server
/
suite-crm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

Browse Source
main
Artem-Darius Weber 4 months ago
commit f15adb2bb5
150 changed files with 15294 additions and 0 deletions
Show Stats Download Patch File Download Diff File

66
7/debian-12/Dockerfile
Unescape View File

@ -0,0 +1,66 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
FROM docker.io/bitnami/minideb:bookworm
ARG TARGETARCH
LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2024-08-28T06:26:27Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/suitecrm/README.md" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="7.14.5-debian-12-r1" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/suitecrm" \
org.opencontainers.image.title="suitecrm" \
org.opencontainers.image.vendor="Broadcom, Inc." \
org.opencontainers.image.version="7.14.5"
ENV OS_ARCH="${TARGETARCH:-amd64}" \
OS_FLAVOUR="debian-12" \
OS_NAME="linux"
COPY prebuildfs /
SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
# Install required system packages and dependencies
RUN install_packages acl ca-certificates cron curl libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps zlib1g
RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
COMPONENTS=( \
"render-template-1.0.7-3-linux-${OS_ARCH}-debian-12" \
"php-8.1.29-9-linux-${OS_ARCH}-debian-12" \
"apache-2.4.62-1-linux-${OS_ARCH}-debian-12" \
"mysql-client-11.4.3-0-linux-${OS_ARCH}-debian-12" \
"libphp-8.1.29-5-linux-${OS_ARCH}-debian-12" \
"suitecrm-7.14.5-0-linux-${OS_ARCH}-debian-12" \
) ; \
for COMPONENT in "${COMPONENTS[@]}"; do \
if [ ! -f "${COMPONENT}.tar.gz" ]; then \
curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \
curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \
fi ; \
sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \
rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
done
RUN apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
RUN sed -i -e '/pam_loginuid.so/ s/^#*/#/' /etc/pam.d/cron
COPY rootfs /
RUN /opt/bitnami/scripts/mysql-client/postunpack.sh
RUN /opt/bitnami/scripts/apache/postunpack.sh
RUN /opt/bitnami/scripts/php/postunpack.sh
RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh
RUN /opt/bitnami/scripts/suitecrm/postunpack.sh
ENV APACHE_HTTPS_PORT_NUMBER="" \
APACHE_HTTP_PORT_NUMBER="" \
APP_VERSION="7.14.5" \
BITNAMI_APP_NAME="suitecrm" \
PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:$PATH"
EXPOSE 8080 8443
ENTRYPOINT [ "/opt/bitnami/scripts/suitecrm/entrypoint.sh" ]
CMD [ "/opt/bitnami/scripts/suitecrm/run.sh" ]

36
7/debian-12/docker-compose.yml
Unescape View File

@ -0,0 +1,36 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
services:
mariadb:
image: docker.io/bitnami/mariadb:11.4
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
- MARIADB_USER=bn_suitecrm
- MARIADB_DATABASE=bitnami_suitecrm
- MARIADB_PASSWORD=bitnami123
volumes:
- 'mariadb_data:/bitnami/mariadb'
suitecrm:
image: docker.io/bitnami/suitecrm:7
ports:
- '80:8080'
- '443:8443'
environment:
- SUITECRM_DATABASE_HOST=mariadb
- SUITECRM_DATABASE_PORT_NUMBER=3306
- SUITECRM_DATABASE_USER=bn_suitecrm
- SUITECRM_DATABASE_NAME=bitnami_suitecrm
- SUITECRM_DATABASE_PASSWORD=bitnami123
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
volumes:
- 'suitecrm_data:/bitnami/suitecrm'
depends_on:
- mariadb
volumes:
mariadb_data:
driver: local
suitecrm_data:
driver: local

38
7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
Unescape View File

@ -0,0 +1,38 @@
{
"apache": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "2.4.62-1"
},
"libphp": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "8.1.29-5"
},
"mysql-client": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "11.4.3-0"
},
"php": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "8.1.29-9"
},
"render-template": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "1.0.7-3"
},
"suitecrm": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "7.14.5-0"
}
}

2
7/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
Unescape View File

@ -0,0 +1,2 @@
Bitnami containers ship with software bundles. You can find the licenses under:
/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

54
7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh
Unescape View File

@ -0,0 +1,54 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami custom library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Constants
BOLD='\033[1m'
# Functions
########################
# Print the welcome page
# Globals:
# DISABLE_WELCOME_MESSAGE
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_welcome_page() {
if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
if [[ -n "$BITNAMI_APP_NAME" ]]; then
print_image_welcome_page
fi
fi
}
########################
# Print the welcome page for a Bitnami Docker image
# Globals:
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_image_welcome_page() {
local github_url="https://github.com/bitnami/containers"
info ""
info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}"
info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}"
info ""
}

141
7/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh
Unescape View File

@ -0,0 +1,141 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing files
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libos.sh
# Functions
########################
# Replace a regex-matching string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# $4 - use POSIX regex. Default: true
# Returns:
# None
#########################
replace_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local posix_regex=${4:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
if [[ $posix_regex = true ]]; then
result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
else
result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Replace a regex-matching multiline string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# Returns:
# None
#########################
replace_in_file_multiline() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local result
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
echo "$result" > "$filename"
}
########################
# Remove a line in a file based on a regex
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - use POSIX regex. Default: true
# Returns:
# None
#########################
remove_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local posix_regex=${3:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
if [[ $posix_regex = true ]]; then
result="$(sed -E "/$match_regex/d" "$filename")"
else
result="$(sed "/$match_regex/d" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Appends text after the last line matching a pattern
# Arguments:
# $1 - file
# $2 - match regex
# $3 - contents to add
# Returns:
# None
#########################
append_file_after_last_match() {
local file="${1:?missing file}"
local match_regex="${2:?missing pattern}"
local value="${3:?missing value}"
# We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
echo "$result" > "$file"
}
########################
# Wait until certain entry is present in a log file
# Arguments:
# $1 - entry to look for
# $2 - log file
# $3 - max retries. Default: 12
# $4 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
wait_for_log_entry() {
local -r entry="${1:-missing entry}"
local -r log_file="${2:-missing log file}"
local -r retries="${3:-12}"
local -r interval_time="${4:-5}"
local attempt=0
check_log_file_for_entry() {
if ! grep -qE "$entry" "$log_file"; then
debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
return 1
fi
}
debug "Checking that ${log_file} log file contains entry \"${entry}\""
if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
debug "Found entry \"${entry}\" in ${log_file}"
true
else
error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
debug_execute cat "$log_file"
return 1
fi
}

193
7/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh
Unescape View File

@ -0,0 +1,193 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for file system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Ensure a file/directory is owned (user and group) but the given user
# Arguments:
# $1 - filepath
# $2 - owner
# Returns:
# None
#########################
owned_by() {
local path="${1:?path is missing}"
local owner="${2:?owner is missing}"
local group="${3:-}"
if [[ -n $group ]]; then
chown "$owner":"$group" "$path"
else
chown "$owner":"$owner" "$path"
fi
}
########################
# Ensure a directory exists and, optionally, is owned by the given user
# Arguments:
# $1 - directory
# $2 - owner
# Returns:
# None
#########################
ensure_dir_exists() {
local dir="${1:?directory is missing}"
local owner_user="${2:-}"
local owner_group="${3:-}"
[ -d "${dir}" ] || mkdir -p "${dir}"
if [[ -n $owner_user ]]; then
owned_by "$dir" "$owner_user" "$owner_group"
fi
}
########################
# Checks whether a directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_dir_empty() {
local -r path="${1:?missing directory}"
# Calculate real path in order to avoid issues with symlinks
local -r dir="$(realpath "$path")"
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
true
else
false
fi
}
########################
# Checks whether a mounted directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_mounted_dir_empty() {
local dir="${1:?missing directory}"
if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then
true
else
false
fi
}
########################
# Checks whether a file can be written to or not
# arguments:
# $1 - file
# returns:
# boolean
#########################
is_file_writable() {
local file="${1:?missing file}"
local dir
dir="$(dirname "$file")"
if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then
true
else
false
fi
}
########################
# Relativize a path
# arguments:
# $1 - path
# $2 - base
# returns:
# None
#########################
relativize() {
local -r path="${1:?missing path}"
local -r base="${2:?missing base}"
pushd "$base" >/dev/null || exit
realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||'
popd >/dev/null || exit
}
########################
# Configure permisions and ownership recursively
# Globals:
# None
# Arguments:
# $1 - paths (as a string).
# Flags:
# -f|--file-mode - mode for directories.
# -d|--dir-mode - mode for files.
# -u|--user - user
# -g|--group - group
# Returns:
# None
#########################
configure_permissions_ownership() {
local -r paths="${1:?paths is missing}"
local dir_mode=""
local file_mode=""
local user=""
local group=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-f | --file-mode)
shift
file_mode="${1:?missing mode for files}"
;;
-d | --dir-mode)
shift
dir_mode="${1:?missing mode for directories}"
;;
-u | --user)
shift
user="${1:?missing user}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a filepaths <<<"$paths"
for p in "${filepaths[@]}"; do
if [[ -e "$p" ]]; then
find -L "$p" -printf ""
if [[ -n $dir_mode ]]; then
find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
fi
if [[ -n $file_mode ]]; then
find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
fi
if [[ -n $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}"
elif [[ -n $user ]] && [[ -z $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}"
elif [[ -z $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chgrp "${group}"
fi
else
stderr_print "$p does not exist"
fi
done
}

18
7/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh
Unescape View File

@ -0,0 +1,18 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library to use for scripts expected to be used as Kubernetes lifecycle hooks
# shellcheck disable=SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
# Override functions that log to stdout/stderr of the current process, so they print to process 1
for function_to_override in stderr_print debug_execute; do
# Output is sent to output of process 1 and thus end up in the container log
# The hook output in general isn't saved
eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2"
done

114
7/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh
Unescape View File

@ -0,0 +1,114 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for logging functions
# Constants
RESET='\033[0m'
RED='\033[38;5;1m'
GREEN='\033[38;5;2m'
YELLOW='\033[38;5;3m'
MAGENTA='\033[38;5;5m'
CYAN='\033[38;5;6m'
# Functions
########################
# Print to STDERR
# Arguments:
# Message to print
# Returns:
# None
#########################
stderr_print() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_QUIET:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
printf "%b\\n" "${*}" >&2
fi
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
log() {
stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}"
}
########################
# Log an 'info' message
# Arguments:
# Message to log
# Returns:
# None
#########################
info() {
log "${GREEN}INFO ${RESET} ==> ${*}"
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
warn() {
log "${YELLOW}WARN ${RESET} ==> ${*}"
}
########################
# Log an 'error' message
# Arguments:
# Message to log
# Returns:
# None
#########################
error() {
log "${RED}ERROR${RESET} ==> ${*}"
}
########################
# Log a 'debug' message
# Globals:
# BITNAMI_DEBUG
# Arguments:
# None
# Returns:
# None
#########################
debug() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_DEBUG:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
log "${MAGENTA}DEBUG${RESET} ==> ${*}"
fi
}
########################
# Indent a string
# Arguments:
# $1 - string
# $2 - number of indentation characters (default: 4)
# $3 - indentation character (default: " ")
# Returns:
# None
#########################
indent() {
local string="${1:-}"
local num="${2:?missing num}"
local char="${3:-" "}"
# Build the indentation unit string
local indent_unit=""
for ((i = 0; i < num; i++)); do
indent_unit="${indent_unit}${char}"
done
# shellcheck disable=SC2001
# Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions
echo "$string" | sed "s/^/${indent_unit}/"
}

