From 77afe291c17b9c9ab8bb734b7d3ad1f903a76c14 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sat, 11 Sep 2021 20:26:16 +0200 Subject: [PATCH] New develop/rc behavior: - Replace all GIT downloads with downloads per file.friendi.ca - Add GPG check for these downloads - Adapt documentation - Remove any other GIT dependency inside the image --- .travis/test-entrypoint.sh | 51 ------------- .travis/test-example-dockerfiles.sh | 19 ----- 2021.04/apache/Dockerfile | 1 - 2021.04/apache/upgrade.exclude | 3 +- 2021.04/fpm-alpine/Dockerfile | 1 - 2021.04/fpm-alpine/upgrade.exclude | 3 +- 2021.04/fpm/Dockerfile | 1 - 2021.04/fpm/upgrade.exclude | 3 +- 2021.07/apache/Dockerfile | 1 - 2021.07/apache/upgrade.exclude | 3 +- 2021.07/fpm-alpine/Dockerfile | 1 - 2021.07/fpm-alpine/upgrade.exclude | 3 +- 2021.07/fpm/Dockerfile | 1 - 2021.07/fpm/upgrade.exclude | 3 +- 2021.09-dev/apache/Dockerfile | 7 +- 2021.09-dev/apache/entrypoint-dev.sh | 95 ++++++++---------------- 2021.09-dev/apache/upgrade.exclude | 3 +- 2021.09-dev/fpm-alpine/Dockerfile | 5 +- 2021.09-dev/fpm-alpine/entrypoint-dev.sh | 95 ++++++++---------------- 2021.09-dev/fpm-alpine/upgrade.exclude | 3 +- 2021.09-dev/fpm/Dockerfile | 7 +- 2021.09-dev/fpm/entrypoint-dev.sh | 95 ++++++++---------------- 2021.09-dev/fpm/upgrade.exclude | 3 +- 2021.09-rc/apache/Dockerfile | 7 +- 2021.09-rc/apache/entrypoint-dev.sh | 95 ++++++++---------------- 2021.09-rc/apache/upgrade.exclude | 3 +- 2021.09-rc/fpm-alpine/Dockerfile | 5 +- 2021.09-rc/fpm-alpine/entrypoint-dev.sh | 95 ++++++++---------------- 2021.09-rc/fpm-alpine/upgrade.exclude | 3 +- 2021.09-rc/fpm/Dockerfile | 7 +- 2021.09-rc/fpm/entrypoint-dev.sh | 95 ++++++++---------------- 2021.09-rc/fpm/upgrade.exclude | 3 +- Dockerfile-alpine.template | 1 - Dockerfile-debian.template | 1 - README.md | 22 +----- docker-entrypoint-dev.sh | 95 ++++++++---------------- update.sh | 3 +- upgrade.exclude | 3 +- 38 files changed, 280 insertions(+), 565 deletions(-) delete mode 100755 .travis/test-entrypoint.sh delete mode 100755 .travis/test-example-dockerfiles.sh diff --git a/.travis/test-entrypoint.sh b/.travis/test-entrypoint.sh deleted file mode 100755 index 22f1759..0000000 --- a/.travis/test-entrypoint.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -set -eu - -# copy of see .docker-files/entrypoint.sh - testing all versions -version_greater() { - [ "$(printf '%s\n' "$@" | sed -e 's/-rc/.1/' | sed -e 's/-dev/.2/' | sort -t '.' -k1,1n -k2,2n -k3,3nbr | head -n 1)" != "$(printf "$1" | sed -e 's/-rc/.1/' | sed -e 's/-dev/.2/')" ] -} - - -if ! version_greater "2019.06" "2019.06-rc"; then - exit 1; -fi -if ! version_greater "2019.06" "2019.04-rc"; then - exit 1; -fi -if version_greater "2019.06-rc" "2019.06"; then - exit 1; -fi -if version_greater "2019.04" "2019.06"; then - exit 1; -fi -if ! version_greater "2019.06" "2019.04"; then - exit 1; -fi -if ! version_greater "2019.07" "2019.06-rc"; then - exit 1; -fi -if version_greater "2019.05" "2019.06-rc"; then - exit 1; -fi -if version_greater "2019.05-dev" "2019.05"; then - exit 1; -fi -if ! version_greater "2019.05" "2019.05-dev"; then - exit 1; -fi -if ! version_greater "2020.07-1" "2020.07"; then - exit 1; -fi -if ! version_greater "2020.07-2" "2020.07-1"; then - exit 1; -fi -if ! version_greater "2020.07-1" "2020.07-dev"; then - exit 1; -fi -if ! version_greater "2020.09-rc" "2020.09-dev"; then - exit 1 -fi -if version_greater "2020.06-rc" "2020.09-dev"; then - exit 1; -fi diff --git a/.travis/test-example-dockerfiles.sh b/.travis/test-example-dockerfiles.sh deleted file mode 100755 index eb11eca..0000000 --- a/.travis/test-example-dockerfiles.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -set -e - -image="$1" - -cd .examples/dockerfiles - -dirs=( */ ) -dirs=( "${dirs[@]%/}" ) -for dir in "${dirs[@]}"; do - if [ -d "$dir/$VARIANT" ]; then - ( - cd "$dir/$VARIANT" - sed -ri -e 's|^FROM .*|FROM '"$image"'|g' 'Dockerfile' - docker build -t "$image-$dir" . - ~/official-images/test/run.sh "$image-$dir" - ) - fi -done \ No newline at end of file diff --git a/2021.04/apache/Dockerfile b/2021.04/apache/Dockerfile index 9f0fa05..adefd77 100644 --- a/2021.04/apache/Dockerfile +++ b/2021.04/apache/Dockerfile @@ -8,7 +8,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ diff --git a/2021.04/apache/upgrade.exclude b/2021.04/apache/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.04/apache/upgrade.exclude +++ b/2021.04/apache/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.04/fpm-alpine/Dockerfile b/2021.04/fpm-alpine/Dockerfile index 6a8b79f..05b42af 100644 --- a/2021.04/fpm-alpine/Dockerfile +++ b/2021.04/fpm-alpine/Dockerfile @@ -5,7 +5,6 @@ FROM php:7.3-fpm-alpine RUN set -ex; \ apk add --no-cache \ rsync \ - git \ # For mail() support msmtp \ shadow \ diff --git a/2021.04/fpm-alpine/upgrade.exclude b/2021.04/fpm-alpine/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.04/fpm-alpine/upgrade.exclude +++ b/2021.04/fpm-alpine/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.04/fpm/Dockerfile b/2021.04/fpm/Dockerfile index 211367a..4471760 100644 --- a/2021.04/fpm/Dockerfile +++ b/2021.04/fpm/Dockerfile @@ -8,7 +8,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ diff --git a/2021.04/fpm/upgrade.exclude b/2021.04/fpm/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.04/fpm/upgrade.exclude +++ b/2021.04/fpm/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.07/apache/Dockerfile