Fix build for official and supported releases (#15)

* Fix build for official and supported releases * Fix config generation: skip missing config files * kopano-search ignores KOPANO_CONFIG_PATH env var * Use kopano core 8.7 by default * Include APT release key in this repo * Copy APT release key into image
2025-06-07 07:56:12 +00:00 · 2020-06-08 12:17:57 +02:00 · 2020-06-08 12:17:57 +02:00 · 4effa19d91
commit 4effa19d91
parent 1120a8e08b
14 changed files with 68 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -99,7 +99,7 @@ COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:docker-compose.db.yml:d

 # Modify below to build a different version, than the Kopano nightly release
 # credentials for repositories are handled through a file called apt_auth.conf (which will be created through setup.sh or Makefile)
-#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/9.x/Debian_10/
+#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/8.7/Debian_10/
 #KOPANO_MEET_REPOSITORY_URL=https://download.kopano.io/supported/meet:/final/Debian_10/
 #KOPANO_WEBAPP_REPOSITORY_URL=https://download.kopano.io/supported/webapp:/final/Debian_10/
 #KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://download.kopano.io/supported/files:/final/Debian_10/
--- a/base/Dockerfile
+++ b/base/Dockerfile
@ -44,11 +44,7 @@ RUN apt-get update && \
        moreutils \
        python3-minimal \
        && \
-    rm -rf /var/cache/apt /var/lib/apt/lists/*; \
-    # install apt key if supported kopano
-    if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \
-        curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \
-    fi
+    rm -rf /var/cache/apt /var/lib/apt/lists/*

 # Create kopano user and group
 RUN groupadd --system --gid ${KOPANO_GID} kopano
@ -73,7 +69,8 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \

 # get common utilities
 COPY create-kopano-repo.sh /kopano/helper/
-COPY kcconf.py defaultconfigs/ /kopano/
+COPY kcconf.py Release.key defaultconfigs/ /kopano/
+RUN apt-key add /kopano/Release.key

 SHELL [ "/bin/bash", "-c"]