171
7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh
Unescape View File

@ -0,0 +1,171 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for network functions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Resolve IP address for a host/domain (i.e. DNS lookup)
# Arguments:
# $1 - Hostname to resolve
# $2 - IP address version (v4, v6), leave empty for resolving to any version
# Returns:
# IP
#########################
dns_lookup() {
local host="${1:?host is missing}"
local ip_version="${2:-}"
getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1
}
#########################
# Wait for a hostname and return the IP
# Arguments:
# $1 - hostname
# $2 - number of retries
# $3 - seconds to wait between retries
# Returns:
# - IP address that corresponds to the hostname
#########################
wait_for_dns_lookup() {
local hostname="${1:?hostname is missing}"
local retries="${2:-5}"
local seconds="${3:-1}"
check_host() {
if [[ $(dns_lookup "$hostname") == "" ]]; then
false
else
true
fi
}
# Wait for the host to be ready
retry_while "check_host ${hostname}" "$retries" "$seconds"
dns_lookup "$hostname"
}
########################
# Get machine's IP
# Arguments:
# None
# Returns:
# Machine IP
#########################
get_machine_ip() {
local -a ip_addresses
local hostname
hostname="$(hostname)"
read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)"
if [[ "${#ip_addresses[@]}" -gt 1 ]]; then
warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}"
elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then
error "Could not find any IP address associated to hostname ${hostname}"
exit 1
fi
# Check if the first IP address is IPv6 to add brackets
if validate_ipv6 "${ip_addresses[0]}" ; then
echo "[${ip_addresses[0]}]"
else
echo "${ip_addresses[0]}"
fi
}
########################
# Check if the provided argument is a resolved hostname
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_hostname_resolved() {
local -r host="${1:?missing value}"
if [[ -n "$(dns_lookup "$host")" ]]; then
true
else
false
fi
}
########################
# Parse URL
# Globals:
# None
# Arguments:
# $1 - uri - String
# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String
# Returns:
# String
parse_uri() {
local uri="${1:?uri is missing}"
local component="${2:?component is missing}"
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
# additional sub-expressions to split authority into userinfo, host and port
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
# || | ||| | | | | | | | | |
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
# | 4 authority
# 3 //...
local index=0
case "$component" in
scheme)
index=2
;;
authority)
index=4
;;
userinfo)
index=6
;;
host)
index=7
;;
port)
index=9
;;
path)
index=10
;;
query)
index=13
;;
fragment)
index=14
;;
*)
stderr_print "unrecognized component $component"
return 1
;;
esac
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
}
########################
# Wait for a HTTP connection to succeed
# Globals:
# *
# Arguments:
# $1 - URL to wait for
# $2 - Maximum amount of retries (optional)
# $3 - Time between retries (optional)
# Returns:
# true if the HTTP connection succeeded, false otherwise
#########################
wait_for_http_connection() {
local url="${1:?missing url}"
local retries="${2:-}"
local sleep_time="${3:-}"
if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then
error "Could not connect to ${url}"
return 1
fi
}

657
7/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh
Unescape View File

@ -0,0 +1,657 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for operating system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Check if an user exists in the system
# Arguments:
# $1 - user
# Returns:
# Boolean
#########################
user_exists() {
local user="${1:?user is missing}"
id "$user" >/dev/null 2>&1
}
########################
# Check if a group exists in the system
# Arguments:
# $1 - group
# Returns:
# Boolean
#########################
group_exists() {
local group="${1:?group is missing}"
getent group "$group" >/dev/null 2>&1
}
########################
# Create a group in the system if it does not exist already
# Arguments:
# $1 - group
# Flags:
# -i|--gid - the ID for the new group
# -s|--system - Whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_group_exists() {
local group="${1:?group is missing}"
local gid=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --gid)
shift
gid="${1:?missing gid}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! group_exists "$group"; then
local -a args=("$group")
if [[ -n "$gid" ]]; then
if group_exists "$gid"; then
error "The GID $gid is already in use." >&2
return 1
fi
args+=("--gid" "$gid")
fi
$is_system_user && args+=("--system")
groupadd "${args[@]}" >/dev/null 2>&1
fi
}
########################
# Create an user in the system if it does not exist already
# Arguments:
# $1 - user
# Flags:
# -i|--uid - the ID for the new user
# -g|--group - the group the new user should belong to
# -a|--append-groups - comma-separated list of supplemental groups to append to the new user
# -h|--home - the home directory for the new user
# -s|--system - whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_user_exists() {
local user="${1:?user is missing}"
local uid=""
local group=""
local append_groups=""
local home=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --uid)
shift
uid="${1:?missing uid}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
-a | --append-groups)
shift
append_groups="${1:?missing append_groups}"
;;
-h | --home)
shift
home="${1:?missing home directory}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! user_exists "$user"; then
local -a user_args=("-N" "$user")
if [[ -n "$uid" ]]; then
if user_exists "$uid"; then
error "The UID $uid is already in use."
return 1
fi
user_args+=("--uid" "$uid")
else
$is_system_user && user_args+=("--system")
fi
useradd "${user_args[@]}" >/dev/null 2>&1
fi
if [[ -n "$group" ]]; then
local -a group_args=("$group")
$is_system_user && group_args+=("--system")
ensure_group_exists "${group_args[@]}"
usermod -g "$group" "$user" >/dev/null 2>&1
fi
if [[ -n "$append_groups" ]]; then
local -a groups
read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")"
for group in "${groups[@]}"; do
ensure_group_exists "$group"
usermod -aG "$group" "$user" >/dev/null 2>&1
done
fi
if [[ -n "$home" ]]; then
mkdir -p "$home"
usermod -d "$home" "$user" >/dev/null 2>&1
configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
fi
}
########################
# Check if the script is currently running as root
# Arguments:
# $1 - user
# $2 - group
# Returns:
# Boolean
#########################
am_i_root() {
if [[ "$(id -u)" = "0" ]]; then
true
else
false
fi
}
########################
# Print OS metadata
# Arguments:
# $1 - Flag name
# Flags:
# --id - Distro ID
# --version - Distro version
# --branch - Distro branch
# --codename - Distro codename
# --name - Distro name
# --pretty-name - Distro pretty name
# Returns:
# String
#########################
get_os_metadata() {
local -r flag_name="${1:?missing flag}"
# Helper function
get_os_release_metadata() {
local -r env_name="${1:?missing environment variable name}"
(
. /etc/os-release
echo "${!env_name}"
)
}
case "$flag_name" in
--id)
get_os_release_metadata ID
;;
--version)
get_os_release_metadata VERSION_ID
;;
--branch)
get_os_release_metadata VERSION_ID | sed 's/\..*//'
;;
--codename)
get_os_release_metadata VERSION_CODENAME
;;
--name)
get_os_release_metadata NAME
;;
--pretty-name)
get_os_release_metadata PRETTY_NAME
;;
*)
error "Unknown flag ${flag_name}"
return 1
;;
esac
}
########################
# Get total memory available
# Arguments:
# None
# Returns:
# Memory in bytes
#########################
get_total_memory() {
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# None
# Flags:
# --memory - memory size (optional)
# Returns:
# Detected instance size
#########################
get_machine_size() {
local memory=""
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
--memory)
shift
memory="${1:?missing memory}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if [[ -z "$memory" ]]; then
debug "Memory was not specified, detecting available memory automatically"
memory="$(get_total_memory)"
fi
sanitized_memory=$(convert_to_mb "$memory")
if [[ "$sanitized_memory" -gt 26000 ]]; then
echo 2xlarge
elif [[ "$sanitized_memory" -gt 13000 ]]; then
echo xlarge
elif [[ "$sanitized_memory" -gt 6000 ]]; then
echo large
elif [[ "$sanitized_memory" -gt 3000 ]]; then
echo medium
elif [[ "$sanitized_memory" -gt 1500 ]]; then
echo small
else
echo micro
fi
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# $1 - memory size (optional)
# Returns:
# Detected instance size
#########################
get_supported_machine_sizes() {
echo micro small medium large xlarge 2xlarge
}
########################
# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048)
# Globals:
# None
# Arguments:
# $1 - memory size
# Returns:
# Result of the conversion
#########################
convert_to_mb() {
local amount="${1:-}"
if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then
size="${BASH_REMATCH[1]}"
unit="${BASH_REMATCH[2]}"
if [[ "$unit" = "g" || "$unit" = "G" ]]; then
amount="$((size * 1024))"
else
amount="$size"
fi
fi
echo "$amount"
}
#########################
# Redirects output to /dev/null if debug mode is disabled
# Globals:
# BITNAMI_DEBUG
# Arguments:
# $@ - Command to execute
# Returns:
# None
#########################
debug_execute() {
if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then
"$@"
else
"$@" >/dev/null 2>&1
fi
}
########################
# Retries a command a given number of times
# Arguments:
# $1 - cmd (as a string)
# $2 - max retries. Default: 12
# $3 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
retry_while() {
local cmd="${1:?cmd is missing}"
local retries="${2:-12}"
local sleep_time="${3:-5}"
local return_value=1
read -r -a command <<<"$cmd"
for ((i = 1; i <= retries; i += 1)); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
########################
# Generate a random string
# Arguments:
# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii
# -c|--count - Number of characters, defaults to 32
# Arguments:
# None
# Returns:
# None
# Returns:
# String
#########################
generate_random_string() {
local type="ascii"
local count="32"
local filter
local result
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
-t | --type)
shift
type="$1"
;;
-c | --count)
shift
count="$1"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Validate type
case "$type" in
ascii)
filter="[:print:]"
;;
numeric)
filter="0-9"
;;
alphanumeric)
filter="a-zA-Z0-9"
;;
alphanumeric+special|special+alphanumeric)
# Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
# Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
filter='a-zA-Z0-9:@.,/+!='
;;
*)
echo "Invalid type ${type}" >&2
return 1
;;
esac
# Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size
# Note there is a very small chance of strings starting with EOL character
# Therefore, the higher amount of lines read, this will happen less frequently
result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")"
echo "$result"
}
########################
# Create md5 hash from a string
# Arguments:
# $1 - string
# Returns:
# md5 hash - string
#########################
generate_md5_hash() {
local -r str="${1:?missing input string}"
echo -n "$str" | md5sum | awk '{print $1}'
}
########################
# Create sha1 hash from a string
# Arguments:
# $1 - string
# $2 - algorithm - 1 (default), 224, 256, 384, 512
# Returns:
# sha1 hash - string
#########################
generate_sha_hash() {
local -r str="${1:?missing input string}"
local -r algorithm="${2:-1}"
echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}'
}
########################
# Converts a string to its hexadecimal representation
# Arguments:
# $1 - string
# Returns:
# hexadecimal representation of the string
#########################
convert_to_hex() {
local -r str=${1:?missing input string}
local -i iterator
local char
for ((iterator = 0; iterator < ${#str}; iterator++)); do
char=${str:iterator:1}
printf '%x' "'${char}"
done
}
########################
# Get boot time
# Globals:
# None
# Arguments:
# None
# Returns:
# Boot time metadata
#########################
get_boot_time() {
stat /proc --format=%Y
}
########################
# Get machine ID
# Globals:
# None
# Arguments:
# None
# Returns:
# Machine ID
#########################
get_machine_id() {
local machine_id
if [[ -f /etc/machine-id ]]; then
machine_id="$(cat /etc/machine-id)"
fi
if [[ -z "$machine_id" ]]; then
# Fallback to the boot-time, which will at least ensure a unique ID in the current session
machine_id="$(get_boot_time)"
fi
echo "$machine_id"
}
########################
# Get the root partition's disk device ID (e.g. /dev/sda1)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root partition disk ID
#########################
get_disk_device_id() {
local device_id=""
if grep -q ^/dev /proc/mounts; then
device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
fi
# If it could not be autodetected, fallback to /dev/sda1 as a default
if [[ -z "$device_id" || ! -b "$device_id" ]]; then
device_id="/dev/sda1"
fi
echo "$device_id"
}
########################
# Get the root disk device ID (e.g. /dev/sda)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk ID
#########################
get_root_disk_device_id() {
get_disk_device_id | sed -E 's/p?[0-9]+$//'
}
########################
# Get the root disk size in bytes
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk size in bytes
#########################
get_root_disk_size() {
fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
}
########################
# Run command as a specific user and group (optional)
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
run_as_user() {
run_chroot "$@"
}
########################
# Execute command as a specific user and group (optional),
# replacing the current process image
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
exec_as_user() {
run_chroot --replace-process "$@"
}
########################
# Run a command using chroot
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Flags:
# -r | --replace-process - Replace the current process image (optional)
# Returns:
# Exit code of the specified command
#########################
run_chroot() {
local userspec
local user
local homedir
local replace=false
local -r cwd="$(pwd)"
# Parse and validate flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-r | --replace-process)
replace=true
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
# Parse and validate arguments
if [[ "$#" -lt 2 ]]; then
echo "expected at least 2 arguments"
return 1
else
userspec=$1
shift
# userspec can optionally include the group, so we parse the user
user=$(echo "$userspec" | cut -d':' -f1)
fi
if ! am_i_root; then
error "Could not switch to '${userspec}': Operation not permitted"
return 1
fi
# Get the HOME directory for the user to switch, as chroot does
# not properly update this env and some scripts rely on it
homedir=$(eval echo "~${user}")
if [[ ! -d $homedir ]]; then
homedir="${HOME:-/}"
fi
# Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
if [[ "$replace" = true ]]; then
exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
else
chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
fi
}