b/2021.07/apache/Dockerfile index ee6f179..b5ea1b2 100644 --- a/2021.07/apache/Dockerfile +++ b/2021.07/apache/Dockerfile @@ -8,7 +8,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ diff --git a/2021.07/apache/upgrade.exclude b/2021.07/apache/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.07/apache/upgrade.exclude +++ b/2021.07/apache/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.07/fpm-alpine/Dockerfile b/2021.07/fpm-alpine/Dockerfile index eb866ad..e3caf7e 100644 --- a/2021.07/fpm-alpine/Dockerfile +++ b/2021.07/fpm-alpine/Dockerfile @@ -5,7 +5,6 @@ FROM php:7.3-fpm-alpine RUN set -ex; \ apk add --no-cache \ rsync \ - git \ # For mail() support msmtp \ shadow \ diff --git a/2021.07/fpm-alpine/upgrade.exclude b/2021.07/fpm-alpine/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.07/fpm-alpine/upgrade.exclude +++ b/2021.07/fpm-alpine/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.07/fpm/Dockerfile b/2021.07/fpm/Dockerfile index c692576..dbe5ff5 100644 --- a/2021.07/fpm/Dockerfile +++ b/2021.07/fpm/Dockerfile @@ -8,7 +8,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ diff --git a/2021.07/fpm/upgrade.exclude b/2021.07/fpm/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.07/fpm/upgrade.exclude +++ b/2021.07/fpm/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.09-dev/apache/Dockerfile b/2021.09-dev/apache/Dockerfile index e6b9633..8364898 100644 --- a/2021.09-dev/apache/Dockerfile +++ b/2021.09-dev/apache/Dockerfile @@ -8,7 +8,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ @@ -127,6 +126,12 @@ RUN set -ex;\ ENV FRIENDICA_VERSION "2021.09-dev" ENV FRIENDICA_ADDONS "2021.09-dev" +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; COPY *.sh upgrade.exclude / COPY config/* /usr/src/friendica/config/ diff --git a/2021.09-dev/apache/entrypoint-dev.sh b/2021.09-dev/apache/entrypoint-dev.sh index 08c3c13..05b4d88 100755 --- a/2021.09-dev/apache/entrypoint-dev.sh +++ b/2021.09-dev/apache/entrypoint-dev.sh @@ -1,69 +1,40 @@ #!/bin/sh set -eu -# checks if the branch and repository exists -check_branch() { - repo=${1:-} - branch=${2:-} - git ls-remote --heads --tags "https://github.com/$repo" | grep -E "refs/(heads|tags)/${branch}$" >/dev/null - [ "$?" -eq "0" ] -} - -# clones the whole develop branch (Friendica and Addons) -clone_develop() { - friendica_git="${FRIENDICA_VERSION}" - addons_git="${FRIENDICA_ADDONS}" - friendica_repo="${FRIENDICA_REPOSITORY:-friendica/friendica}" - friendica_addons_repo="${FRIENDICA_ADDONS_REPO:-friendica/friendica-addons}" - - if echo "{$friendica_git,,}" | grep -Eq '^.*\-dev'; then - friendica_git="develop" - fi - - if echo "{$addons_git,,}" | grep -Eq '^.*\-dev'; then - addons_git="develop" - fi - - # Check if the branches exist before wiping the - if check_branch "$friendica_repo" "$friendica_git" && check_branch "$friendica_addons_repo" "$addons_git" ; then - echo "Cloning '${friendica_git}' from GitHub repository '${friendica_repo}' ..." - - # Removing the whole directory first - rm -fr /usr/src/friendica - git clone -q -b ${friendica_git} "https://github.com/${friendica_repo}" /usr/src/friendica - - mkdir /usr/src/friendica/addon - git clone -q -b ${addons_git} "https://github.com/${friendica_addons_repo}" /usr/src/friendica/addon - - echo "Download finished" - - if [ ! -f /usr/src/friendica/VERSION ]; then - echo "Couldn't clone repository" - exit 1 - fi - - /usr/src/friendica/bin/composer.phar install --no-dev -d /usr/src/friendica - return 0 - - else - if check_branch "$friendica_repo" "$friendica_git"; then - echo "$friendica_repo/$friendica_git is not valid." - else - echo "$friendica_addons_repo/$addons_git is not valid." - fi - echo "Using old version." - return 1 - - fi -} - # just check if we execute apache or php-fpm -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then - # cloning from git is just possible for develop or Release Candidate - if echo "${FRIENDICA_VERSION}" | grep -Eq '^.*(\-dev|-rc|-RC)' || [ "${FRIENDICA_UPGRADE:-false}" = "true" ] || [ ! -f /usr/src/friendica/VERSION ]; then - # just clone & check if it's a new install or upgrade - clone_develop - fi +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${FRIENDICA_DISABLE_UPGRADE:-false}" = "false" ]; then + echo "Download sources for ${FRIENDICA_VERSION} (Addon: ${FRIENDICA_ADDONS})" + + # Removing the whole directory first + rm -fr /usr/src/friendica + export GNUPGHOME="$(mktemp -d)" + + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287 + + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz" + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; + gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz + echo "Core sources (${FRIENDICA_VERSION}) verified" + + tar -xjf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/ + rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc + mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica + echo "Core sources (${FRIENDICA_VERSION}) extracted" + + chmod 777 /usr/src/friendica/view/smarty3 + + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz" + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc" + gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz + echo "Addon source (${FRIENDICA_ADDONS}) verified" + + mkdir -p /usr/src/friendica/addon + tar -xjf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1 + rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc + echo "Addon sources (${FRIENDICA_ADDONS}) extracted" + + gpgconf --kill all + rm -rf "$GNUPGHOME" fi exec /entrypoint.sh "$@" diff --git a/2021.09-dev/apache/upgrade.exclude b/2021.09-dev/apache/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.09-dev/apache/upgrade.exclude +++ b/2021.09-dev/apache/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.09-dev/fpm-alpine/Dockerfile b/2021.09-dev/fpm-alpine/Dockerfile index 08852ce..18722c8 100644 --- a/2021.09-dev/fpm-alpine/Dockerfile +++ b/2021.09-dev/fpm-alpine/Dockerfile @@ -5,7 +5,6 @@ FROM php:7.3-fpm-alpine RUN set -ex; \ apk add --no-cache \ rsync \ - git \ # For mail() support msmtp \ shadow \ @@ -129,6 +128,10 @@ VOLUME /var/www/html ENV FRIENDICA_VERSION "2021.09-dev" ENV FRIENDICA_ADDONS "2021.09-dev" +RUN set -ex; \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; COPY *.sh upgrade.exclude / COPY config/* /usr/src/friendica/config/ diff --git a/2021.09-dev/fpm-alpine/entrypoint-dev.sh b/2021.09-dev/fpm-alpine/entrypoint-dev.sh index 08c3c13..05b4d88 100755 --- a/2021.09-dev/fpm-alpine/entrypoint-dev.sh +++ b/2021.09-dev/fpm-alpine/entrypoint-dev.sh @@ -1,69 +1,40 @@ #!/bin/sh set -eu -# checks if the branch and repository exists -check_branch() { - repo=${1:-} - branch=${2:-} - git ls-remote --heads --tags "https://github.com/$repo" | grep -E "refs/(heads|tags)/${branch}$" >/dev/null - [ "$?" -eq "0" ] -} - -# clones the whole develop branch (Friendica and Addons) -clone_develop() { - friendica_git="${FRIENDICA_VERSION}" - addons_git="${FRIENDICA_ADDONS}" - friendica_repo="${FRIENDICA_REPOSITORY:-friendica/friendica}" - friendica_addons_repo="${FRIENDICA_ADDONS_REPO:-friendica/friendica-addons}" - - if echo "{$friendica_git,,}" | grep -Eq '^.*\-dev'; then - friendica_git="develop" - fi - - if echo "{$addons_git,,}" | grep -Eq '^.*\-dev'; then - addons_git="develop" - fi - - # Check if the branches exist before wiping the - if check_branch "$friendica_repo" "$friendica_git" && check_branch "$friendica_addons_repo" "$addons_git" ; then - echo "Cloning '${friendica_git}' from GitHub repository '${friendica_repo}' ..." - - # Removing the whole directory first - rm -fr /usr/src/friendica - git clone -q -b ${friendica_git} "https://github.com/${friendica_repo}" /usr/src/friendica - - mkdir /usr/src/friendica/addon - git clone -q -b ${addons_git} "https://github.com/${friendica_addons_repo}" /usr/src/friendica/addon - - echo "Download finished" - - if [ ! -f /usr/src/friendica/VERSION ]; then - echo "Couldn't clone repository" - exit 1 - fi - - /usr/src/friendica/bin/composer.phar install --no-dev -d /usr/src/friendica - return 0 - - else - if check_branch "$friendica_repo" "$friendica_git"; then - echo "$friendica_repo/$friendica_git is not valid." - else - echo "$friendica_addons_repo/$addons_git is not valid." - fi - echo "Using old version." - return 1 - - fi -} - # just check if we execute apache or php-fpm -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then - # cloning from git is just possible for develop or Release Candidate - if echo "${FRIENDICA_VERSION}" | grep -Eq '^.*(\-dev|-rc|-RC)' || [ "${FRIENDICA_UPGRADE:-false}" = "true" ] || [ ! -f /usr/src/friendica/VERSION ]; then - # just clone & check if it's a new install or upgrade - clone_develop - fi +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${FRIENDICA_DISABLE_UPGRADE:-false}" = "false" ]; then + echo "Download sources for ${FRIENDICA_VERSION} (Addon: ${FRIENDICA_ADDONS})" + + # Removing the whole directory first + rm -fr /usr/src/friendica + export GNUPGHOME="$(mktemp -d)" + + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287 + + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz" + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; + gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz + echo "Core sources (${FRIENDICA_VERSION}) verified" + + tar -xjf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/ + rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc + mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica + echo "Core sources (${FRIENDICA_VERSION}) extracted" + + chmod 777 /usr/src/friendica/view/smarty3 + + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz" + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc" + gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz + echo "Addon source (${FRIENDICA_ADDONS}) verified" + + mkdir -p /usr/src/friendica/addon + tar -xjf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1 + rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc + echo "Addon sources (${FRIENDICA_ADDONS}) extracted" + + gpgconf --kill all + rm -rf "$GNUPGHOME" fi exec /entrypoint.sh "$@" diff --git a/2021.09-dev/fpm-alpine/upgrade.exclude b/2021.09-dev/fpm-alpine/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.09-dev/fpm-alpine/upgrade.exclude +++ b/2021.09-dev/fpm-alpine/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.09-dev/fpm/Dockerfile b/2021.09-dev/fpm/Dockerfile index 188db9e..fe7938d 100644 --- a/2021.09-dev/fpm/Dockerfile +++ b/2021.09-dev/fpm/Dockerfile @@ -8,7 +8,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ @@ -118,6 +117,12 @@ VOLUME /var/www/html ENV FRIENDICA_VERSION "2021.09-dev" ENV FRIENDICA_ADDONS "2021.09-dev" +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; COPY *.sh upgrade.exclude / COPY config/* /usr/src/friendica/config/ diff --git a/2021.09-dev/fpm/entrypoint-dev.sh b/2021.09-dev/fpm/entrypoint-dev.sh index 08c3c13..05b4d88 100755 --- a/2021.09-dev/fpm/entrypoint-dev.sh +++ b/2021.09-dev/fpm/entrypoint-dev.sh @@ -1,69 +1,40 @@ #!