diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..1e4b9d7 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,13 @@ +ignored: + # disable following sourced files + - SC1091 + # disable check for versioned upstream image + - DL3006 + # disable don't use :latest + - DL3007 + # disable explicit version for apt install + - DL3008 + # disable explicit version for apk install + - DL3018 +trustedRegistries: + - docker.io diff --git a/.travis.yml b/.travis.yml index 488fb2e..fc304c1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,15 +10,17 @@ env: services: - docker before_install: -- sudo curl -L https://github.com/aelsabbahy/goss/releases/download/v$GOSS_VERSION/goss-linux-amd64 - -o /usr/local/bin/goss -- sudo curl -L https://github.com/aelsabbahy/goss/releases/download/v$GOSS_VERSION/dgoss - -o /usr/local/bin/dgoss +- sudo curl -L https://github.com/aelsabbahy/goss/releases/download/v$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss +- sudo curl -L https://github.com/aelsabbahy/goss/releases/download/v$GOSS_VERSION/dgoss -o /usr/local/bin/dgoss +- sudo curl -L https://github.com/hadolint/hadolint/releases/download/v1.16.0/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint - sudo chmod +rx /usr/local/bin/goss - sudo chmod +rx /usr/local/bin/dgoss +- sudo chmod +rx /usr/local/bin/hadolint - sudo apt update && sudo apt install -y expect - "./test.exp" -install: make build-all +install: + - make check-scripts + - make build-all deploy: - provider: script script: make publish diff --git a/Makefile b/Makefile index cda8c77..49f5346 100644 --- a/Makefile +++ b/Makefile @@ -197,6 +197,14 @@ publish-webapp: build-webapp tag-webapp publish-zpush: build-zpush tag-zpush component=zpush make publish-container +check-scripts: + grep -rIl '^#![[:blank:]]*/bin/\(bash\|sh\|zsh\)' \ + --exclude-dir=.git --exclude=*.sw? \ + | xargs shellcheck + # List files which name starts with 'Dockerfile' + # eg. Dockerfile, Dockerfile.build, etc. + git ls-files --exclude='Dockerfile*' --ignored | xargs --max-lines=1 hadolint + test: docker-compose -f $(COMPOSE_FILE) down -v || true make build-all diff --git a/base/Dockerfile b/base/Dockerfile index 2a4c4bc..cf4fa82 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -10,6 +10,7 @@ ARG DEBIAN_FRONTEND=noninteractive # install basics # TODO require python3 or python3-minimal? +# hadolint ignore=DL3005 RUN apt-get update && \ apt-get upgrade -y && \ apt-get install --no-install-recommends -y \ @@ -31,6 +32,7 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ dpkg-reconfigure --frontend=noninteractive locales && \ update-locale LANG=en_US.UTF-8 +SHELL ["/bin/bash", "-o", "pipefail", "-c"] ENV DOCKERIZE_VERSION v0.6.1 RUN curl -L https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar xzvf - -C /usr/local/bin diff --git a/build/Dockerfile b/build/Dockerfile index 4a4b90c..377d824 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,6 +1,6 @@ FROM docker:18.09.1 ENV COMPOSE_VERSION "1.23.2" -RUN apk add bash curl expect make nano jq py-pip +RUN apk add --no-cache bash curl expect make nano jq py-pip RUN pip install --no-cache-dir docker-compose==${COMPOSE_VERSION} WORKDIR /kopano-docker CMD ["bash"] diff --git a/build/run.sh b/build/run.sh index a947d78..0b16d86 100755 --- a/build/run.sh +++ b/build/run.sh @@ -3,11 +3,13 @@ if [ ! "$(id -u)" -eq 0 ]; then echo "This script may need to be run as root to be able to use docker/docker-compose through it." fi -cd "$(dirname "$0")" +cd "$(dirname "$0")" || exit + +docker build . docker run \ --rm -it \ - -u $(id -u ${USER}):$(id -g ${USER}) \ + -u "$(id -u)":"$(id -g)" \ -v /var/run/docker.sock:/var/run/docker.sock \ - -v ${PWD}/..:/kopano-docker/ \ - $(docker build -q .) $@ + -v "$(pwd)"/..:/kopano-docker/ \ + "$(docker build -q .)" "$@" diff --git a/core/Dockerfile b/core/Dockerfile index 73bc650..b778983 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -16,6 +16,8 @@ ENV KOPANO_REPOSITORY_FLAGS=$KOPANO_REPOSITORY_FLAGS ARG RELEASE_KEY_DOWNLOAD=0 ENV RELEASE_KEY_DOWNLOAD=$RELEASE_KEY_DOWNLOAD +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + # install Kopano Core and refresh ca-certificates RUN \ # community download and package as apt source repository diff --git a/core/start-service.sh b/core/start-service.sh index a433035..55e4ae7 100755 --- a/core/start-service.sh +++ b/core/start-service.sh @@ -9,10 +9,11 @@ if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then exit 1 fi -[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update -[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do - if [ $(dpkg-query -W -f='${Status}' "$installpkg" 2>/dev/null | grep -c "ok installed") -eq 0 ]; then - apt --assume-yes install "$installpkg"; +[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update +[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do + # shellcheck disable=SC2016 disable=SC2086 + if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then + apt --assume-yes install "$installpkg" fi done @@ -88,6 +89,7 @@ kapid) -timeout 360s LC_CTYPE=en_US.UTF-8 sed -i s/\ *=\ */=/g /etc/kopano/kapid.cfg + # shellcheck disable=SC2046 export $(grep -v '^#' /etc/kopano/kapid.cfg | xargs -d '\n') kopano-kapid setup # cleaning up env variables diff --git a/kdav/Dockerfile b/kdav/Dockerfile index b0d86f7..275035e 100644 --- a/kdav/Dockerfile +++ b/kdav/Dockerfile @@ -1,9 +1,9 @@ ARG docker_repo=zokradonh FROM composer:1.8.4 as composer -RUN git clone --depth 1 https://stash.kopano.io/scm/kc/kdav.git /usr/share/kdav && \ - cd /usr/share/kdav && \ - composer install +RUN git clone --depth 1 https://stash.kopano.io/scm/kc/kdav.git /usr/share/kdav +WORKDIR /usr/share/kdav +RUN composer install FROM ${docker_repo}/kopano_base diff --git a/kdav/start.sh b/kdav/start.sh index 649bf0d..ec8d6e2 100755 --- a/kdav/start.sh +++ b/kdav/start.sh @@ -7,10 +7,11 @@ ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} set -eu # unset variables are errors & non-zero return values exit the whole script -[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update -[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do - if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then - apt --assume-yes install $installpkg; +[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update +[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do + # shellcheck disable=SC2016 disable=SC2086 + if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then + apt --assume-yes install "$installpkg" fi done @@ -40,6 +41,7 @@ tail --pid=$$ -F --lines=0 -q /var/log/kdav/kdav-error.log & echo "Starting Apache" rm -f /run/apache2/apache2.pid set +u +# shellcheck disable=SC1091 source /etc/apache2/envvars # cleaning up env variables unset "${!KCCONF_@}" diff --git a/konnect/Dockerfile b/konnect/Dockerfile index 5277f72..8230d00 100644 --- a/konnect/Dockerfile +++ b/konnect/Dockerfile @@ -3,9 +3,8 @@ FROM kopano/konnectd:${CODE_VERSION} ARG CODE_VERSION ENV CODE_VERSION="${CODE_VERSION}" -RUN apk add --update \ - openssl \ - && rm -rf /var/cache/apk/* +RUN apk add --no-cache \ + openssl ENV DOCKERIZE_VERSION v0.6.1 RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ diff --git a/kwmserver/wrapper.sh