124
7/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh
Unescape View File

@ -0,0 +1,124 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami persistence library
# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libversion.sh
# Functions
########################
# Persist an application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# $2 - List of app files to persist
# Returns:
# true if all steps succeeded, false otherwise
#########################
persist_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Persist the individual files
if [[ "${#files_to_persist[@]}" -le 0 ]]; then
warn "No files are configured to be persisted"
return
fi
pushd "$install_dir" >/dev/null || exit
local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder
local -r tmp_file="/tmp/perms.acl"
for file_to_persist in "${files_to_persist[@]}"; do
if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then
error "Cannot persist '${file_to_persist}' because it does not exist"
return 1
fi
file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")"
file_to_persist_destination="${persist_dir}/${file_to_persist_relative}"
file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
# Get original permissions for existing files, which will be applied later
# Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume
getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file"
# Copy directories to the volume
ensure_dir_exists "$file_to_persist_destination_folder"
cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder"
# Restore permissions
pushd "$persist_dir" >/dev/null || exit
if am_i_root; then
setfacl --restore="$tmp_file"
else
# When running as non-root, don't change ownership
setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
fi
popd >/dev/null || exit
done
popd >/dev/null || exit
rm -f "$tmp_file"
# Install the persisted files into the installation directory, via symlinks
restore_persisted_app "$@"
}
########################
# Restore a persisted application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# FORCE_MAJOR_UPGRADE
# Arguments:
# $1 - App folder name
# $2 - List of app files to restore
# Returns:
# true if all steps succeeded, false otherwise
#########################
restore_persisted_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Restore the individual persisted files
if [[ "${#files_to_restore[@]}" -le 0 ]]; then
warn "No persisted files are configured to be restored"
return
fi
local file_to_restore_relative file_to_restore_origin file_to_restore_destination
for file_to_restore in "${files_to_restore[@]}"; do
file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")"
# We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed
file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")"
file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")"
rm -rf "$file_to_restore_origin"
ln -sfn "$file_to_restore_destination" "$file_to_restore_origin"
done
}
########################
# Check if an application directory was already persisted
# Globals:
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# Returns:
# true if all steps succeeded, false otherwise
#########################
is_app_initialized() {
local -r app="${1:?missing app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
if ! is_mounted_dir_empty "$persist_dir"; then
true
else
false
fi
}

496
7/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh
Unescape View File

@ -0,0 +1,496 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing services
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Read the provided pid file and returns a PID
# Arguments:
# $1 - Pid file
# Returns:
# PID
#########################
get_pid_from_file() {
local pid_file="${1:?pid file is missing}"
if [[ -f "$pid_file" ]]; then
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
echo "$(< "$pid_file")"
fi
fi
}
########################
# Check if a provided PID corresponds to a running service
# Arguments:
# $1 - PID
# Returns:
# Boolean
#########################
is_service_running() {
local pid="${1:?pid is missing}"
kill -0 "$pid" 2>/dev/null
}
########################
# Stop a service by sending a termination signal to its pid
# Arguments:
# $1 - Pid file
# $2 - Signal number (optional)
# Returns:
# None
#########################
stop_service_using_pid() {
local pid_file="${1:?pid file is missing}"
local signal="${2:-}"
local pid
pid="$(get_pid_from_file "$pid_file")"
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
if [[ -n "$signal" ]]; then
kill "-${signal}" "$pid"
else
kill "$pid"
fi
local counter=10
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
sleep 1
counter=$((counter - 1))
done
}
########################
# Start cron daemon
# Arguments:
# None
# Returns:
# true if started correctly, false otherwise
#########################
cron_start() {
if [[ -x "/usr/sbin/cron" ]]; then
/usr/sbin/cron
elif [[ -x "/usr/sbin/crond" ]]; then
/usr/sbin/crond
else
false
fi
}
########################
# Generate a cron configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Command
# Flags:
# --run-as - User to run as (default: root)
# --schedule - Cron schedule configuration (default: * * * * *)
# Returns:
# None
#########################
generate_cron_conf() {
local service_name="${1:?service name is missing}"
local cmd="${2:?command is missing}"
local run_as="root"
local schedule="* * * * *"
local clean="true"
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--run-as)
shift
run_as="$1"
;;
--schedule)
shift
schedule="$1"
;;
--no-clean)
clean="false"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p /etc/cron.d
if "$clean"; then
cat > "/etc/cron.d/${service_name}" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${schedule} ${run_as} ${cmd}
EOF
else
echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name"
fi
}
########################
# Remove a cron configuration file for a given service
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_cron_conf() {
local service_name="${1:?service name is missing}"
local cron_conf_dir="/etc/monit/conf.d"
rm -f "${cron_conf_dir}/${service_name}"
}
########################
# Generate a monit configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Pid file
# $3 - Start command
# $4 - Stop command
# Flags:
# --disable - Whether to disable the monit configuration
# Returns:
# None
#########################
generate_monit_conf() {
local service_name="${1:?service name is missing}"
local pid_file="${2:?pid file is missing}"
local start_command="${3:?start command is missing}"
local stop_command="${4:?stop command is missing}"
local monit_conf_dir="/etc/monit/conf.d"
local disabled="no"
# Parse optional CLI flags
shift 4
while [[ "$#" -gt 0 ]]; do
case "$1" in
--disable)
disabled="yes"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
is_boolean_yes "$disabled" && conf_suffix=".disabled"
mkdir -p "$monit_conf_dir"
cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
check process ${service_name}
with pidfile "${pid_file}"
start program = "${start_command}" with timeout 90 seconds
stop program = "${stop_command}" with timeout 90 seconds
EOF
}
########################
# Remove a monit configuration file for a given service
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_monit_conf() {
local service_name="${1:?service name is missing}"
local monit_conf_dir="/etc/monit/conf.d"
rm -f "${monit_conf_dir}/${service_name}.conf"
}
########################
# Generate a logrotate configuration file
# Arguments:
# $1 - Service name
# $2 - Log files pattern
# Flags:
# --period - Period
# --rotations - Number of rotations to store
# --extra - Extra options (Optional)
# Returns:
# None
#########################
generate_logrotate_conf() {
local service_name="${1:?service name is missing}"
local log_path="${2:?log path is missing}"
local period="weekly"
local rotations="150"
local extra=""
local logrotate_conf_dir="/etc/logrotate.d"
local var_name
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--period|--rotations|--extra)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p "$logrotate_conf_dir"
cat <<EOF | sed '/^\s*$/d' > "${logrotate_conf_dir}/${service_name}"
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${log_path} {
${period}
rotate ${rotations}
dateext
compress
copytruncate
missingok
$(indent "$extra" 2)
}
EOF
}
########################
# Remove a logrotate configuration file
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_logrotate_conf() {
local service_name="${1:?service name is missing}"
local logrotate_conf_dir="/etc/logrotate.d"
rm -f "${logrotate_conf_dir}/${service_name}"
}
########################
# Generate a Systemd configuration file
# Arguments:
# $1 - Service name
# Flags:
# --custom-service-content - Custom content to add to the [service] block
# --environment - Environment variable to define (multiple --environment options may be passed)
# --environment-file - Text file with environment variables (multiple --environment-file options may be passed)
# --exec-start - Start command (required)
# --exec-start-pre - Pre-start command (optional)
# --exec-start-post - Post-start command (optional)
# --exec-stop - Stop command (optional)
# --exec-reload - Reload command (optional)
# --group - System group to start the service with
# --name - Service full name (e.g. Apache HTTP Server, defaults to $1)
# --restart - When to restart the Systemd service after being stopped (defaults to always)
# --pid-file - Service PID file
# --standard-output - File where to print stdout output
# --standard-error - File where to print stderr output
# --success-exit-status - Exit code that indicates a successful shutdown
# --type - Systemd unit type (defaults to forking)
# --user - System user to start the service with
# --working-directory - Working directory at which to start the service
# Returns:
# None
#########################
generate_systemd_conf() {
local -r service_name="${1:?service name is missing}"
local -r systemd_units_dir="/etc/systemd/system"
local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service"
# Default values
local name="$service_name"
local type="forking"
local user=""
local group=""
local environment=""
local environment_file=""
local exec_start=""
local exec_start_pre=""
local exec_start_post=""
local exec_stop=""
local exec_reload=""
local restart="always"
local pid_file=""
local standard_output="journal"
local standard_error=""
local limits_content=""
local success_exit_status=""
local custom_service_content=""
local working_directory=""
# Parse CLI flags
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--name \
| --type \
| --user \
| --group \
| --exec-start \
| --exec-stop \
| --exec-reload \
| --restart \
| --pid-file \
| --standard-output \
| --standard-error \
| --success-exit-status \
| --custom-service-content \
| --working-directory \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"${var_name} value is missing"}"
;;
--limit-*)
[[ -n "$limits_content" ]] && limits_content+=$'\n'
var_name="${1//--limit-}"
shift
limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}"
;;
--exec-start-pre)
shift
[[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n'
exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}"
;;
--exec-start-post)
shift
[[ -n "$exec_start_post" ]] && exec_start_post+=$'\n'
exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}"
;;
--environment)
shift
# It is possible to add multiple environment lines
[[ -n "$environment" ]] && environment+=$'\n'
environment+="Environment=${1:?"--environment value is missing"}"
;;
--environment-file)
shift
# It is possible to add multiple environment-file lines
[[ -n "$environment_file" ]] && environment_file+=$'\n'
environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
# Validate inputs
local error="no"
if [[ -z "$exec_start" ]]; then
error "The --exec-start option is required"
error="yes"
fi
if [[ "$error" != "no" ]]; then
return 1
fi
# Generate the Systemd unit
cat > "$service_file" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
[Unit]
Description=Bitnami service for ${name}
# Starting/stopping the main bitnami service should cause the same effect for this service
PartOf=bitnami.service
[Service]
Type=${type}
EOF
if [[ -n "$working_directory" ]]; then
cat >> "$service_file" <<< "WorkingDirectory=${working_directory}"
fi
if [[ -n "$exec_start_pre" ]]; then
# This variable may contain multiple ExecStartPre= directives
cat >> "$service_file" <<< "$exec_start_pre"
fi
if [[ -n "$exec_start" ]]; then
cat >> "$service_file" <<< "ExecStart=${exec_start}"
fi
if [[ -n "$exec_start_post" ]]; then
# This variable may contain multiple ExecStartPost= directives
cat >> "$service_file" <<< "$exec_start_post"
fi
# Optional stop and reload commands
if [[ -n "$exec_stop" ]]; then
cat >> "$service_file" <<< "ExecStop=${exec_stop}"
fi
if [[ -n "$exec_reload" ]]; then
cat >> "$service_file" <<< "ExecReload=${exec_reload}"
fi
# User and group
if [[ -n "$user" ]]; then
cat >> "$service_file" <<< "User=${user}"
fi
if [[ -n "$group" ]]; then
cat >> "$service_file" <<< "Group=${group}"
fi
# PID file allows to determine if the main process is running properly (for Restart=always)
if [[ -n "$pid_file" ]]; then
cat >> "$service_file" <<< "PIDFile=${pid_file}"
fi
if [[ -n "$restart" ]]; then
cat >> "$service_file" <<< "Restart=${restart}"
fi
# Environment flags
if [[ -n "$environment" ]]; then
# This variable may contain multiple Environment= directives
cat >> "$service_file" <<< "$environment"
fi
if [[ -n "$environment_file" ]]; then
# This variable may contain multiple EnvironmentFile= directives
cat >> "$service_file" <<< "$environment_file"
fi
# Logging
if [[ -n "$standard_output" ]]; then
cat >> "$service_file" <<< "StandardOutput=${standard_output}"
fi
if [[ -n "$standard_error" ]]; then
cat >> "$service_file" <<< "StandardError=${standard_error}"
fi
if [[ -n "$custom_service_content" ]]; then
# This variable may contain multiple miscellaneous directives
cat >> "$service_file" <<< "$custom_service_content"
fi
if [[ -n "$success_exit_status" ]]; then
cat >> "$service_file" <<EOF
# When the process receives a SIGTERM signal, it exits with code ${success_exit_status}
SuccessExitStatus=${success_exit_status}
EOF
fi
cat >> "$service_file" <<EOF
# Optimizations
TimeoutStartSec=2min
TimeoutStopSec=30s
IgnoreSIGPIPE=no
KillMode=mixed
EOF
if [[ -n "$limits_content" ]]; then
cat >> "$service_file" <<EOF
# Limits
${limits_content}
EOF
fi
cat >> "$service_file" <<EOF
[Install]
# Enabling/disabling the main bitnami service should cause the same effect for this service
WantedBy=bitnami.service
EOF
}

