration files according to configs typically returned from parseenvironmentvariables(..)"""
     for filename, config in configs.items():
         if not os.path.exists(filename):
-            return
+            continue
         # read configuration file
         with open(filename) as f:
             contents = f.read()
diff --git a/core/Dockerfile b/core/Dockerfile
index 64d633f..2a65321 100644
--- a/core/Dockerfile
+++ b/core/Dockerfile
@@ -42,7 +42,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # install Kopano Core and refresh ca-certificates
 # hadolint currently does not understand the extended buildkit syntax https://github.com/hadolint/hadolint/issues/347
 # hadolint ignore=SC2215,DL3015
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
     # apt key for this repo has already been installed in base
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
     # install
diff --git a/core/start-service.sh b/core/start-service.sh
index fb6ace5..d8045d1 100755
--- a/core/start-service.sh
+++ b/core/start-service.sh
@@ -241,7 +241,7 @@ search)
 	if dpkg --compare-versions "$searchversion" "gt" "8.7.82.165"; then
 		exec "$EXE" --config /tmp/kopano/search.cfg
 	else
-		exec /usr/bin/python3 "$EXE" -F
+		exec /usr/bin/python3 "$EXE" --config /tmp/kopano/search.cfg -F
 	fi
 	;;
 spooler)
diff --git a/kdav/Dockerfile b/kdav/Dockerfile
index 68bfdde..088bf1d 100644
--- a/kdav/Dockerfile
+++ b/kdav/Dockerfile
@@ -33,7 +33,7 @@ LABEL maintainer=az@zok.xyz \
 
 # install Kopano kDAV
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
     # apt key for this repo has already been installed in base
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
     set -x && \
diff --git a/meet/Dockerfile b/meet/Dockerfile
index aaf3a31..f90fe34 100644
--- a/meet/Dockerfile
+++ b/meet/Dockerfile
@@ -33,7 +33,7 @@ LABEL maintainer=az@zok.xyz \
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
     # apt key for this repo has already been installed in base
     # community download and package as apt source repository
     . /kopano/helper/create-kopano-repo.sh && \
diff --git a/php/Dockerfile b/php/Dockerfile
index 08b2f9e..0dee7cc 100644
--- a/php/Dockerfile
+++ b/php/Dockerfile
@@ -30,7 +30,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # add install common php dependencies
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
     # apt key for this repo has already been installed in base
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
     # install
diff --git a/python/Dockerfile b/python/Dockerfile
index 3b75192..ea1b3d6 100644
--- a/python/Dockerfile
+++ b/python/Dockerfile
@@ -29,7 +29,7 @@ LABEL maintainer=az@zok.xyz \
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
     # install
     set -x && \
diff --git a/setup.sh b/setup.sh
index 0dad004..1076592 100755
--- a/setup.sh
+++ b/setup.sh
@@ -45,9 +45,9 @@ for dockerenv in ldap password-self-service mail db kopano_ssl kopano_server kop
 	touch ./"$dockerenv".env
 done
 
-if ! grep -q download.kopano.com ./apt_auth.conf 2&> /dev/null; then
+if ! grep -q download.kopano.io ./apt_auth.conf 2&> /dev/null; then
 	echo "Adding example entry to local apt_auth.conf"
-	echo "machine download.kopano.com login serial REPLACE-ME" >> ./apt_auth.conf
+	echo "machine download.kopano.io login serial password REPLACE-ME" >> ./apt_auth.conf
 fi
 
 if [ ! -e ./.env ]; then
@@ -341,7 +341,7 @@ COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:docker-compose.db.yml:d
 
 # Modify below to build a different version, than the Kopano nightly release
 # credentials for repositories are handled through a file called apt_auth.conf (which will be created through setup.sh or Makefile)
-#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/9.x/Debian_10/
+#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/8.7/Debian_10/
 #KOPANO_MEET_REPOSITORY_URL=https://download.kopano.io/supported/meet:/final/Debian_10/
 #KOPANO_WEBAPP_REPOSITORY_URL=https://download.kopano.io/supported/webapp:/final/Debian_10/
 #KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://download.kopano.io/supported/files:/final/Debian_10/
diff --git a/utils/Dockerfile b/utils/Dockerfile
index a6f58a2..313b7a6 100644
--- a/utils/Dockerfile
+++ b/utils/Dockerfile
@@ -11,7 +11,7 @@ LABEL maintainer=az@zok.xyz \
     org.label-schema.schema-version="1.0"
 
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
     apt-get update && apt-get install --no-install-recommends -y \
     git \
     iputils-ping \
diff --git a/webapp/Dockerfile b/webapp/Dockerfile
index b034a71..a9461fa 100644
--- a/webapp/Dockerfile
+++ b/webapp/Dockerfile
@@ -43,7 +43,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # install Kopano WebApp
 # hadolint ignore=SC2129,SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
     # community download and package as apt source repository
     # TODO is it neccesary to source this file here? was already sourced before
     . /kopano/helper/create-kopano-repo.sh && \
diff --git a/zpush/Dockerfile b/zpush/Dockerfile
index 645faa5..8bd629f 100644
--- a/zpush/Dockerfile
+++ b/zpush/Dockerfile
@@ -36,7 +36,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # install Z-Push
 # TODO secret handling could go away when kopano_php is used as a base image
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
     # prepare z-push installation
     echo "deb ${KOPANO_ZPUSH_REPOSITORY_URL} /" > /etc/apt/sources.list.d/zpush.list && \