/bin/sh set -eu -# checks if the branch and repository exists -check_branch() { - repo=${1:-} - branch=${2:-} - git ls-remote --heads --tags "https://github.com/$repo" | grep -E "refs/(heads|tags)/${branch}$" >/dev/null - [ "$?" -eq "0" ] -} - -# clones the whole develop branch (Friendica and Addons) -clone_develop() { - friendica_git="${FRIENDICA_VERSION}" - addons_git="${FRIENDICA_ADDONS}" - friendica_repo="${FRIENDICA_REPOSITORY:-friendica/friendica}" - friendica_addons_repo="${FRIENDICA_ADDONS_REPO:-friendica/friendica-addons}" - - if echo "{$friendica_git,,}" | grep -Eq '^.*\-dev'; then - friendica_git="develop" - fi - - if echo "{$addons_git,,}" | grep -Eq '^.*\-dev'; then - addons_git="develop" - fi - - # Check if the branches exist before wiping the - if check_branch "$friendica_repo" "$friendica_git" && check_branch "$friendica_addons_repo" "$addons_git" ; then - echo "Cloning '${friendica_git}' from GitHub repository '${friendica_repo}' ..." - - # Removing the whole directory first - rm -fr /usr/src/friendica - git clone -q -b ${friendica_git} "https://github.com/${friendica_repo}" /usr/src/friendica - - mkdir /usr/src/friendica/addon - git clone -q -b ${addons_git} "https://github.com/${friendica_addons_repo}" /usr/src/friendica/addon - - echo "Download finished" - - if [ ! -f /usr/src/friendica/VERSION ]; then - echo "Couldn't clone repository" - exit 1 - fi - - /usr/src/friendica/bin/composer.phar install --no-dev -d /usr/src/friendica - return 0 - - else - if check_branch "$friendica_repo" "$friendica_git"; then - echo "$friendica_repo/$friendica_git is not valid." - else - echo "$friendica_addons_repo/$addons_git is not valid." - fi - echo "Using old version." - return 1 - - fi -} - # just check if we execute apache or php-fpm -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then - # cloning from git is just possible for develop or Release Candidate - if echo "${FRIENDICA_VERSION}" | grep -Eq '^.*(\-dev|-rc|-RC)' || [ "${FRIENDICA_UPGRADE:-false}" = "true" ] || [ ! -f /usr/src/friendica/VERSION ]; then - # just clone & check if it's a new install or upgrade - clone_develop - fi +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${FRIENDICA_DISABLE_UPGRADE:-false}" = "false" ]; then + echo "Download sources for ${FRIENDICA_VERSION} (Addon: ${FRIENDICA_ADDONS})" + + # Removing the whole directory first + rm -fr /usr/src/friendica + export GNUPGHOME="$(mktemp -d)" + + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287 + + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz" + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; + gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz + echo "Core sources (${FRIENDICA_VERSION}) verified" + + tar -xjf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/ + rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc + mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica + echo "Core sources (${FRIENDICA_VERSION}) extracted" + + chmod 777 /usr/src/friendica/view/smarty3 + + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz" + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc" + gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz + echo "Addon source (${FRIENDICA_ADDONS}) verified" + + mkdir -p /usr/src/friendica/addon + tar -xjf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1 + rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc + echo "Addon sources (${FRIENDICA_ADDONS}) extracted" + + gpgconf --kill all + rm -rf "$GNUPGHOME" fi exec /entrypoint.sh "$@" diff --git a/2021.09-dev/fpm/upgrade.exclude b/2021.09-dev/fpm/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.09-dev/fpm/upgrade.exclude +++ b/2021.09-dev/fpm/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.09-rc/apache/Dockerfile b/2021.09-rc/apache/Dockerfile index 5b82fe6..e44adfe 100644 --- a/2021.09-rc/apache/Dockerfile +++ b/2021.09-rc/apache/Dockerfile @@ -8,7 +8,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ @@ -127,6 +126,12 @@ RUN set -ex;\ ENV FRIENDICA_VERSION "2021.09-rc" ENV FRIENDICA_ADDONS "2021.09-rc" +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; COPY *.sh upgrade.exclude / COPY config/* /usr/src/friendica/config/ diff --git a/2021.09-rc/apache/entrypoint-dev.sh b/2021.09-rc/apache/entrypoint-dev.sh index 08c3c13..05b4d88 100755 --- a/2021.09-rc/apache/entrypoint-dev.sh +++ b/2021.09-rc/apache/entrypoint-dev.sh @@ -1,69 +1,40 @@ #!/bin/sh set -eu -# checks if the branch and repository exists -check_branch() { - repo=${1:-} - branch=${2:-} - git ls-remote --heads --tags "https://github.com/$repo" | grep -E "refs/(heads|tags)/${branch}$" >/dev/null - [ "$?" -eq "0" ] -} - -# clones the whole develop branch (Friendica and Addons) -clone_develop() { - friendica_git="${FRIENDICA_VERSION}" - addons_git="${FRIENDICA_ADDONS}" - friendica_repo="${FRIENDICA_REPOSITORY:-friendica/friendica}" - friendica_addons_repo="${FRIENDICA_ADDONS_REPO:-friendica/friendica-addons}" - - if echo "{$friendica_git,,}" | grep -Eq '^.*\-dev'; then - friendica_git="develop" - fi - - if echo "{$addons_git,,}" | grep -Eq '^.