304
7/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh
Unescape View File

@ -0,0 +1,304 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Validation functions library
# shellcheck disable=SC1091,SC2086
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Check if the provided argument is an integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_int() {
local -r int="${1:?missing value}"
if [[ "$int" =~ ^-?[0-9]+ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a positive integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_positive_int() {
local -r int="${1:?missing value}"
if is_int "$int" && (( "${int}" >= 0 )); then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean or is the string 'yes/true'
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_boolean_yes() {
local -r bool="${1:-}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean yes/no value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_yes_no_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(yes|no)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean true/false value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_true_false_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(true|false)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean 1/0 value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_1_0_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^[10]$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is an empty string or not defined
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_empty_value() {
local -r val="${1:-}"
if [[ -z "$val" ]]; then
true
else
false
fi
}
########################
# Validate if the provided argument is a valid port
# Arguments:
# $1 - Port to validate
# Returns:
# Boolean and error message
#########################
validate_port() {
local value
local unprivileged=0
# Parse flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-unprivileged)
unprivileged=1
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [[ "$#" -gt 1 ]]; then
echo "too many arguments provided"
return 2
elif [[ "$#" -eq 0 ]]; then
stderr_print "missing port argument"
return 1
else
value=$1
fi
if [[ -z "$value" ]]; then
echo "the value is empty"
return 1
else
if ! is_int "$value"; then
echo "value is not an integer"
return 2
elif [[ "$value" -lt 0 ]]; then
echo "negative value provided"
return 2
elif [[ "$value" -gt 65535 ]]; then
echo "requested port is greater than 65535"
return 2
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
echo "privileged port requested"
return 3
fi
fi
}
########################
# Validate if the provided argument is a valid IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv6() {
local ip="${1:?ip is missing}"
local stat=1
local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$'
local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$'
if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then
stat=0
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv4() {
local ip="${1:?ip is missing}"
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
stat=$?
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 or IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ip() {
local ip="${1:?ip is missing}"
local stat=1
if validate_ipv4 "$ip"; then
stat=0
else
stat=$(validate_ipv6 "$ip")
fi
return $stat
}
########################
# Validate a string format
# Arguments:
# $1 - String to validate
# Returns:
# Boolean
#########################
validate_string() {
local string
local min_length=-1
local max_length=-1
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
-min-length)
shift
min_length=${1:-}
;;
-max-length)
shift
max_length=${1:-}
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [ "$#" -gt 1 ]; then
stderr_print "too many arguments provided"
return 2
elif [ "$#" -eq 0 ]; then
stderr_print "missing string"
return 1
else
string=$1
fi
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
echo "string length is less than $min_length"
return 1
fi
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
echo "string length is great than $max_length"
return 1
fi
}

51
7/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh
Unescape View File

@ -0,0 +1,51 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing versions strings
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Gets semantic version
# Arguments:
# $1 - version: string to extract major.minor.patch
# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch
# Returns:
# array with the major, minor and release
#########################
get_sematic_version () {
local version="${1:?version is required}"
local section="${2:?section is required}"
local -a version_sections
#Regex to parse versions: x.y.z
local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?'
if [[ "$version" =~ $regex ]]; then
local i=1
local j=1
local n=${#BASH_REMATCH[*]}
while [[ $i -lt $n ]]; do
if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then
version_sections[j]="${BASH_REMATCH[$i]}"
((j++))
fi
((i++))
done
local number_regex='^[0-9]+$'
if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then
echo "${version_sections[$section]}"
return
else
stderr_print "Section allowed values are: 1, 2, and 3"
return 1
fi
fi
}

476
7/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh
Unescape View File

@ -0,0 +1,476 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami web server handler library
# shellcheck disable=SC1090,SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
########################
# Execute a command (or list of commands) with the web server environment and library loaded
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_execute() {
local -r web_server="${1:?missing web server}"
shift
# Run program in sub-shell to avoid web server environment getting loaded when not necessary
(
. "/opt/bitnami/scripts/lib${web_server}.sh"
. "/opt/bitnami/scripts/${web_server}-env.sh"
"$@"
)
}
########################
# Prints the list of enabled web servers
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_list() {
local -r -a supported_web_servers=(apache nginx)
local -a existing_web_servers=()
for web_server in "${supported_web_servers[@]}"; do
[[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server")
done
echo "${existing_web_servers[@]:-}"
}
########################
# Prints the currently-enabled web server type (only one, in order of preference)
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_type() {
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
echo "${web_servers[0]:-}"
}
########################
# Validate that a supported web server is configured
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_validate() {
local error_code=0
local supported_web_servers=("apache" "nginx")
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then
print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}"
elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then
print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable."
fi
return "$error_code"
}
########################
# Check whether the web server is running
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the web server is running, false otherwise
#########################
is_web_server_running() {
"is_$(web_server_type)_running"
}
########################
# Start web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_start() {
info "Starting $(web_server_type) in background"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl start "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh"
fi
}
########################
# Stop web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_stop() {
info "Stopping $(web_server_type)"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl stop "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh"
fi
}
########################
# Restart web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_restart() {
info "Restarting $(web_server_type)"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl restart "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh"
fi
}
########################
# Reload web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_reload() {
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl reload "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh"
fi
}
########################
# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on which configuration template to use
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --disable - Whether to render server configurations with a .disabled prefix
# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix
# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix
# --http-port - HTTP port number
# --https-port - HTTPS port number
# --document-root - Path to document root directory
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default)
# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default)
# --apache-before-vhost-configuration - Configuration to add before the <VirtualHost> directive (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-proxy-address - Address where to proxy requests
# --apache-proxy-configuration - Extra configuration for the proxy
# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost
# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# --nginx-external-configuration - Configuration external to server block (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_app_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--disable \
| --disable-http \
| --disable-https \
)
apache_args+=("$1")
nginx_args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --type \
| --allow-remote-connections \
| --http-port \
| --https-port \
| --document-root \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-additional-http-configuration \
| --apache-additional-https-configuration \
| --apache-before-vhost-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-proxy-address \
| --apache-proxy-configuration \
| --apache-proxy-http-configuration \
| --apache-proxy-https-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "${2:?missing value}")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration \
| --nginx-external-configuration)
nginx_args+=("${1//nginx-/}" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Returns:
# true if the configuration was disabled, false otherwise
########################
ensure_web_server_app_configuration_not_exists() {
local app="${1:?missing app}"
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app"
done
}
########################
# Ensure the web server loads the configuration for an application in a URL prefix
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --document-root - Path to document root directory
# --prefix - URL prefix from where it will be accessible (i.e. /myapp)
# --type - Application type, which has an effect on what configuration template will be used
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no')
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_prefix_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--allow-remote-connections \
| --document-root \
| --prefix \
| --type \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "$2")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration)
nginx_args+=("${1//nginx-/}" "$2")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --enable-http - Enable HTTP app configuration (if not enabled already)
# --enable-https - Enable HTTPS app configuration (if not enabled already)
# --disable-http - Disable HTTP app configuration (if not disabled already)
# --disable-https - Disable HTTPS app configuration (if not disabled already)
# --http-port - HTTP port number
# --https-port - HTTPS port number
# Returns:
# true if the configuration was updated, false otherwise
########################
web_server_update_app_configuration() {
local app="${1:?missing app}"
shift
local -a args web_servers
args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--enable-http \
| --enable-https \
| --disable-http \
| --disable-https \
)
args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --http-port \
| --https-port \
)
args+=("$1" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}"
done
}
########################
# Enable loading page, which shows users that the initialization process is not yet completed
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_enable_loading_page() {
ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \
--apache-additional-configuration "
# Show a HTTP 503 Service Unavailable page by default
RedirectMatch 503 ^/$
# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes
ErrorDocument 404 /index.html
ErrorDocument 503 /index.html" \
--nginx-additional-configuration "
# Show a HTTP 503 Service Unavailable page by default
location / {
return 503;
}
# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes
error_page 404 @installing;
error_page 503 @installing;
location @installing {
rewrite ^(.*)$ /index.html break;
}"
web_server_reload
}
########################
# Enable loading page, which shows users that the initialization process is not yet completed
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_disable_install_page() {
ensure_web_server_app_configuration_not_exists "__loading"
web_server_reload
}

27
7/debian-12/prebuildfs/usr/sbin/install_packages
Unescape View File

@ -0,0 +1,27 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get update -qq &&
apt-get install -y --no-install-recommends "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

24
7/debian-12/prebuildfs/usr/sbin/run-script
Unescape View File

@ -0,0 +1,24 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -u
if [ $# -eq 0 ]; then
>&2 echo "No arguments provided"
exit 1
fi
script=$1
exit_code="${2:-96}"
fail_if_not_present="${3:-n}"
if test -f "$script"; then
sh $script
if [ $? -ne 0 ]; then
exit $((exit_code))
fi
elif [ "$fail_if_not_present" = "y" ]; then
>&2 echo "script not found: $script"
exit 127
fi