b/kwmserver/wrapper.sh index d09f585..4573442 100755 --- a/kwmserver/wrapper.sh +++ b/kwmserver/wrapper.sh @@ -2,6 +2,7 @@ set -e +# shellcheck disable=SC2154 if [ -n "$oidc_issuer_identifier" ]; then set -- "$@" --iss="$oidc_issuer_identifier" fi diff --git a/ldap_demo/Dockerfile b/ldap_demo/Dockerfile index 2296fb1..1c30ab4 100644 --- a/ldap_demo/Dockerfile +++ b/ldap_demo/Dockerfile @@ -1,5 +1,5 @@ FROM osixia/openldap:1.2.3 -ADD bootstrap /container/service/slapd/assets/config/bootstrap +COPY bootstrap /container/service/slapd/assets/config/bootstrap RUN rm /container/service/slapd/assets/config/bootstrap/schema/mmc/mail.schema RUN touch /etc/ldap/slapd.conf diff --git a/meet/Dockerfile b/meet/Dockerfile index b84b49f..3ffd6e6 100644 --- a/meet/Dockerfile +++ b/meet/Dockerfile @@ -1,5 +1,5 @@ ARG docker_repo=zokradonh -FROM ${docker_repo}/kopano_base +FROM ${docker_repo}/kopano_base:latest ARG DEBIAN_FRONTEND=noninteractive @@ -10,6 +10,8 @@ ARG KOPANO_MEET_VERSION=newest ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" ARG RELEASE_KEY_DOWNLOAD=0 +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + # install Kopano Core and refresh ca-certificates RUN \ # community download and package as apt source repository diff --git a/meet/start-service.sh b/meet/start-service.sh index 552e6b8..8341d1a 100755 --- a/meet/start-service.sh +++ b/meet/start-service.sh @@ -21,6 +21,7 @@ fi # TODO use jq to modify /usr/share/kopano-kweb/www/config/kopano/meet.json sed -i s/\ *=\ */=/g /etc/kopano/kwebd.cfg +# shellcheck disable=SC2046 export $(grep -v '^#' /etc/kopano/kwebd.cfg | xargs -d '\n') # cleaning up env variables unset "${!KCCONF_@}" diff --git a/playground/Dockerfile b/playground/Dockerfile index b2f60ce..1e055e7 100644 --- a/playground/Dockerfile +++ b/playground/Dockerfile @@ -1,13 +1,13 @@ from alpine:3.8 as builder -RUN apk add --update \ - git make \ - && rm -rf /var/cache/apk/* +RUN apk add --no-cache \ + git make RUN mkdir -p /web/oidc-playground /web/kapi-playground RUN git clone https://stash.kopano.io/scm/~seisenmann/oidc-playground.git RUN mv oidc-playground/www/* /web/oidc-playground RUN git clone https://stash.kopano.io/scm/kc/kapi.git RUN mv kapi/examples/* /web/kapi-playground -RUN cd /web/kapi-playground && rm Makefile && ln -s oidc-client-example.html index.html +WORKDIR /web/kapi-playground +RUN rm Makefile && ln -s oidc-client-example.html index.html from halverneus/static-file-server:v1.5.2 env PORT 8888 diff --git a/setup.sh b/setup.sh index 8fd6630..547b58a 100755 --- a/setup.sh +++ b/setup.sh @@ -57,7 +57,7 @@ docker_tag_search () { i=$((i+1)) result=$(curl "https://registry.hub.docker.com/v2/repositories/${name}/tags/?page=${i}" 2>/dev/null | jq -r '."results"[]["name"]' 2>/dev/null) has_more=$? - if [[ ! -z "${result// }" ]]; then results="${results} ${result}"; fi + if [[ -n "${result// }" ]]; then results="${results} ${result}"; fi #printf "." done @@ -73,58 +73,58 @@ if [ ! -e ./.env ]; then PRINT_SETUP_SUCCESS="" echo "Creating an .env file for you" - if type jq 2&> /dev/null; then + if command -v jq > /dev/null; then echo "Available tags in https://hub.docker.com/r/zokradonh/kopano_core/: $(docker_tag_search zokradonh/kopano_core)" fi value_default=latest - read -p "Which tag do you want to use for Kopano Core components? [$value_default]: " new_value + read -r -p "Which tag do you want to use for Kopano Core components? [$value_default]: " new_value CORE_VERSION=${new_value:-$value_default} - if type jq 2&> /dev/null; then + if command -v jq > /dev/null; then echo "Available tags in