--- a/base/Release.key
+++ b/base/Release.key
@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFcjak8BEACl/9+3+hgGmkIgn/G8dzfo4BY8gRtLdQkFPw/dhvZWGznvFkdY
+GbSdIbcFNp8uMKva8P75rIq5XSYAU8o21gjoGuVSi55MB/JNnR22whpXHnx3Os2i
+pkoFZEWqGoW/7CWAk6QVOpVK+0UXEaXTkuEKVsB+hRL9wRQNpcWN8M894/I5egGB
+b1gPD9OFMTlHEVjLYFLUwGeMCSpcTU4kHu93g7S/s2xVng31xlZ2FqUgUT2GWTrR
+YfPuNib0srIZXwsqmVMJdu4qx3FoIJeAd3KH11fbb2oZEmwGKYfULoATGQ6s9/nG
+wVR2aJPPgZJv2YIpoE4CqKixj8ll6yc6DWzp2dOOj/4JJvpdpeO3Vu3dMy+8qBsR
+VlsCRKAFJLkmnliaUxtGM3oH3URb8LSnLXWPrvDB3sEq4o5mRxooqcwzi5FQ8bvG
+jzoqdw4NWIuH24Y7cC80X7o28qmN+DxySkeOtMQ9hVxYhK+bab3kw9Q9KCIT70r6
+YsCPX2+5RSBDpWI4bmP/3xMD2EUsdZBZYx79Qccai9+Syhw+GgIC/Yj9tdK8++5D
+XJWxTZLhYBAfoI3RsOmx38Yg9Z8fFF2l43jgveFORrv0EMcWBrJTtvLEXBPdCjBi
+AYBhAsuku/Kc6/zXrbWOYnmtxiYqjiqsyOXFdXat9Vw163rup2UoGjw8sQARAQAB
+tCpLb3Bhbm8gRGV2ZWxvcG1lbnQgPGRldmVsb3BtZW50QGtvcGFuby5pbz6JAj8E
+EwECACkFAlcjak8CGwMFCQlmAYAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAK
+CRBcsn4TWOLyp6nyEACKoLHrZHszq9FsNeCP+K44c30tMUaDMs65q+dR4AN6LVCF
+KTQPGdw1Ie5SKzjAFl4/wt7uEwyf1SAjpTWM+VM+X6GpcaNzdH0BhNWxdPagqYtt
+Rt0bLdYWuz/pvbv8xjbMXFRVaHbSs41gEMyYhI2y9tFg6/hvfe03GeK8xHnbFLlA
+mcP2SREGpApUGKSol3VR+5nZsBjf/o8fp/F0TQd2B72pvLQZtNBr/BAjNZ+rzmRP
+iXG4s+HejHceyMmDMyJ//jUsADm3GADZnP/3X3DHQz4A7ox/7Z9YB1SwPx3Th/8H
+/EZSDySL02F//V0+PU/0aYJSGCj8MKlVpPmoyMqhcLIj/c/25PzVsYfHi5lVcXs8
+tRUhFC10KYHtEZmpjFSxCMIuz8noxxBubF0cbXh+NoJBktf8DlI2ijOwgBwTqem2
+a7UoMYSb403m0eAfdNO7Jy4RJP0NnBYyWCSK8BtlYE9N4yAwmRK0gGwwyLiVHVgk
+uG8u1Wzzd0NHeJVZYdJePDCLfyvCtcbsOevUwVMCFOWnFialnleNeIF37LeBcpC9
+3A5MsH+aLFs0rAwGpEqBdS79/96zlf99oWC/DF6ZI/zWCKq563Zskk7tf0CN4zp0
+56j9hlYmgE7a9FGu31ExeQIoCNJ9maxC4akLh9gWLpZgVqxMGMwBmU72+OYA27kC
+DQRXI2pPARAAzc8kt99ckNuJ0BTEW+U802QafzZz7V663Sw0uVHYcGTFTFia0LsH
+spdjVJXj6vSfPxWqxpLSZygC2M70sgG8n7/TPTZZvKWxSTyVJBJLfd8xBhZiRgIa
+UpwRDlyM4roLQ/ZWZyENWDfOtT7KIxmLgidj5fxzIuJkBAfc3CfUs6sYwktg1Q9E
+tYSIzK8a1t5EzvK6EpXnR1efQJCtDOlsTiLpzeloNvcrO1cGJ6oNYVwqxT9o7akB
+3g/czplvS52f1A0zX4qVyVan29OPjkC1Gi2w9h3cwi0HKCI8Jjq9zWZG211tC7pJ
+c7uj0YpiyeJrnM9ZLAHxSaiQIRf9E4yYg2UZ/+68KUfpuG22vDCDJokX+nvlpaVY
+Ck2C9ugcLgkqch4yMbraF0wRmdn09W8uUf+kpdnIEFxiiZzR1gpWt7B1Rb0JlTAX
+pxRTIxnpfZdm75eiOjcruZMbQ9Kw8pxzJfTiNjpJRszi0pYYqEJ1mm7aMrvYJZhF
+PqH8jQXtASZhScR/Y6rzsFtmjB1uDRDEdaT+yzYC24EOkNUNVnoSu9E4grh+HdFl
+VUPnZfzq0EllpqqPBA8ufdFCU5Nrix+Zq3mpjtGlbsOxpMAKF6DKMMxiYxz/mwVq
+w7nX4i8GQaSB4NjoHLeWcSqYK/U8dIcIsan04+HjtJu+o9O9P4b4EZ0AEQEAAYkC
+JQQYAQIADwUCVyNqTwIbDAUJCWYBgAAKCRBcsn4TWOLyp0QvD/48u+aGGswkYTo7
+jSO3z69mueOm48eEwjTGT8t6p1oPajMAcfMzbMfXAIN3SuGkCzeL2nD0WcqVbeIC
+qBk9smpclavphN66EgMpI1vuennzuiRiD/8ux8kG9xebc2zCW+eTNQ9M3kCSS7wr
+rdlNDPU/LPc4otjdDMm1FoEhMfyB5k8TvTBGaEQT4yZH0QZ4aSfY0oj7YRLrZNhP
+sTLbYvNkalp+Wp7VMXb2fgF65/VV8TNZFFWctDiWS+LT3+MN0vshmIzrXuwRIQ7r
+PvDwPrK33a6EkgPvPdXxg6I6NpxcwuGuDLyD6rrccujLvlpLEVQOMNxPFiDbsBBK
+ZrFP7Fr0piY2jbuxLmZk4hf4D2qaPK+m9V1977TxOlBE7L5xp9iCo7AMx3HceSmK
+RqV0++YOOskar8JOG9MLFQwNv61wk6eDfcryDZmdCHA6gRtUWMEXSo0jeE1/rz7b
+uHIg2U703IH+wNrvzP23OTMWbHI3seqZ6P70ujfMle9bBmiqUCTiTTVODb3YJ2o1
+jCfSFXIcBliRRrmPPaEs1vg/TGXGCoSSoFOzeyYA2FJJ2NcSacE/lxY1gRmwY0AB
+ED0D3Bnq0wo0RvYowrK8rZdrkTBmxV7ni2JglQhKyEy41/YL3MTx9/MMTJDujEJ6
+7zUlfHQRsIWNhNJyXwU/2pk8F6DY5g==
+=PzW0
+-----END PGP PUBLIC KEY BLOCK-----
--- a/base/kcconf.py
+++ b/base/kcconf.py
@ -10,7 +10,7 @@ def configkopano(configs):
    """ Changes configuration files according to configs typically returned from parseenvironmentvariables(..)"""
    for filename, config in configs.items():
        if not os.path.exists(filename):
-            return
+            continue
        # read configuration file
        with open(filename) as f:
            contents = f.read()
--- a/core/Dockerfile
+++ b/core/Dockerfile
@ -42,7 +42,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # install Kopano Core and refresh ca-certificates
 # hadolint currently does not understand the extended buildkit syntax https://github.com/hadolint/hadolint/issues/347
 # hadolint ignore=SC2215,DL3015
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
    # apt key for this repo has already been installed in base
    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
    # install
--- a/core/start-service.sh
+++ b/core/start-service.sh
@ -241,7 +241,7 @@ search)
 	if dpkg --compare-versions "$searchversion" "gt" "8.7.82.165"; then
 		exec "$EXE" --config /tmp/kopano/search.cfg
 	else
-		exec /usr/bin/python3 "$EXE" -F
+		exec /usr/bin/python3 "$EXE" --config /tmp/kopano/search.cfg -F
 	fi
 	;;
 spooler)
--- a/kdav/Dockerfile
+++ b/kdav/Dockerfile
@ -33,7 +33,7 @@ LABEL maintainer=az@zok.xyz \