5
7/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf
Unescape View File

@ -0,0 +1,5 @@
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
AddOutputFilterByType DEFLATE application/rss+xml
</IfModule>

7
7/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf
Unescape View File

@ -0,0 +1,7 @@
<VirtualHost 127.0.0.1:80>
ServerName status.localhost
<Location /server-status>
Require local
SetHandler server-status
</Location>
</VirtualHost>

81
7/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh
Unescape View File

@ -0,0 +1,81 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for apache
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-apache}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
apache_env_vars=(
APACHE_HTTP_PORT_NUMBER
APACHE_HTTPS_PORT_NUMBER
APACHE_SERVER_TOKENS
APACHE_HTTP_PORT
APACHE_HTTPS_PORT
)
for env_var in "${apache_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset apache_env_vars
export WEB_SERVER_TYPE="apache"
# Paths
export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache"
export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin"
export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf"
export APACHE_DEFAULT_CONF_DIR="${APACHE_BASE_DIR}/conf.default"
export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs"
export APACHE_TMP_DIR="${APACHE_BASE_DIR}/var/run"
export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs"
export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts"
export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess"
export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf"
export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid"
export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}"
# System users (when running with a privileged user)
export APACHE_DAEMON_USER="daemon"
export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER"
export APACHE_DAEMON_GROUP="daemon"
export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP"
export WEB_SERVER_GROUP="$APACHE_DAEMON_GROUP"
# Apache configuration
export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080"
export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER" # only used at build time
export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443"
export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER" # only used at build time
APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-"${APACHE_HTTP_PORT:-}"}"
export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}"
export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER"
APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-"${APACHE_HTTPS_PORT:-}"}"
export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}"
export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER"
export APACHE_SERVER_TOKENS="${APACHE_SERVER_TOKENS:-Prod}"
# Custom environment variables may be defined below

43
7/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh
Unescape View File

@ -0,0 +1,43 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libversion.sh
. /opt/bitnami/scripts/libapache.sh
# Load Apache environment
. /opt/bitnami/scripts/apache-env.sh
. /opt/bitnami/scripts/php-env.sh
# Enable required Apache modules
apache_enable_module "mpm_prefork_module"
php_version="$("${PHP_BIN_DIR}/php" -v | grep ^PHP | cut -d' ' -f2))"
php_major_version="$(get_sematic_version "$php_version" 1)"
if [[ "$php_major_version" -eq "8" ]]; then
apache_enable_module "php_module" "modules/libphp.so"
else
apache_enable_module "php${php_major_version}_module" "modules/libphp${php_major_version}.so"
fi
# Disable incompatible Apache modules
apache_disable_module "mpm_event_module"
# Write Apache configuration
apache_php_conf_file="${APACHE_CONF_DIR}/bitnami/php.conf"
cat > "$apache_php_conf_file" <<EOF
AddType application/x-httpd-php .php
DirectoryIndex index.html index.htm index.php
EOF
ensure_apache_configuration_exists "Include \"${apache_php_conf_file}\""
# Copy all initially generated configuration files to the default directory
# (this is to avoid breaking when entrypoint is being overridden)
cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR"

7
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-http-vhost.conf.tpl
Unescape View File

@ -0,0 +1,7 @@
{{http_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{http_listen_addresses}}>
{{server_name_configuration}}
{{additional_http_configuration}}
{{additional_configuration}}
</VirtualHost>

10
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl
Unescape View File

@ -0,0 +1,10 @@
{{https_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{https_listen_addresses}}>
{{server_name_configuration}}
SSLEngine on
SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt"
SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key"
{{additional_https_configuration}}
{{additional_configuration}}
</VirtualHost>

1
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl
Unescape View File

@ -0,0 +1 @@
{{additional_configuration}}

15
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl
Unescape View File

@ -0,0 +1,15 @@
{{http_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{http_listen_addresses}}>
{{server_name_configuration}}
DocumentRoot {{document_root}}
<Directory "{{document_root}}">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride {{allow_override}}
{{acl_configuration}}
{{extra_directory_configuration}}
</Directory>
{{additional_http_configuration}}
{{additional_configuration}}
{{htaccess_include}}
</VirtualHost>

18
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl
Unescape View File

@ -0,0 +1,18 @@
{{https_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{https_listen_addresses}}>
{{server_name_configuration}}
SSLEngine on
SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt"
SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key"
DocumentRoot {{document_root}}
<Directory "{{document_root}}">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride {{allow_override}}
{{acl_configuration}}
{{extra_directory_configuration}}
</Directory>
{{additional_https_configuration}}
{{additional_configuration}}
{{htaccess_include}}
</VirtualHost>

9
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl
Unescape View File

@ -0,0 +1,9 @@
{{prefix_conf}}
<Directory "{{document_root}}">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride {{allow_override}}
{{acl_configuration}}
{{extra_directory_configuration}}
</Directory>
{{additional_configuration}}
{{htaccess_include}}

11
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl
Unescape View File

@ -0,0 +1,11 @@
{{http_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{http_listen_addresses}}>
{{server_name_configuration}}
{{proxy_configuration}}
{{proxy_http_configuration}}
ProxyPass / {{proxy_address}}
ProxyPassReverse / {{proxy_address}}
{{additional_http_configuration}}
{{additional_configuration}}
</VirtualHost>

14
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl
Unescape View File

@ -0,0 +1,14 @@
{{https_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{https_listen_addresses}}>
{{server_name_configuration}}
SSLEngine on
SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt"
SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key"
{{proxy_configuration}}
{{proxy_https_configuration}}
ProxyPass / {{proxy_address}}
ProxyPassReverse / {{proxy_address}}
{{additional_https_configuration}}
{{additional_configuration}}
</VirtualHost>

11
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl
Unescape View File

@ -0,0 +1,11 @@
{{prefix_conf}}
<Directory "{{document_root}}">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride {{allow_override}}
{{acl_configuration}}
{{proxy_configuration}}
ProxyPass / {{proxy_address}}
ProxyPassReverse / {{proxy_address}}
{{extra_directory_configuration}}
</Directory>
{{additional_configuration}}

16
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl
Unescape View File

@ -0,0 +1,16 @@
{{http_listen_configuration}}
{{before_vhost_configuration}}
PassengerPreStart http://localhost:{{http_port}}/
<VirtualHost {{http_listen_addresses}}>
{{server_name_configuration}}
DocumentRoot {{document_root}}
<Directory "{{document_root}}">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride {{allow_override}}
{{acl_configuration}}
PassengerEnabled on
{{extra_directory_configuration}}
</Directory>
{{additional_http_configuration}}
{{additional_configuration}}
</VirtualHost>

19
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl
Unescape View File

@ -0,0 +1,19 @@
{{https_listen_configuration}}
{{before_vhost_configuration}}
PassengerPreStart https://localhost:{{https_port}}/
<VirtualHost {{https_listen_addresses}}>
{{server_name_configuration}}
SSLEngine on
SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt"
SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key"
DocumentRoot {{document_root}}
<Directory "{{document_root}}">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride {{allow_override}}
{{acl_configuration}}
PassengerEnabled on
{{extra_directory_configuration}}
</Directory>
{{additional_https_configuration}}
{{additional_configuration}}
</VirtualHost>

9
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl
Unescape View File

@ -0,0 +1,9 @@
{{prefix_conf}}
<Directory "{{document_root}}">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride {{allow_override}}
{{acl_configuration}}
PassengerEnabled on
{{extra_directory_configuration}}
</Directory>
{{additional_configuration}}

29
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl
Unescape View File

@ -0,0 +1,29 @@
# Default SSL Virtual Host configuration.
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:{{APACHE_LOGS_DIR}}/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "{{APACHE_BASE_DIR}}/htdocs"
SSLEngine on
SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt"
SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key"
<Directory "{{APACHE_BASE_DIR}}/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Error Documents
ErrorDocument 503 /503.html
</VirtualHost>

17
7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl
Unescape View File

@ -0,0 +1,17 @@
# Default Virtual Host configuration.
# Let Apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto https HTTPS=on
<VirtualHost _default_:80>
DocumentRoot "{{APACHE_BASE_DIR}}/htdocs"
<Directory "{{APACHE_BASE_DIR}}/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Error Documents
ErrorDocument 503 /503.html
</VirtualHost>

35
7/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh
Unescape View File

@ -0,0 +1,35 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
#set -o xtrace
# Load libraries
. /opt/bitnami/scripts/libapache.sh
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
# Load Apache environment
. /opt/bitnami/scripts/apache-env.sh
print_welcome_page
# We add the copy from default config in the entrypoint to not break users
# bypassing the setup.sh logic. If the file already exists do not overwrite (in
# case someone mounts a configuration file in /opt/bitnami/apache/conf)
debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR"
cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR"
if [[ "$*" == *"/opt/bitnami/scripts/apache/run.sh"* ]]; then
info "** Starting Apache setup **"
/opt/bitnami/scripts/apache/setup.sh
info "** Apache setup finished! **"
fi
echo ""
exec "$@"

131
7/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh
Unescape View File

@ -0,0 +1,131 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libapache.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/liblog.sh
########################
# Sets up the default Bitnami configuration
# Globals:
# APACHE_*
# Arguments:
# None
# Returns:
# None
#########################
apache_setup_bitnami_config() {
local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates"
# Enable Apache modules
local -a modules_to_enable=(
"deflate_module"
"negotiation_module"
"proxy[^\s]*_module"
"rewrite_module"
"slotmem_shm_module"
"socache_shmcb_module"
"ssl_module"
"status_module"
"version_module"
)
for module in "${modules_to_enable[@]}"; do
apache_enable_module "$module"
done
# Disable Apache modules
local -a modules_to_disable=(
"http2_module"
"proxy_hcheck_module"
"proxy_html_module"
"proxy_http2_module"
)
for module in "${modules_to_disable[@]}"; do
apache_disable_module "$module"
done
# Bitnami customizations
ensure_dir_exists "${APACHE_CONF_DIR}/bitnami"
render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf"
render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf"
# Add new configuration only once, to avoid a second postunpack run breaking Apache
local apache_conf_add
apache_conf_add="$(cat <<EOF
Include "${APACHE_CONF_DIR}/extra/httpd-default.conf"
PidFile "${APACHE_PID_FILE}"
TraceEnable Off
ServerTokens ${APACHE_SERVER_TOKENS}
Include "${APACHE_CONF_DIR}/deflate.conf"
IncludeOptional "${APACHE_VHOSTS_DIR}/*.conf"
Include "${APACHE_CONF_DIR}/bitnami/bitnami.conf"
EOF
)"
ensure_apache_configuration_exists "$apache_conf_add" "${APACHE_CONF_DIR}/bitnami/bitnami.conf"
# Configure the default ports since the container is non root by default
apache_configure_http_port "$APACHE_DEFAULT_HTTP_PORT_NUMBER"
apache_configure_https_port "$APACHE_DEFAULT_HTTPS_PORT_NUMBER"
# Patch the HTTPoxy vulnerability - see: https://docs.bitnami.com/general/security/security-2016-07-18/
apache_patch_httpoxy_vulnerability
# Remove unnecessary directories that come with the tarball
rm -rf "${BITNAMI_ROOT_DIR}/certs" "${BITNAMI_ROOT_DIR}/conf"
}
########################
# Patches the HTTPoxy vulnerability - see: https://docs.bitnami.com/general/security/security-2016-07-18/
# Globals:
# APACHE_CONF_FILE
# Arguments:
# None
# Returns:
# None
#########################
apache_patch_httpoxy_vulnerability() {
# Apache HTTPD includes the HTTPoxy fix since 2016, so we only add it if not present
if ! grep -q "RequestHeader unset Proxy" "$APACHE_CONF_FILE"; then
cat >>"$APACHE_CONF_FILE" <<EOF
<IfModule mod_headers.c>
RequestHeader unset Proxy
</IfModule>
EOF
fi
}
# Load Apache environment
. /opt/bitnami/scripts/apache-env.sh
apache_setup_bitnami_config
# Ensure non-root user has write permissions on a set of directories
for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do
ensure_dir_exists "$dir"
chmod -R g+rwX "$dir"
done
# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides
ln -sf apache "${BITNAMI_ROOT_DIR}/apache2"
ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log"
ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log"
# This file is necessary for avoiding the error
# "unable to write random state"
# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean
touch /.rnd && chmod g+rw /.rnd
# Copy all initially generated configuration files to the default directory
# (this is to avoid breaking when entrypoint is being overridden)
cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR"