https://hub.docker.com/r/zokradonh/kopano_webapp/: $(docker_tag_search zokradonh/kopano_webapp)" fi value_default=latest - read -p "Which tag do you want to use for Kopano WebApp? [$value_default]: " new_value + read -r -p "Which tag do you want to use for Kopano WebApp? [$value_default]: " new_value WEBAPP_VERSION=${new_value:-$value_default} - if type jq 2&> /dev/null; then + if command -v jq > /dev/null; then echo "Available tags in https://hub.docker.com/r/zokradonh/kopano_zpush/: $(docker_tag_search zokradonh/kopano_zpush)" fi value_default=latest - read -p "Which tag do you want to use for Z-Push? [$value_default]: " new_value + read -r -p "Which tag do you want to use for Z-Push? [$value_default]: " new_value ZPUSH_VERSION=${new_value:-$value_default} - if type jq 2&> /dev/null; then + if command -v jq > /dev/null; then echo "Available tags in https://hub.docker.com/r/zokradonh/kopano_konnect/: $(docker_tag_search zokradonh/kopano_konnect)" fi value_default=latest - read -p "Which tag do you want to use for Kopano Konnect? [$value_default]: " new_value + read -r -p "Which tag do you want to use for Kopano Konnect? [$value_default]: " new_value KONNECT_VERSION=${new_value:-$value_default} value_default=latest - read -p "Which tag do you want to use for Kopano Kwmserver? [$value_default]: " new_value + read -r -p "Which tag do you want to use for Kopano Kwmserver? [$value_default]: " new_value KWM_VERSION=${new_value:-$value_default} value_default=latest - read -p "Which tag do you want to use for Kopano Meet? [$value_default]: " new_value + read -r -p "Which tag do you want to use for Kopano Meet? [$value_default]: " new_value MEET_VERSION=${new_value:-$value_default} value_default=latest - read -p "Which tag do you want to use for Kopano kDAV? [$value_default]: " new_value + read -r -p "Which tag do you want to use for Kopano kDAV? [$value_default]: " new_value KDAV_VERSION=${new_value:-$value_default} value_default="Kopano Demo" - read -p "Name of the Organisation for LDAP [$value_default]: " new_value + read -r -p "Name of the Organisation for LDAP [$value_default]: " new_value LDAP_ORGANISATION=${new_value:-$value_default} value_default="kopano.demo" - read -p "FQDN to be used (for reverse proxy). + read -r -p "FQDN to be used (for reverse proxy). Tipp: use port 2015 in case port 443 is already in use on the system. [$value_default]: " new_value FQDN=${new_value:-$value_default} value_default="self_signed" - read -p "Email address to use for Lets Encrypt. + read -r -p "Email address to use for Lets Encrypt. Use 'self_signed' as your email to create self signed certificates. Use 'off' if you want to run the service without tls encryption. Make sure to use an ssl-terminating reverse proxy in front in this case. [$value_default]: " new_value @@ -139,11 +139,11 @@ if [ ! -e ./.env ]; then LDAP_BASE_DN=$(fqdn_to_dn "$FQDN") value_default="$LDAP_BASE_DN" - read -p "Name of the BASE DN for LDAP [$value_default]: " new_value + read -r -p "Name of the BASE DN for LDAP [$value_default]: " new_value LDAP_BASE_DN=${new_value:-$value_default} value_default="ldap://ldap:389" - read -p "LDAP server to be used (defaults to the bundled OpenLDAP) [$value_default]: " new_value + read -r -p "LDAP server to be used (defaults to the bundled OpenLDAP) [$value_default]: " new_value LDAP_SERVER=${new_value:-$value_default} if [ "$LDAP_SERVER" != "$value_default" ]; then @@ -151,15 +151,15 @@ if [ ! -e ./.env ]; then LDAP_ADMIN_PASSWORD="" value_default="$LDAP_BASE_DN" - read -p "LDAP search base [$value_default]: " new_value + read -r -p "LDAP search base [$value_default]: " new_value LDAP_SEARCH_BASE=${new_value:-$value_default} value_default="cn=readonly,$LDAP_BASE_DN" - read -p "LDAP bind user (needs read permissions) [$value_default]: " new_value + read -r -p "LDAP bind user (needs read permissions) [$value_default]: " new_value LDAP_BIND_DN=${new_value:-$value_default} value_default="kopano123" - read -p "LDAP bind password to be used [$value_default]: " new_value + read -r -p "LDAP bind password to be used [$value_default]: " new_value LDAP_BIND_PW=${new_value:-$value_default} PRINT_SETUP_SUCCESS="$PRINT_SETUP_SUCCESS \n!! You have specified the LDAP server '${LDAP_SERVER}', don't forget to remove the bundled ldap and ldap-admin services in docker-compose.yml\n" @@ -180,15 +180,15 @@ if [ ! -e ./.env ]; then value_default="Europe/Berlin". fi - read -p "Timezone to be used [$value_default]: " new_value + read -r -p "Timezone to be used [$value_default]: " new_value TZ=${new_value:-$value_default} value_default="postmaster@$FQDN" - read -p "E-Mail Address displayed for the 'postmaster' [$value_default]: " new_value + read -r -p "E-Mail Address displayed for the 'postmaster' [$value_default]: " new_value POSTMASTER_ADDRESS=${new_value:-$value_default} value_default="db" - read -p "Name/Address of Database server (defaults to the bundled one) [$value_default]: " new_value + read -r -p "Name/Address of Database server (defaults to the bundled one) [$value_default]: " new_value MYSQL_HOST=${new_value:-$value_default} if [ "$MYSQL_HOST" != "$value_default" ]; then @@ -196,15 +196,15 @@ if [ ! -e ./.env ]; then MYSQL_ROOT_PASSWORD="" value_default="kopanoDbUser" - read -p "Username to connect to the database [$value_default]: " new_value + read -r -p "Username to connect to the database [$value_default]: " new_value MYSQL_USER=${new_value:-$value_default} value_default="kopanoDbPw" - read -p "Password to connect to the database [$value_default]: " new_value + read -r -p "Password to connect to the database [$value_default]: " new_value MYSQL_PASSWORD=${new_value:-$value_default} value_default="kopano" - read -p "Database to use for Kopano [$value_default]: " new_value + read -r -p "Database to use for Kopano [$value_default]: " new_value MYSQL_DATABASE=${new_value:-$value_default} PRINT_SETUP_SUCCESS="$PRINT_SETUP_SUCCESS \n!! You have specified the DB server '${MYSQL_HOST}', don't forget to remove the bundled db service in docker-compose.yml\n" @@ -219,11 +219,12 @@ if [ ! -e ./.env ]; then prompt="Check language spell support (again to uncheck, ENTER when done): " while lang_menu && read -rp "$prompt" num && [[ "$num" ]]; do + # shellcheck disable=SC2015 [[ "$num" != *[![:digit:]]* ]] && (( num > 0 && num <= ${#LANG_OPTIONS[@]} )) || { msg="Invalid option: $num"; continue; } - ((num--)); msg="${LANG_OPTIONS[num]} was ${choices[num]:+un}checked" - [[ "${choices[num]}" ]] && lang_choices[num]="" || lang_choices[num]="+" + ((num--)); msg="${LANG_OPTIONS[num]} was ${lang_choices[num]:+un}checked" + [[ "${lang_choices[num]}" ]] && lang_choices[num]="" || lang_choices[num]="+" done KOPANO_SPELL_PLUGIN="" @@ -236,6 +237,7 @@ if [ ! -e ./.env ]; then prompt="Check for additional plugins (again to uncheck, ENTER when done): " while plugin_menu && read -rp "$prompt" num && [[ "$num" ]]; do + # shellcheck disable=SC2015 [[ "$num" != *[![:digit:]]* ]] && (( num > 0 && num <= ${#PLUGIN_OPTIONS[@]} )) || { msg="Invalid option: $num"; continue; } @@ -251,7 +253,7 @@ if [ ! -e ./.env ]; then ADDITIONAL_KOPANO_WEBAPP_PLUGINS="${ADDITIONAL_KOPANO_WEBAPP_PLUGINS}${KOPANO_WEBAPP_PLUGIN}" value_default="no" - read -p "Integrate WhatsApp