 # install Kopano kDAV
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
    # apt key for this repo has already been installed in base
    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
    set -x && \
--- a/meet/Dockerfile
+++ b/meet/Dockerfile
@ -33,7 +33,7 @@ LABEL maintainer=az@zok.xyz \
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
    # apt key for this repo has already been installed in base
    # community download and package as apt source repository
    . /kopano/helper/create-kopano-repo.sh && \
--- a/php/Dockerfile
+++ b/php/Dockerfile
@ -30,7 +30,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 # add install common php dependencies
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
    # apt key for this repo has already been installed in base
    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
    # install
--- a/python/Dockerfile
+++ b/python/Dockerfile
@ -29,7 +29,7 @@ LABEL maintainer=az@zok.xyz \
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
    # install
    set -x && \
--- a/setup.sh
+++ b/setup.sh
@ -45,9 +45,9 @@ for dockerenv in ldap password-self-service mail db kopano_ssl kopano_server kop
 	touch ./"$dockerenv".env
 done

-if ! grep -q download.kopano.com ./apt_auth.conf 2&> /dev/null; then
+if ! grep -q download.kopano.io ./apt_auth.conf 2&> /dev/null; then
 	echo "Adding example entry to local apt_auth.conf"
-	echo "machine download.kopano.com login serial REPLACE-ME" >> ./apt_auth.conf
+	echo "machine download.kopano.io login serial password REPLACE-ME" >> ./apt_auth.conf
 fi

 if [ ! -e ./.env ]; then
@ -341,7 +341,7 @@ COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:docker-compose.db.yml:d

 # Modify below to build a different version, than the Kopano nightly release
 # credentials for repositories are handled through a file called apt_auth.conf (which will be created through setup.sh or Makefile)
-#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/9.x/Debian_10/
+#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/8.7/Debian_10/
 #KOPANO_MEET_REPOSITORY_URL=https://download.kopano.io/supported/meet:/final/Debian_10/
 #KOPANO_WEBAPP_REPOSITORY_URL=https://download.kopano.io/supported/webapp:/final/Debian_10/
 #KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://download.kopano.io/supported/files:/final/Debian_10/
--- a/utils/Dockerfile
+++ b/utils/Dockerfile
@ -11,7 +11,7 @@ LABEL maintainer=az@zok.xyz \
    org.label-schema.schema-version="1.0"

 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
    apt-get update && apt-get install --no-install-recommends -y \
    git \
    iputils-ping \
--- a/webapp/Dockerfile
+++ b/webapp/Dockerfile
@ -43,7 +43,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 # install Kopano WebApp
 # hadolint ignore=SC2129,SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
    # community download and package as apt source repository
    # TODO is it neccesary to source this file here? was already sourced before
    . /kopano/helper/create-kopano-repo.sh && \
--- a/zpush/Dockerfile
+++ b/zpush/Dockerfile
@ -36,7 +36,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # install Z-Push
 # TODO secret handling could go away when kopano_php is used as a base image
 # hadolint ignore=SC2215
-RUN --mount=type=secret,id=repocred,dst=/etc/apt/apt_auth.conf \
+RUN --mount=type=secret,id=repocred,target=/etc/apt/auth.conf.d/kopano.conf \
    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
    # prepare z-push installation
    echo "deb ${KOPANO_ZPUSH_REPOSITORY_URL} /" > /etc/apt/sources.list.d/zpush.list && \