20
7/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh
Unescape View File

@ -0,0 +1,20 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libapache.sh
. /opt/bitnami/scripts/liblog.sh
# Load Apache environment
. /opt/bitnami/scripts/apache-env.sh
info "** Reloading Apache configuration **"
exec "${APACHE_BIN_DIR}/apachectl" -k graceful

19
7/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh
Unescape View File

@ -0,0 +1,19 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libapache.sh
# Load Apache environment variables
. /opt/bitnami/scripts/apache-env.sh
/opt/bitnami/scripts/apache/stop.sh
/opt/bitnami/scripts/apache/start.sh

20
7/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh
Unescape View File

@ -0,0 +1,20 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libapache.sh
. /opt/bitnami/scripts/liblog.sh
# Load Apache environment
. /opt/bitnami/scripts/apache-env.sh
info "** Starting Apache **"
exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND"

98
7/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh
Unescape View File

@ -0,0 +1,98 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libapache.sh
# Load Apache environment
. /opt/bitnami/scripts/apache-env.sh
# Ensure Apache environment variables are valid
apache_validate
# Ensure Apache daemon user exists when running as 'root'
am_i_root && ensure_user_exists "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP"
if ! is_dir_empty "$APACHE_DEFAULT_CONF_DIR"; then
# We add the copy from default config in the initialize function for web applications
# that make use of the Apache setup.sh script
debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR"
cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR"
fi
# Generate SSL certs (without a passphrase)
ensure_dir_exists "${APACHE_CONF_DIR}/bitnami/certs"
if [[ ! -f "${APACHE_CONF_DIR}/bitnami/certs/server.crt" ]]; then
info "Generating sample certificates"
SSL_KEY_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.key"
SSL_CERT_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.crt"
SSL_CSR_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.csr"
SSL_SUBJ="/CN=example.com"
SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1"
rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE"
openssl genrsa -out "$SSL_KEY_FILE" 4096
# OpenSSL version 1.0.x does not use the same parameters as OpenSSL >= 1.1.x
if [[ "$(openssl version | grep -oE "[0-9]+\.[0-9]+")" == "1.0" ]]; then
openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ"
else
openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT"
fi
openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT")
rm -f "$SSL_CSR_FILE"
fi
# Load SSL configuration
if [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]] && [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then
ensure_apache_configuration_exists "Include \"${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf\"" "bitnami-ssl\.conf" "${APACHE_CONF_DIR}/bitnami/bitnami.conf"
fi
# Copy vhosts files
if ! is_dir_empty "/vhosts"; then
info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'"
cp -Lr "/vhosts/." "${APACHE_VHOSTS_DIR}"
fi
# Mount certificate files
if ! is_dir_empty "${APACHE_BASE_DIR}/certs"; then
warn "The directory '${APACHE_BASE_DIR}/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#using-custom-ssl-certificates"
warn "Restoring certificates at '${APACHE_BASE_DIR}/certs' to '${APACHE_CONF_DIR}/bitnami/certs'"
rm -rf "${APACHE_CONF_DIR}/bitnami/certs"
ln -sf "${APACHE_BASE_DIR}/certs" "${APACHE_CONF_DIR}/bitnami/certs"
elif ! is_dir_empty "/certs"; then
info "Mounting certificates files from '/certs'"
rm -rf "${APACHE_CONF_DIR}/bitnami/certs"
ln -sf "/certs" "${APACHE_CONF_DIR}/bitnami/certs"
fi
# Mount application files
if ! is_dir_empty "/app"; then
info "Mounting application files from '/app'"
rm -rf "$APACHE_HTDOCS_DIR"
ln -sf "/app" "$APACHE_HTDOCS_DIR"
fi
# Restore persisted configuration files (deprecated)
if ! is_dir_empty "/bitnami/apache/conf"; then
warn "The directory '/bitnami/apache/conf' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '${APACHE_CONF_DIR}' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#full-configuration"
warn "Restoring configuration at '/bitnami/apache/conf' to '${APACHE_CONF_DIR}'"
rm -rf "$APACHE_CONF_DIR"
ln -sf "/bitnami/apache/conf" "$APACHE_CONF_DIR"
fi
# Update ports in configuration
[[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && info "Configuring the HTTP port" && apache_configure_http_port "$APACHE_HTTP_PORT_NUMBER"
[[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && info "Configuring the HTTPS port" && apache_configure_https_port "$APACHE_HTTPS_PORT_NUMBER"
# Configure ServerTokens with user values
[[ -n "$APACHE_SERVER_TOKENS" ]] && info "Configuring Apache ServerTokens directive" && apache_configure_server_tokens "$APACHE_SERVER_TOKENS"
# Fix logging issue when running as root
! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)"

34
7/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh
Unescape View File

@ -0,0 +1,34 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libapache.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
# Load Apache environment variables
. /opt/bitnami/scripts/apache-env.sh
error_code=0
if is_apache_not_running; then
"${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE"
if ! retry_while "is_apache_running"; then
error "apache did not start"
error_code=1
else
info "apache started"
fi
else
info "apache is already running"
fi
exit "$error_code"

23
7/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh
Unescape View File

@ -0,0 +1,23 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libapache.sh
. /opt/bitnami/scripts/liblog.sh
# Load Apache environment variables
. /opt/bitnami/scripts/apache-env.sh
if is_apache_running; then
info "apache is already running"
else
info "apache is not running"
fi

34
7/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh
Unescape View File

@ -0,0 +1,34 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libapache.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
# Load Apache environment variables
. /opt/bitnami/scripts/apache-env.sh
error_code=0
if is_apache_running; then
BITNAMI_QUIET=1 apache_stop
if ! retry_while "is_apache_not_running"; then
error "apache could not be stopped"
error_code=1
else
info "apache stopped"
fi
else
info "apache is not running"
fi
exit "$error_code"