*\-dev'; then - addons_git="develop" - fi - - # Check if the branches exist before wiping the - if check_branch "$friendica_repo" "$friendica_git" && check_branch "$friendica_addons_repo" "$addons_git" ; then - echo "Cloning '${friendica_git}' from GitHub repository '${friendica_repo}' ..." - - # Removing the whole directory first - rm -fr /usr/src/friendica - git clone -q -b ${friendica_git} "https://github.com/${friendica_repo}" /usr/src/friendica - - mkdir /usr/src/friendica/addon - git clone -q -b ${addons_git} "https://github.com/${friendica_addons_repo}" /usr/src/friendica/addon - - echo "Download finished" - - if [ ! -f /usr/src/friendica/VERSION ]; then - echo "Couldn't clone repository" - exit 1 - fi - - /usr/src/friendica/bin/composer.phar install --no-dev -d /usr/src/friendica - return 0 - - else - if check_branch "$friendica_repo" "$friendica_git"; then - echo "$friendica_repo/$friendica_git is not valid." - else - echo "$friendica_addons_repo/$addons_git is not valid." - fi - echo "Using old version." - return 1 - - fi -} - # just check if we execute apache or php-fpm -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then - # cloning from git is just possible for develop or Release Candidate - if echo "${FRIENDICA_VERSION}" | grep -Eq '^.*(\-dev|-rc|-RC)' || [ "${FRIENDICA_UPGRADE:-false}" = "true" ] || [ ! -f /usr/src/friendica/VERSION ]; then - # just clone & check if it's a new install or upgrade - clone_develop - fi +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${FRIENDICA_DISABLE_UPGRADE:-false}" = "false" ]; then + echo "Download sources for ${FRIENDICA_VERSION} (Addon: ${FRIENDICA_ADDONS})" + + # Removing the whole directory first + rm -fr /usr/src/friendica + export GNUPGHOME="$(mktemp -d)" + + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287 + + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz" + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; + gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz + echo "Core sources (${FRIENDICA_VERSION}) verified" + + tar -xjf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/ + rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc + mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica + echo "Core sources (${FRIENDICA_VERSION}) extracted" + + chmod 777 /usr/src/friendica/view/smarty3 + + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz" + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc" + gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz + echo "Addon source (${FRIENDICA_ADDONS}) verified" + + mkdir -p /usr/src/friendica/addon + tar -xjf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1 + rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc + echo "Addon sources (${FRIENDICA_ADDONS}) extracted" + + gpgconf --kill all + rm -rf "$GNUPGHOME" fi exec /entrypoint.sh "$@" diff --git a/2021.09-rc/apache/upgrade.exclude b/2021.09-rc/apache/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.09-rc/apache/upgrade.exclude +++ b/2021.09-rc/apache/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.09-rc/fpm-alpine/Dockerfile b/2021.09-rc/fpm-alpine/Dockerfile index 7451522..9314282 100644 --- a/2021.09-rc/fpm-alpine/Dockerfile +++ b/2021.09-rc/fpm-alpine/Dockerfile @@ -5,7 +5,6 @@ FROM php:7.3-fpm-alpine RUN set -ex; \ apk add --no-cache \ rsync \ - git \ # For mail() support msmtp \ shadow \ @@ -129,6 +128,10 @@ VOLUME /var/www/html ENV FRIENDICA_VERSION "2021.09-rc" ENV FRIENDICA_ADDONS "2021.09-rc" +RUN set -ex; \ + apk add --no-cache --virtual .fetch-deps \ + gnupg \ + ; COPY *.sh upgrade.exclude / COPY config/* /usr/src/friendica/config/ diff --git a/2021.09-rc/fpm-alpine/entrypoint-dev.sh b/2021.09-rc/fpm-alpine/entrypoint-dev.sh index 08c3c13..05b4d88 100755 --- a/2021.09-rc/fpm-alpine/entrypoint-dev.sh +++ b/2021.09-rc/fpm-alpine/entrypoint-dev.sh @@ -1,69 +1,40 @@ #!/bin/sh set -eu -# checks if the branch and repository exists -check_branch() { - repo=${1:-} - branch=${2:-} - git ls-remote --heads --tags "https://github.com/$repo" | grep -E "refs/(heads|tags)/${branch}$" >/dev/null - [ "$?" -eq "0" ] -} - -# clones the whole develop branch (Friendica and Addons) -clone_develop() { - friendica_git="${FRIENDICA_VERSION}" - addons_git="${FRIENDICA_ADDONS}" - friendica_repo="${FRIENDICA_REPOSITORY:-friendica/friendica}" - friendica_addons_repo="${FRIENDICA_ADDONS_REPO:-friendica/friendica-addons}" - - if echo "{$friendica_git,,}" | grep -Eq '^.*\-dev'; then - friendica_git="develop" - fi - - if echo "{$addons_git,,}" | grep -Eq '^.*\-dev'; then - addons_git="develop" - fi - - # Check if the branches exist before wiping the - if check_branch "$friendica_repo" "$friendica_git" && check_branch "$friendica_addons_repo" "$addons_git" ; then - echo "Cloning '${friendica_git}' from GitHub repository '${friendica_repo}' ..." - - # Removing the whole directory first - rm -fr /usr/src/friendica - git clone -q -b ${friendica_git} "https://github.com/${friendica_repo}" /usr/src/friendica - - mkdir /usr/src/friendica/addon - git clone -q -b ${addons_git} "https://github.com/${friendica_addons_repo}" /usr/src/friendica/addon - - echo "Download finished" - - if [ ! -f /usr/src/friendica/VERSION ]; then - echo "Couldn't clone repository" - exit 1 - fi - - /usr/src/friendica/bin/composer.phar install --no-dev -d /usr/src/friendica - return 0 - - else - if check_branch "$friendica_repo" "$friendica_git"; then - echo "$friendica_repo/$friendica_git is not valid." - else - echo "$friendica_addons_repo/$addons_git is not valid." - fi - echo "Using old version." - return 1 - - fi -} - # just check if we execute apache or php-fpm -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then - # cloning from git is just possible for develop or Release Candidate - if echo "${FRIENDICA_VERSION}" | grep -Eq '^.