into DeskApp yes/no [$value_default]: " new_value + read -r -p "Integrate WhatsApp into DeskApp yes/no [$value_default]: " new_value WHATSAPPDESKAPP_BOOLEAN=${new_value:-$value_default} if [ "${WHATSAPPDESKAPP_BOOLEAN}" == "yes" ]; then @@ -260,7 +262,7 @@ if [ ! -e ./.env ]; then echo "${PRINT_SETUP_SUCCESS}" - cat <<-EOF >"./.env" + cat < "./.env" # please consult https://github.com/zokradonh/kopano-docker # for possible configuration values and their impact CORE_VERSION=$CORE_VERSION @@ -298,8 +300,8 @@ SELF_SERVICE_PASSWORD_MIN_DIGIT=1 SELF_SERVICE_PASSWORD_MIN_SPECIAL=1 # switch the value of these two variables to use the activedirectory configuration -KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg -KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg +KCUNCOMMENT_LDAP_1="!include /usr/share/kopano/ldap.openldap.cfg" +KCCOMMENT_LDAP_1="!include /usr/share/kopano/ldap.active-directory.cfg" MYSQL_HOST=$MYSQL_HOST MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD diff --git a/ssl/Dockerfile b/ssl/Dockerfile index 20942ae..f4f0ff7 100644 --- a/ssl/Dockerfile +++ b/ssl/Dockerfile @@ -10,10 +10,9 @@ ENV PKI_ROOT /kopano/easypki ENV PKI_ORGANIZATION Internal Kopano System ENV PKI_COUNTRY DE -RUN apk add --update \ +RUN apk add --no-cache \ easypki \ - openssl \ - && rm -rf /var/cache/apk/* + openssl COPY start.sh /start.sh diff --git a/ssl/start.sh b/ssl/start.sh index d38e761..93f7056 100755 --- a/ssl/start.sh +++ b/ssl/start.sh @@ -3,7 +3,6 @@ mkdir -p /kopano/ssl/clients/ set -euo pipefail -IFS=$'\n\t' # clean out any potential port numbers FQDN=${FQDN%:*} @@ -19,7 +18,7 @@ if [ ! -f /kopano/ssl/ca.pem ]; then for s in kopano_server kopano_dagent kopano_monitor kopano_search kopano_spooler kopano_webapp; do if [ ! -f /kopano/ssl/$s.pem ]; then echo "Creating $s certificate..." - easypki create --ca-name internalca --organizational-unit $s --expire 3650 --dns $s --dns $FQDN $s + easypki create --ca-name internalca --organizational-unit $s --expire 3650 --dns $s --dns "$FQDN" $s cp /kopano/easypki/internalca/keys/$s.key /kopano/ssl/$s.pem.tmp cat /kopano/easypki/internalca/certs/$s.crt >> /kopano/ssl/$s.pem.tmp openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem.tmp @@ -41,7 +40,7 @@ fi signkey="/kopano/ssl/konnectd-tokens-signing-key.pem" if [ ! -f $signkey ]; then echo "Creating Konnect token signing key..." - openssl genpkey -algorithm RSA -out $signkey.tmp -pkeyopt rsa_keygen_bits:4096 2&> /dev/null + openssl genpkey -algorithm RSA -out $signkey.tmp -pkeyopt rsa_keygen_bits:4096 >/dev/null 2>&1 chmod go+r $signkey.tmp mv $signkey.tmp $signkey fi diff --git a/utils/Dockerfile b/utils/Dockerfile index 4086184..2a32ff4 100644 --- a/utils/Dockerfile +++ b/utils/Dockerfile @@ -4,6 +4,8 @@ FROM ${docker_repo}/kopano_core RUN apt-get update && apt-get install --no-install-recommends -y \ kopano-backup \ kopano-migration-imap \ - kopano-migration-pst + kopano-migration-pst \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* CMD [ "/bin/bash" ] diff --git a/version.sh b/version.sh index 364c0c0..e5ddf58 100755 --- a/version.sh +++ b/version.sh @@ -7,10 +7,15 @@ fi source base/create-kopano-repo.sh component=${1:-core} -COMPONENT=$(echo "$component" | tr a-z A-Z) -if [ -e ./env ]; then - source ./env +if [ -e ./.env ]; then + # this is a kind of ugly hack to be able to source the env file + # this is sadly needed since postfix in https://github.com/tomav/docker-mailserver/ cannot deal with quotes values + tmpfile=$(mktemp /tmp/kopano-docker-env.XXXXXX) + sed -i '/LDAP_QUERY_FILTER/s/^/#/g' "$tmpfile" + sed -i '/SASLAUTHD_LDAP_FILTER/s/^/#/g' "$tmpfile" + # shellcheck disable=SC1090 + source "$tmpfile" fi case $component in @@ -49,3 +54,4 @@ filename=$(h5ai_query "$component") currentVersion=$(version_from_filename "$filename") echo "$currentVersion" +rm "$tmpfile" diff --git a/web/Dockerfile b/web/Dockerfile index 9e4d70d..542fab2 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -5,6 +5,7 @@ ENV CODE_VERSION="${CODE_VERSION}" ENV KWEBD_USER root ENV KWEBD_GROUP root +# hadolint ignore=DL3002 USER root COPY wrapper.sh /usr/local/bin COPY kweb.cfg /etc/kweb.cfg diff --git a/webapp/Dockerfile b/webapp/Dockerfile index 3cd7fd3..8b7cbf4 100644 --- a/webapp/Dockerfile +++ b/webapp/Dockerfile @@ -34,7 +34,10 @@ ENV KOPANO_WEBAPP_SMIME_VERSION=$KOPANO_WEBAPP_SMIME_VERSION ARG RELEASE_KEY_DOWNLOAD=0 ENV RELEASE_KEY_DOWNLOAD=$RELEASE_KEY_DOWNLOAD +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + # install Kopano WebApp and refresh ca-certificates +# hadolint ignore=SC2129 RUN \ # community download and package as apt source repository . /kopano/helper/create-kopano-repo.sh && \ diff --git a/webapp/start.sh b/webapp/start.sh index 9354172..a7d6847 100755 --- a/webapp/start.sh +++ b/webapp/start.sh @@ -10,9 +10,10 @@ set -eu # unset variables are errors & non-zero return values exit the whole scr ADDITIONAL_KOPANO_PACKAGES="$ADDITIONAL_KOPANO_PACKAGES $ADDITIONAL_KOPANO_WEBAPP_PLUGINS" -[ ! -z "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update -[ ! -z "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do - if [ $(dpkg-query -W -f='${Status}' "$installpkg" 2>/dev/null | grep -c "ok installed") -eq 0 ]; then +[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update +[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do + # shellcheck disable=SC2016 disable=SC2086 + if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then apt --assume-yes install "$installpkg" fi done @@ -40,6 +41,7 @@ chown -R www-data:www-data /run/sessions /tmp/webapp echo "Starting Apache" rm -f /run/apache2/apache2.pid set +u +# shellcheck disable=SC1091 source /etc/apache2/envvars # cleaning up env variables unset "${!KCCONF_@}" diff --git a/zpush/Dockerfile b/zpush/Dockerfile index 5efe1f2..2e0d817 100644 --- a/zpush/Dockerfile +++ b/zpush/Dockerfile @@ -20,6 +20,8 @@ ENV KOPANO_ZPUSH_VERSION=$KOPANO_ZPUSH_VERSION ARG RELEASE_KEY_DOWNLOAD=0 ENV RELEASE_KEY_DOWNLOAD=$RELEASE_KEY_DOWNLOAD +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + # install Kopano WebApp and refresh ca-certificates RUN \ # community download and package as apt source repository diff --git a/zpush/start.sh b/zpush/start.sh index 6e0d5f5..8481527 100755 --- a/zpush/start.sh +++ b/zpush/start.sh @@ -7,10 +7,11 @@ ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} set -eu # unset variables are errors & non-zero return values exit the whole script -[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update -[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do - if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then - apt --assume-yes install $installpkg; +[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update +[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do + # shellcheck disable=SC2016 disable=SC2086 + if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then + apt --assume-yes install "$installpkg" fi done @@ -42,6 +43,7 @@ tail --pid=$$ -F --lines=0 -q /var/log/z-push/z-push-error.log & echo "Starting Apache" rm -f /run/apache2/apache2.pid set +u +# shellcheck disable=SC1091 source /etc/apache2/envvars # cleaning up env variables unset "${!KCCONF_@}"