808
7/debian-12/rootfs/opt/bitnami/scripts/libapache.sh
Unescape View File

@ -0,0 +1,808 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami Apache library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libservice.sh
########################
# Validate settings in APACHE_* env vars
# Globals:
# APACHE_*
# Arguments:
# None
# Returns:
# None
#########################
apache_validate() {
debug "Validating settings in APACHE_* environment variables"
local error_code=0
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
check_allowed_port() {
local port_var="${1:?missing port variable}"
local -a validate_port_args=()
! am_i_root && validate_port_args+=("-unprivileged")
validate_port_args+=("${!port_var}")
if ! err=$(validate_port "${validate_port_args[@]}"); then
print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
fi
}
[[ -w "$APACHE_CONF_FILE" ]] || warn "The Apache configuration file '${APACHE_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied."
if [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]]; then
if [[ "$APACHE_HTTP_PORT_NUMBER" -eq "$APACHE_HTTPS_PORT_NUMBER" ]]; then
print_validation_error "APACHE_HTTP_PORT_NUMBER and APACHE_HTTPS_PORT_NUMBER are bound to the same port!"
fi
fi
[[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTP_PORT_NUMBER
[[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTPS_PORT_NUMBER
[[ "$error_code" -eq 0 ]] || exit "$error_code"
}
########################
# Configure Apache's HTTP port
# Globals:
# APACHE_CONF_FILE, APACHE_CONF_DIR
# Arguments:
# None
# Returns:
# None
#########################
apache_configure_http_port() {
local -r port=${1:?missing port}
local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|"
local -r server_name_exp="s|^\s*#?\s*ServerName\s+([^:\s]+)(:[0-9]+)?$|ServerName \1:${port}|"
local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|"
local apache_configuration
if [[ -w "$APACHE_CONF_FILE" ]]; then
debug "Configuring port ${port} on file ${APACHE_CONF_FILE}"
apache_configuration="$(sed -E -e "$listen_exp" -e "$server_name_exp" "$APACHE_CONF_FILE")"
echo "$apache_configuration" > "$APACHE_CONF_FILE"
fi
if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]]; then
debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami.conf"
apache_configuration="$(sed -E "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami.conf")"
echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf"
fi
if [[ -w "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" ]]; then
debug "Configuring port ${port} on file ${APACHE_VHOSTS_DIR}/00_status-vhost.conf"
apache_configuration="$(sed -E "$vhost_exp" "${APACHE_VHOSTS_DIR}/00_status-vhost.conf")"
echo "$apache_configuration" > "${APACHE_VHOSTS_DIR}/00_status-vhost.conf"
fi
}
########################
# Configure Apache's HTTPS port
# Globals:
# APACHE_CONF_DIR
# Arguments:
# None
# Returns:
# None
#########################
apache_configure_https_port() {
local -r port=${1:?missing port}
local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|"
local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|"
local apache_configuration
if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then
debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf"
apache_configuration="$(sed -E -e "$listen_exp" -e "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf")"
echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf"
fi
}
########################
# Configure Apache's ServerTokens directive
# Globals:
# APACHE_CONF_DIR
# Arguments:
# $1 - Value for ServerTokens directive
# Returns:
# None
#########################
apache_configure_server_tokens() {
local -r value=${1:?missing value}
local -r server_tokens_exp="s|^\s*ServerTokens\s+\w+\s*$|ServerTokens ${value}|"
local apache_configuration
if [[ -w "$APACHE_CONF_FILE" ]]; then
debug "Configuring ServerTokens ${value} on file ${APACHE_CONF_FILE}"
apache_configuration="$(sed -E -e "$server_tokens_exp" "$APACHE_CONF_FILE")"
echo "$apache_configuration" > "$APACHE_CONF_FILE"
fi
}
########################
# Enable a module in the Apache configuration file
# Globals:
# APACHE_CONF_FILE
# Arguments:
# $1 - Module to enable
# $2 - Path to module .so file (optional if already defined in httpd.conf)
# Returns:
# None
#########################
apache_enable_module() {
local -r name="${1:?missing name}"
local -r file="${2:-}"
local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$"
local apache_configuration
if [[ -w "$APACHE_CONF_FILE" ]]; then
debug "Enabling module '${name}'"
if grep -q -E "$regex" "$APACHE_CONF_FILE"; then
# Uncomment line if the module was already defined
replace_in_file "$APACHE_CONF_FILE" "$regex" "\1"
elif [[ -n "$file" ]]; then
# Add right after the last LoadModule, so all Apache modules are organized in the same section of the file
append_file_after_last_match "$APACHE_CONF_FILE" "^[#\s]*LoadModule" "LoadModule ${name} ${file}"
else
error "Module ${name} was not defined in ${APACHE_CONF_FILE}. Please specify the 'file' parameter for 'apache_enable_module'."
fi
fi
}
########################
# Disable a module in the Apache configuration file
# Globals:
# APACHE_CONF_FILE
# Arguments:
# $1 - Module to disable
# Returns:
# None
#########################
apache_disable_module() {
local -r name="${1:?missing name}"
local -r file="${2:-}"
local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$"
local apache_configuration
if [[ -w "$APACHE_CONF_FILE" ]]; then
debug "Disabling module '${name}'"
replace_in_file "$APACHE_CONF_FILE" "$regex" "#\1"
fi
}
########################
# Stop Apache
# Globals:
# APACHE_*
# Arguments:
# None
# Returns:
# None
#########################
apache_stop() {
is_apache_not_running && return
stop_service_using_pid "$APACHE_PID_FILE"
}
########################
# Check if Apache is running
# Globals:
# APACHE_PID_FILE
# Arguments:
# None
# Returns:
# Whether Apache is running
########################
is_apache_running() {
local pid
pid="$(get_pid_from_file "$APACHE_PID_FILE")"
if [[ -n "$pid" ]]; then
is_service_running "$pid"
else
false
fi
}
########################
# Check if Apache is running
# Globals:
# APACHE_PID_FILE
# Arguments:
# None
# Returns:
# Whether Apache is not running
########################
is_apache_not_running() {
! is_apache_running
}
########################
# Ensure configuration gets added to the main Apache configuration file
# Globals:
# APACHE_*
# Arguments:
# $1 - configuration string
# $2 - pattern to use for checking if the configuration already exists (default: $1)
# $3 - Apache configuration file (default: $APACHE_CONF_FILE)
# Returns:
# None
########################
ensure_apache_configuration_exists() {
local -r conf="${1:?conf missing}"
local -r pattern="${2:-"$conf"}"
local -r conf_file="${3:-"$APACHE_CONF_FILE"}"
# Enable configuration by appending to httpd.conf
if ! grep -E -q "$pattern" "$conf_file"; then
if is_file_writable "$conf_file"; then
cat >> "$conf_file" <<< "$conf"
else
error "Could not add the following configuration to '${conf_file}:"
error ""
error "$(indent "$conf" 4)"
error ""
error "Include the configuration manually and try again."
return 1
fi
fi
}
########################
# Collect all the .htaccess files from /opt/bitnami/$name and write the result in the 'htaccess' directory
# Globals:
# APACHE_*
# Arguments:
# $1 - App name
# $2 - Overwrite the original .htaccess with the explanation text (defaults to 'yes')
# Flags:
# --document-root - Path to document root directory
# Returns:
# None
########################
apache_replace_htaccess_files() {
local -r app="${1:?missing app}"
local -r result_file="${APACHE_HTACCESS_DIR}/${app}-htaccess.conf"
# Default options
local document_root="${BITNAMI_ROOT_DIR}/${app}"
local overwrite="yes"
local -a htaccess_files
local htaccess_dir
local htaccess_contents
# Validate arguments
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--document-root)
shift
document_root="$1"
;;
--overwrite)
shift
overwrite="$1"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
if is_file_writable "$result_file"; then
# Locate all .htaccess files inside the document root
read -r -a htaccess_files <<< "$(find "$document_root" -name .htaccess -print0 | xargs -0)"
[[ "${#htaccess_files[@]}" = 0 ]] && return
# Create file with root group write privileges, so it can be modified in non-root containers
[[ ! -f "$result_file" ]] && touch "$result_file" && chmod g+rw "$result_file"
for htaccess_file in "${htaccess_files[@]}"; do
htaccess_dir="$(dirname "$htaccess_file")"
htaccess_contents="$(indent "$(< "$htaccess_file")" 2)"
# Skip if it was already included to the resulting htaccess file
if grep -q "^<Directory \"$htaccess_dir\">" <<< "$htaccess_contents"; then
continue
fi
# Add to the htaccess file
cat >> "$result_file" <<EOF
<Directory "${htaccess_dir}">
${htaccess_contents}
</Directory>
EOF
# Overwrite the original .htaccess with the explanation text
if is_boolean_yes "$overwrite"; then
echo "# This configuration has been moved to the ${result_file} config file for performance and security reasons" > "$htaccess_file"
fi
done
elif [[ ! -f "$result_file" ]]; then
error "Could not create htaccess for ${app} at '${result_file}'. Check permissions and ownership for parent directories."
return 1
else
warn "The ${app} htaccess file '${result_file}' is not writable. Configurations based on environment variables will not be applied for this file."
return
fi
}
########################
# Ensure an Apache application configuration exists (in virtual host format)
# Globals:
# APACHE_*
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty)
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases (defaults to '*')
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --disable - Whether to render the app's virtual hosts with a .disabled prefix
# --disable-http - Whether to render the app's HTTP virtual host with a .disabled prefix
# --disable-https - Whether to render the app's HTTPS virtual host with a .disabled prefix
# --http-port - HTTP port number
# --https-port - HTTPS port number
# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# --additional-configuration - Additional vhost configuration (no default)
# --additional-http-configuration - Additional HTTP vhost configuration (no default)
# --additional-https-configuration - Additional HTTPS vhost configuration (no default)
# --before-vhost-configuration - Configuration to add before the <VirtualHost> directive (no default)
# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --document-root - Path to document root directory
# --extra-directory-configuration - Extra configuration for the document root directory
# --proxy-address - Address where to proxy requests
# --proxy-configuration - Extra configuration for the proxy
# --proxy-http-configuration - Extra configuration for the proxy HTTP vhost
# --proxy-https-configuration - Extra configuration for the proxy HTTPS vhost
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_apache_app_configuration_exists() {
local -r app="${1:?missing app}"
# Default options
local type=""
local -a hosts=("127.0.0.1" "_default_")
local server_name="www.example.com" # Default ServerName in httpd.conf
local -a server_aliases=("*")
local allow_remote_connections="yes"
local disable="no"
local disable_http="no"
local disable_https="no"
local move_htaccess="yes"
# Template variables defaults
export additional_configuration=""
export additional_http_configuration=""
export additional_https_configuration=""
export before_vhost_configuration=""
export allow_override="All"
export document_root="${BITNAMI_ROOT_DIR}/${app}"
export extra_directory_configuration=""
export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}"
export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}"
export http_port="$default_http_port"
export https_port="$default_https_port"
export proxy_address=""
export proxy_configuration=""
export proxy_http_configuration=""
export proxy_https_configuration=""
# Validate arguments
local var_name
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--hosts \
| --server-aliases)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
read -r -a "${var_name?}" <<< "$1"
;;
--disable \
| --disable-http \
| --disable-https \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
export "${var_name}=yes"
;;
--type \
| --server-name \
| --allow-remote-connections \
| --http-port \
| --https-port \
| --move-htaccess \
| --additional-configuration \
| --additional-http-configuration \
| --additional-https-configuration \
| --before-vhost-configuration \
| --allow-override \
| --document-root \
| --extra-directory-configuration \
| --proxy-address \
| --proxy-configuration \
| --proxy-http-configuration \
| --proxy-https-configuration \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
export "${var_name}=${1}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Construct listen ports configuration (only to add when using non-standard ports)
export http_listen_configuration=""
export https_listen_configuration=""
[[ "$http_port" != "$default_http_port" ]] && http_listen_configuration="Listen ${http_port}"
[[ "$https_port" != "$default_https_port" ]] && https_listen_configuration="Listen ${https_port}"
# Construct host string in the format of "host1:port1[ host2:port2[ ...]]"
export http_listen_addresses=""
export https_listen_addresses=""
for host in "${hosts[@]}"; do
http_listen="${host}:${http_port}"
https_listen="${host}:${https_port}"
[[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}"
[[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}"
done
# Construct ServerName/ServerAlias block
export server_name_configuration=""
if ! is_empty_value "${server_name:-}"; then
server_name_configuration="ServerName ${server_name}"
fi
if [[ "${#server_aliases[@]}" -gt 0 ]]; then
server_name_configuration+=$'\n'"ServerAlias ${server_aliases[*]}"
fi
# App .htaccess support (only when type is not defined)
export htaccess_include
[[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root"
if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then
allow_override="None"
htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\""
else
# allow_override is already set to the expected value
htaccess_include=""
fi
# ACL configuration
export acl_configuration
if is_boolean_yes "$allow_remote_connections"; then
acl_configuration="Require all granted"
else
acl_configuration="$(cat <<EOF
Require local
ErrorDocument 403 "For security reasons, this URL is only accessible using localhost (127.0.0.1) as the hostname."
# AuthType Basic
# AuthName ${app}
# AuthUserFile "${APACHE_BASE_DIR}/users"
# Require valid-user
EOF
)"
fi
# Indent configurations
server_name_configuration="$(indent $'\n'"$server_name_configuration" 2)"
additional_configuration="$(indent $'\n'"$additional_configuration" 2)"
additional_http_configuration="$(indent $'\n'"$additional_http_configuration" 2)"
additional_https_configuration="$(indent $'\n'"$additional_https_configuration" 2)"
htaccess_include="$(indent $'\n'"$htaccess_include" 2)"
acl_configuration=""$(indent $'\n'"$acl_configuration" 4)
extra_directory_configuration="$(indent $'\n'"$extra_directory_configuration" 4)"
proxy_configuration="$(indent $'\n'"$proxy_configuration" 2)"
proxy_http_configuration="$(indent $'\n'"$proxy_http_configuration" 2)"
proxy_https_configuration="$(indent $'\n'"$proxy_https_configuration" 2)"
# Render templates
# We remove lines that are empty or contain only newspaces with 'sed', so the resulting file looks better
local template_name="app"
[[ -n "$type" && "$type" != "php" ]] && template_name="app-${type}"
local -r template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates"
local http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf"
local https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf"
local -r disable_suffix=".disabled"
( is_boolean_yes "$disable" || is_boolean_yes "$disable_http" ) && http_vhost+="$disable_suffix"
( is_boolean_yes "$disable" || is_boolean_yes "$disable_https" ) && https_vhost+="$disable_suffix"
if is_file_writable "$http_vhost"; then
# Create file with root group write privileges, so it can be modified in non-root containers
[[ ! -f "$http_vhost" ]] && touch "$http_vhost" && chmod g+rw "$http_vhost"
render-template "${template_dir}/${template_name}-http-vhost.conf.tpl" | sed '/^\s*$/d' > "$http_vhost"
elif [[ ! -f "$http_vhost" ]]; then
error "Could not create virtual host for ${app} at '${http_vhost}'. Check permissions and ownership for parent directories."
return 1
else
warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file."
fi
if is_file_writable "$https_vhost"; then
# Create file with root group write privileges, so it can be modified in non-root containers
[[ ! -f "$https_vhost" ]] && touch "$https_vhost" && chmod g+rw "$https_vhost"
render-template "${template_dir}/${template_name}-https-vhost.conf.tpl" | sed '/^\s*$/d' > "$https_vhost"
elif [[ ! -f "$https_vhost" ]]; then
error "Could not create virtual host for ${app} at '${https_vhost}'. Check permissions and ownership for parent directories."
return 1
else
warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file."
fi
}
########################
# Ensure an Apache application configuration does not exist anymore (in virtual hosts format)
# Globals:
# *
# Arguments:
# $1 - App name
# Returns:
# true if the configuration was disabled, false otherwise
########################
ensure_apache_app_configuration_not_exists() {
local -r app="${1:?missing app}"
local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf"
local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf"
local -r disable_suffix=".disabled"
# Note that 'rm -f' will not fail if the files don't exist
# However if we lack permissions to remove the file, it will result in a non-zero exit code, as expected by this function
rm -f "$http_vhost" "$https_vhost" "${http_vhost}${disable_suffix}" "${https_vhost}${disable_suffix}"
}
########################
# Ensure Apache loads the configuration for an application in a URL prefix
# Globals:
# APACHE_*
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty)
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# --prefix - URL prefix from where it will be accessible (i.e. /myapp)
# --additional-configuration - Additional vhost configuration (no default)
# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --document-root - Path to document root directory
# --extra-directory-configuration - Extra configuration for the document root directory
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_apache_prefix_configuration_exists() {
local -r app="${1:?missing app}"
# Default options
local type=""
local allow_remote_connections="yes"
local move_htaccess="yes"
local prefix="/${app}"
# Template variables defaults
export additional_configuration=""
export allow_override="All"
export document_root="${BITNAMI_ROOT_DIR}/${app}"
export extra_directory_configuration=""
# Validate arguments
local var_name
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--type \
| --allow-remote-connections \
| --move-htaccess \
| --prefix \
| --additional-configuration \
| --allow-override \
| --document-root \
| --extra-directory-configuration \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "${var_name}=${1}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# App .htaccess support (only when type is not defined)
export htaccess_include
[[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root"
if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then
allow_override="None"
htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\""
else
# allow_override is already set to the expected value
htaccess_include=""
fi
# ACL configuration
export acl_configuration
if is_boolean_yes "$allow_remote_connections"; then
acl_configuration="Require all granted"
else
acl_configuration="$(cat <<EOF
Require local
ErrorDocument 403 "For security reasons, this URL is only accessible using localhost (127.0.0.1) as the hostname."
# AuthType Basic
# AuthName ${app}
# AuthUserFile "${APACHE_BASE_DIR}/users"
# Require valid-user
EOF
)"
fi
# Prefix configuration
export prefix_conf="Alias ${prefix} \"${document_root}\""
# Indent configurations
acl_configuration="$(indent $'\n'"$acl_configuration" 2)"
extra_directory_configuration="$(indent $'\n'"$extra_directory_configuration" 2)"
# Render templates
# We remove lines that are empty or contain only newspaces with 'sed', so the resulting file looks better
local template_name="app"
[[ -n "$type" && "$type" != "php" ]] && template_name="app-${type}"
local -r template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates"
local -r prefix_file="${APACHE_CONF_DIR}/bitnami/${app}.conf"
if is_file_writable "$prefix_file"; then
# Create file with root group write privileges, so it can be modified in non-root containers
[[ ! -f "$prefix_file" ]] && touch "$prefix_file" && chmod g+rw "$prefix_file"
render-template "${template_dir}/${template_name}-prefix.conf.tpl" | sed '/^\s*$/d' > "$prefix_file"
ensure_apache_configuration_exists "Include \"$prefix_file\""
elif [[ ! -f "$prefix_file" ]]; then
error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories."
return 1
else
warn "The ${app} web server configuration file '${prefix_file}' is not writable. Configurations based on environment variables will not be applied for this file."
fi
}
########################
# Ensure Apache application configuration is updated with the runtime configuration (i.e. ports)
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --enable-http - Enable HTTP app configuration (if not enabled already)
# --enable-https - Enable HTTPS app configuration (if not enabled already)
# --disable-http - Disable HTTP app configuration (if not disabled already)
# --disable-https - Disable HTTPS app configuration (if not disabled already)
# --http-port - HTTP port number
# --https-port - HTTPS port number
# Returns:
# true if the configuration was updated, false otherwise
########################
apache_update_app_configuration() {
local -r app="${1:?missing app}"
# Default options
local -a hosts=("127.0.0.1" "_default_")
local server_name="www.example.com" # Default ServerName in httpd.conf
local -a server_aliases=()
local enable_http="no"
local enable_https="no"
local disable_http="no"
local disable_https="no"
export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}"
export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}"
export http_port="$default_http_port"
export https_port="$default_https_port"
local var_name
# Validate arguments
local var_name
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--hosts \
| --server-aliases)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
read -r -a "${var_name?}" <<< "$1"
;;
# Common flags
--enable-http \
| --enable-https \
| --disable-http \
| --disable-https \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
declare "${var_name}=yes"
;;
--server-name \
| --http-port \
| --https-port \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "${var_name}=${1}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Construct host string in the format of "host1:port1[ host2:port2[ ...]]"
export http_listen_addresses=""
export https_listen_addresses=""
for host in "${hosts[@]}"; do
http_listen="${host}:${http_port}"
https_listen="${host}:${https_port}"
[[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}"
[[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}"
done
# Update configuration
local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf"
local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf"
local -r disable_suffix=".disabled"
# Helper function to avoid duplicating code
update_common_vhost_config() {
local -r vhost_file="${1:?missing virtual host}"
# Update ServerName
if ! is_empty_value "${server_name:-}"; then
replace_in_file "$vhost_file" "^(\s*ServerName\s+).*" "\1${server_name}"
fi
# Update ServerAlias
if [[ "${#server_aliases[@]}" -gt 0 ]]; then
replace_in_file "$vhost_file" "^(\s*ServerAlias\s+).*" "\1${server_aliases[*]}"
fi
}
# Disable and enable configuration files
rename_conf_file() {
local -r origin="$1"
local -r destination="$2"
if is_file_writable "$origin" && is_file_writable "$destination"; then
warn "Could not rename virtual host file '${origin}' to '${destination}' due to lack of permissions."
else
mv "$origin" "$destination"
fi
}
is_boolean_yes "$disable_http" && [[ -e "$http_vhost" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost"
is_boolean_yes "$disable_https" && [[ -e "$https_vhost" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost"
is_boolean_yes "$enable_http" && [[ -e "${http_vhost}${disable_suffix}" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost"
is_boolean_yes "$enable_https" && [[ -e "${https_vhost}${disable_suffix}" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost"
# Update only configuration files without the '.disabled' suffix
if [[ -e "$http_vhost" ]]; then
if is_file_writable "$http_vhost"; then
update_common_vhost_config "$http_vhost"
# Update vhost-specific config (listen port and addresses)
replace_in_file "$http_vhost" "^Listen .*" "Listen ${http_port}"
replace_in_file "$http_vhost" "^<VirtualHost\s.*>$" "<VirtualHost ${http_listen_addresses}>"
else
warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file."
fi
fi
if [[ -e "$https_vhost" ]]; then
if is_file_writable "$https_vhost"; then
update_common_vhost_config "$https_vhost"
# Update vhost-specific config (listen port and addresses)
replace_in_file "$https_vhost" "^Listen .*" "Listen ${https_port}"
replace_in_file "$https_vhost" "^<VirtualHost\s.*>$" "<VirtualHost ${https_listen_addresses}>"
else
warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file."
fi
fi
}
########################
# Create a password file for basic authentication and restrict its permissions
# Globals:
# *
# Arguments:
# $1 - file
# $2 - username
# $3 - password
# Returns:
# true if the configuration was updated, false otherwise
########################
apache_create_password_file() {
local -r file="${1:?missing file}"
local -r username="${2:?missing username}"
local -r password="${3:?missing password}"
"${APACHE_BIN_DIR}/htpasswd" -bc "$file" "$username" "$password"
am_i_root && configure_permissions_ownership "$file" --file-mode "600" --user "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP"
}