*(\-dev|-rc|-RC)' || [ "${FRIENDICA_UPGRADE:-false}" = "true" ] || [ ! -f /usr/src/friendica/VERSION ]; then - # just clone & check if it's a new install or upgrade - clone_develop - fi +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${FRIENDICA_DISABLE_UPGRADE:-false}" = "false" ]; then + echo "Download sources for ${FRIENDICA_VERSION} (Addon: ${FRIENDICA_ADDONS})" + + # Removing the whole directory first + rm -fr /usr/src/friendica + export GNUPGHOME="$(mktemp -d)" + + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287 + + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz" + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; + gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz + echo "Core sources (${FRIENDICA_VERSION}) verified" + + tar -xjf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/ + rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc + mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica + echo "Core sources (${FRIENDICA_VERSION}) extracted" + + chmod 777 /usr/src/friendica/view/smarty3 + + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz" + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc" + gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz + echo "Addon source (${FRIENDICA_ADDONS}) verified" + + mkdir -p /usr/src/friendica/addon + tar -xjf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1 + rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc + echo "Addon sources (${FRIENDICA_ADDONS}) extracted" + + gpgconf --kill all + rm -rf "$GNUPGHOME" fi exec /entrypoint.sh "$@" diff --git a/2021.09-rc/fpm-alpine/upgrade.exclude b/2021.09-rc/fpm-alpine/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.09-rc/fpm-alpine/upgrade.exclude +++ b/2021.09-rc/fpm-alpine/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/2021.09-rc/fpm/Dockerfile b/2021.09-rc/fpm/Dockerfile index 6ea4e88..d5c5519 100644 --- a/2021.09-rc/fpm/Dockerfile +++ b/2021.09-rc/fpm/Dockerfile @@ -8,7 +8,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ @@ -118,6 +117,12 @@ VOLUME /var/www/html ENV FRIENDICA_VERSION "2021.09-rc" ENV FRIENDICA_ADDONS "2021.09-rc" +RUN set -ex; \ + fetchDeps=" \ + gnupg \ + "; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; COPY *.sh upgrade.exclude / COPY config/* /usr/src/friendica/config/ diff --git a/2021.09-rc/fpm/entrypoint-dev.sh b/2021.09-rc/fpm/entrypoint-dev.sh index 08c3c13..05b4d88 100755 --- a/2021.09-rc/fpm/entrypoint-dev.sh +++ b/2021.09-rc/fpm/entrypoint-dev.sh @@ -1,69 +1,40 @@ #!/bin/sh set -eu -# checks if the branch and repository exists -check_branch() { - repo=${1:-} - branch=${2:-} - git ls-remote --heads --tags "https://github.com/$repo" | grep -E "refs/(heads|tags)/${branch}$" >/dev/null - [ "$?" -eq "0" ] -} - -# clones the whole develop branch (Friendica and Addons) -clone_develop() { - friendica_git="${FRIENDICA_VERSION}" - addons_git="${FRIENDICA_ADDONS}" - friendica_repo="${FRIENDICA_REPOSITORY:-friendica/friendica}" - friendica_addons_repo="${FRIENDICA_ADDONS_REPO:-friendica/friendica-addons}" - - if echo "{$friendica_git,,}" | grep -Eq '^.*\-dev'; then - friendica_git="develop" - fi - - if echo "{$addons_git,,}" | grep -Eq '^.*\-dev'; then - addons_git="develop" - fi - - # Check if the branches exist before wiping the - if check_branch "$friendica_repo" "$friendica_git" && check_branch "$friendica_addons_repo" "$addons_git" ; then - echo "Cloning '${friendica_git}' from GitHub repository '${friendica_repo}' ..." - - # Removing the whole directory first - rm -fr /usr/src/friendica - git clone -q -b ${friendica_git} "https://github.com/${friendica_repo}" /usr/src/friendica - - mkdir /usr/src/friendica/addon - git clone -q -b ${addons_git} "https://github.com/${friendica_addons_repo}" /usr/src/friendica/addon - - echo "Download finished" - - if [ ! -f /usr/src/friendica/VERSION ]; then - echo "Couldn't clone repository" - exit 1 - fi - - /usr/src/friendica/bin/composer.phar install --no-dev -d /usr/src/friendica - return 0 - - else - if check_branch "$friendica_repo" "$friendica_git"; then - echo "$friendica_repo/$friendica_git is not valid." - else - echo "$friendica_addons_repo/$addons_git is not valid." - fi - echo "Using old version." - return 1 - - fi -} - # just check if we execute apache or php-fpm -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then - # cloning from git is just possible for develop or Release Candidate - if echo "${FRIENDICA_VERSION}" | grep -Eq '^.*(\-dev|-rc|-RC)' || [ "${FRIENDICA_UPGRADE:-false}" = "true" ] || [ ! -f /usr/src/friendica/VERSION ]; then - # just clone & check if it's a new install or upgrade - clone_develop - fi +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${FRIENDICA_DISABLE_UPGRADE:-false}" = "false" ]; then + echo "Download sources for ${FRIENDICA_VERSION} (Addon: ${FRIENDICA_ADDONS})" + + # Removing the whole directory first + rm -fr /usr/src/friendica + export GNUPGHOME="$(mktemp -d)" + + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287 + + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz" + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; + gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz + echo "Core sources (${FRIENDICA_VERSION}) verified" + + tar -xjf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/ + rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc + mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica + echo "Core sources (${FRIENDICA_VERSION}) extracted" + + chmod 777 /usr/src/friendica/view/smarty3 + + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz" + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc" + gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz + echo "Addon source (${FRIENDICA_ADDONS}) verified" + + mkdir -p /usr/src/friendica/addon + tar -xjf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1 + rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc + echo "Addon sources (${FRIENDICA_ADDONS}) extracted" + + gpgconf --kill all + rm -rf "$GNUPGHOME" fi exec /entrypoint.sh "$@" diff --git a/2021.09-rc/fpm/upgrade.exclude b/2021.09-rc/fpm/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/2021.09-rc/fpm/upgrade.exclude +++ b/2021.09-rc/fpm/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index d282e30..2d9ea05 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -4,7 +4,6 @@ FROM php:%%PHP_VERSION%%-%%VARIANT%% RUN set -ex; \ apk add --no-cache \ rsync \ - git \ # For mail() support msmtp \ shadow \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index d814ff9..7e9215f 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -7,7 +7,6 @@ RUN set -ex; \ apt-get install -y --no-install-recommends \ rsync \ bzip2 \ - git \ # For mail() support msmtp \ tini \ diff --git a/README.md b/README.md index 9268484..2b60b76 100644 --- a/README.md +++ b/README.md @@ -359,26 +359,8 @@ Then run `docker-compose up -d`, now you can access Friendica at http://localhos # Special settings for DEV/RC images -The `*-dev` and `*-rc` branches are having additional possibilities to get the latest sources of Friendica. - -## Possible Environment Variables - -The following environment variables are possible for these kind of images too: - -**Develop/Release Candidate Settings** - -- `FRIENDICA_UPGRADE` If set to `true`, a develop or release candidat node will get updated at startup. -- `FRIENDICA_REPOSITORY` If set, a custom repository will be chosen (Default: `friendica`) -- `FRIENDICA_ADDONS_REPO` If set, a custom repository for the addons will be chosen (Default: `friendica`) -- `FRIENDICA_VERSION` If set, a custom branch will be chosen (Default is based on the chosen image version) -- `FRIENDICA_ADDONS` If set, a custom branch for the addons will be chosen (Default is based on the chosen image version) - -## Updating to a newer version - -You don't need to pull the image for each commit in [friendica](https://github.com/friendica/friendica/). -Instead, the release candidate or develop branch will get updated if no installation was found or the environment variable `FRIENDICA_UPGRADE` is set to `true`. - -It will clone the latest Friendica version and copy it to your working directory. +The `*-dev` and `*-rc` branches are directly downloaded and verified at each docker start to ensure that the latest sources are used. +It's possible to disable this behaviour by setting the environment variable `FRIENDICA_DISABLE_UPGRADE` to `true`. # Questions / Issues diff --git a/docker-entrypoint-dev.sh b/docker-entrypoint-dev.sh index 08c3c13..05b4d88 100755 --- a/docker-entrypoint-dev.sh +++ b/docker-entrypoint-dev.sh @@ -1,69 +1,40 @@ #!/bin/sh set -eu -# checks if the branch and repository exists -check_branch() { - repo=${1:-} - branch=${2:-} - git ls-remote --heads --tags "https://github.com/$repo" | grep -E "refs/(heads|tags)/${branch}$" >/dev/null - [ "$?" -eq "0" ] -} - -# clones the whole develop branch (Friendica and Addons) -clone_develop() { - friendica_git="${FRIENDICA_VERSION}" - addons_git="${FRIENDICA_ADDONS}" - friendica_repo="${FRIENDICA_REPOSITORY:-friendica/friendica}" - friendica_addons_repo="${FRIENDICA_ADDONS_REPO:-friendica/friendica-addons}" - - if echo "{$friendica_git,,}" | grep -Eq '^.*\-dev'; then - friendica_git="develop" - fi - - if echo "{$addons_git,,}" | grep -Eq '^.*\-dev'; then - addons_git="develop" - fi - - # Check if the branches exist before wiping the - if check_branch "$friendica_repo" "$friendica_git" && check_branch "$friendica_addons_repo" "$addons_git" ; then - echo "Cloning '${friendica_git}' from GitHub repository '${friendica_repo}' ..." - - # Removing the whole directory first - rm -fr /usr/src/friendica - git clone -q -b ${friendica_git} "https://github.com/${friendica_repo}" /usr/src/friendica - - mkdir /usr/src/friendica/addon - git clone -q -b ${addons_git} "https://github.com/${friendica_addons_repo}" /usr/src/friendica/addon - - echo "Download finished" - - if [ ! -f /usr/src/friendica/VERSION ]; then - echo "Couldn't clone repository" - exit 1 - fi - - /usr/src/friendica/bin/composer.phar install --no-dev -d /usr/src/friendica - return 0 - - else - if check_branch "$friendica_repo" "$friendica_git"; then - echo "$friendica_repo/$friendica_git is not valid." - else - echo "$friendica_addons_repo/$addons_git is not valid." - fi - echo "Using old version." - return 1 - - fi -} - # just check if we execute apache or php-fpm -if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]; then - # cloning from git is just possible for develop or Release Candidate - if echo "${FRIENDICA_VERSION}" | grep -Eq '^.*(\-dev|-rc|-RC)' || [ "${FRIENDICA_UPGRADE:-false}" = "true" ] || [ ! -f /usr/src/friendica/VERSION ]; then - # just clone & check if it's a new install or upgrade - clone_develop - fi +if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${FRIENDICA_DISABLE_UPGRADE:-false}" = "false" ]; then + echo "Download sources for ${FRIENDICA_VERSION} (Addon: ${FRIENDICA_ADDONS})" + + # Removing the whole directory first + rm -fr /usr/src/friendica + export GNUPGHOME="$(mktemp -d)" + + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287 + + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz" + curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; + gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz + echo "Core sources (${FRIENDICA_VERSION}) verified" + + tar -xjf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/ + rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc + mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica + echo "Core sources (${FRIENDICA_VERSION}) extracted" + + chmod 777 /usr/src/friendica/view/smarty3 + + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz" + curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc" + gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz + echo "Addon source (${FRIENDICA_ADDONS}) verified" + + mkdir -p /usr/src/friendica/addon + tar -xjf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1 + rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc + echo "Addon sources (${FRIENDICA_ADDONS}) extracted" + + gpgconf --kill all + rm -rf "$GNUPGHOME" fi exec /entrypoint.sh "$@" diff --git a/update.sh b/update.sh index d14cd61..4a627d0 100755 --- a/update.sh +++ b/update.sh @@ -84,7 +84,8 @@ declare -A pecl_versions=( declare -A install_extras=( ['stable-debian']='\nRUN set -ex; \\\n fetchDeps=" \\\n gnupg \\\n "; \\\n apt-get update; \\\n apt-get install -y --no-install-recommends $fetchDeps; \\\n \\\n export GNUPGHOME="$(mktemp -d)"; \\\n gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287; \\\n \\\n curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz \\\n "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz"; \\\n curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc \\\n "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; \\\n gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz; \\\n echo "${FRIENDICA_DOWNLOAD_SHA256} *friendica-full-${FRIENDICA_VERSION}.tar.gz" \| sha256sum -c; \\\n tar -xzf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/; \\\n rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc; \\\n mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica; \\\n chmod 777 /usr/src/friendica/view/smarty3; \\\n \\\n curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz \\\n "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz"; \\\n curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc \\\n "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc"; \\\n gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz; \\\n echo "${FRIENDICA_DOWNLOAD_ADDONS_SHA256} *friendica-addons-${FRIENDICA_ADDONS}.tar.gz" \| sha256sum -c; \\\n mkdir -p /usr/src/friendica/proxy; \\\n mkdir -p /usr/src/friendica/addon; \\\n tar -xzf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1; \\\n rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc; \\\n \\\n gpgconf --kill all; \\\n rm -rf "$GNUPGHOME"; \\\n \\\n apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \\\n rm -rf /var/lib/apt/lists/*\n' ['stable-alpine']='\nRUN set -ex; \\\n apk add --no-cache --virtual .fetch-deps \\\n gnupg \\\n ; \\\n \\\n export GNUPGHOME="$(mktemp -d)"; \\\n gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287; \\\n \\\n curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz \\\n "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz"; \\\n curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc \\\n "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; \\\n gpg --batch --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz; \\\n echo "${FRIENDICA_DOWNLOAD_SHA256} *friendica-full-${FRIENDICA_VERSION}.tar.gz" \| sha256sum -c; \\\n tar -xzf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/; \\\n rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc; \\\n mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica; \\\n chmod 777 /usr/src/friendica/view/smarty3; \\\n \\\n curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz \\\n "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz"; \\\n curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc \\\n "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc"; \\\n gpg --batch --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz; \\\n echo "${FRIENDICA_DOWNLOAD_ADDONS_SHA256} *friendica-addons-${FRIENDICA_ADDONS}.tar.gz" \| sha256sum -c; \\\n mkdir -p /usr/src/friendica/proxy; \\\n mkdir -p /usr/src/friendica/addon; \\\n tar -xzf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1; \\\n rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc; \\\n \\\n gpgconf --kill all; \\\n rm -rf "$GNUPGHOME"; \\\n \\\n apk del .fetch-deps\n' - ['develop']='' + ['develop-debian']='RUN set -ex; \\\n fetchDeps=" \\\n gnupg \\\n "; \\\n apt-get update; \\\n apt-get install -y --no-install-recommends $fetchDeps;\n' + ['develop-alpine']='RUN set -ex; \\\n apk add --no-cache --virtual .fetch-deps \\\n gnupg \\\n ;\n' ) variants=( diff --git a/upgrade.exclude b/upgrade.exclude index 2fb6533..b3420cc 100644 --- a/upgrade.exclude +++ b/upgrade.exclude @@ -1,4 +1,3 @@ -/.git/ /photo/ /proxy/ /.htconfig.php @@ -7,4 +6,4 @@ /config/ /storage/ /log/ -*.log \ No newline at end of file +*.log