1048
7/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh
View File

File diff suppressed because it is too large Load Diff

265
7/debian-12/rootfs/opt/bitnami/scripts/libphp.sh
Unescape View File

@ -0,0 +1,265 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami PHP library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/libservice.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libwebserver.sh
########################
# Add or modify an entry in the main PHP configuration file (php.ini)
# Globals:
# PHP_CONF_FILE
# Arguments:
# $1 - Key
# $2 - Value
# $3 - File to modify (default: $PHP_CONF_FILE)
# Returns:
# None
#########################
php_conf_set() {
local -r key="${1:?key missing}"
local -r value="${2:?value missing}"
local -r file="${3:-"$PHP_CONF_FILE"}"
local pattern="^[; ]*${key}\s*=.*$"
if [[ "$key" = "extension" || "$key" = "zend_extension" ]]; then
# The "extension" property works a bit different for PHP, as there is one per module to be included, meaning it is additive unlike other configurations
# Because of that, we first check if the extension was defined in the file to replace the proper entry
pattern="^[; ]*${key}\s*=\s*[\"]?${value}(\.so)?[\"]?\s*$"
fi
local -r entry="${key} = ${value}"
if is_file_writable "$file"; then
# Not using the ini-file tool since it does not play well with php.ini
if grep -q -E "$pattern" "$file"; then
replace_in_file "$file" "$pattern" "$entry"
else
cat >> "$file" <<< "$entry"
fi
else
warn "The PHP configuration file '${file}' is not writable. The '${key}' option will not be configured."
fi
}
########################
# Ensure PHP is initialized
# Globals:
# PHP_*
# Arguments:
# None
# Returns:
# None
#########################
php_initialize() {
# Configure PHP options based on the runtime environment
info "Configuring PHP options"
if ! is_dir_empty "$PHP_DEFAULT_CONF_DIR"; then
# Copy default configuration to php configuration directory
cp -nr "$PHP_DEFAULT_CONF_DIR"/. "$PHP_CONF_DIR"
fi
php_set_runtime_config "$PHP_CONF_FILE"
# PHP-FPM configuration
! is_empty_value "$PHP_FPM_LISTEN_ADDRESS" && info "Setting PHP-FPM listen option" && php_conf_set "listen" "$PHP_FPM_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf"
# Avoid exit code of previous commands to affect the result of this function
true
}
########################
# Set PHP runtime options, based on user-provided environment variables
# Globals:
# PHP_*
# Arguments:
# None
# Returns:
# None
#########################
php_set_runtime_config() {
local -r conf_file="${1:?missing conf file}"
! is_empty_value "$PHP_DATE_TIMEZONE" && info "Setting PHP date.timezone option" && php_conf_set date.timezone "$PHP_DATE_TIMEZONE" "$conf_file"
! is_empty_value "$PHP_ENABLE_OPCACHE" && info "Setting PHP opcache.enable option" && php_conf_set opcache.enable "$PHP_ENABLE_OPCACHE" "$conf_file"
! is_empty_value "$PHP_EXPOSE_PHP" && info "Setting PHP expose_php option" && php_conf_set expose_php "$PHP_EXPOSE_PHP" "$conf_file"
! is_empty_value "$PHP_MAX_EXECUTION_TIME" && info "Setting PHP max_execution_time option" && php_conf_set max_execution_time "$PHP_MAX_EXECUTION_TIME" "$conf_file"
! is_empty_value "$PHP_MAX_INPUT_TIME" && info "Setting PHP max_input_time option" && php_conf_set max_input_time "$PHP_MAX_INPUT_TIME" "$conf_file"
! is_empty_value "$PHP_MAX_INPUT_VARS" && info "Setting PHP max_input_vars option" && php_conf_set max_input_vars "$PHP_MAX_INPUT_VARS" "$conf_file"
! is_empty_value "$PHP_MEMORY_LIMIT" && info "Setting PHP memory_limit option" && php_conf_set memory_limit "$PHP_MEMORY_LIMIT" "$conf_file"
! is_empty_value "$PHP_POST_MAX_SIZE" && info "Setting PHP post_max_size option" && php_conf_set post_max_size "$PHP_POST_MAX_SIZE" "$conf_file"
! is_empty_value "$PHP_UPLOAD_MAX_FILESIZE" && info "Setting PHP upload_max_filesize option" && php_conf_set upload_max_filesize "$PHP_UPLOAD_MAX_FILESIZE" "$conf_file"
! is_empty_value "$PHP_OUTPUT_BUFFERING" && info "Setting PHP output_buffering option" && php_conf_set output_buffering "$PHP_OUTPUT_BUFFERING" "$conf_file"
true
}
########################
# Convert a yes/no value to a PHP boolean
# Globals:
# None
# Arguments:
# $1 - yes/no value
# Returns:
# None
#########################
php_convert_to_boolean() {
local -r value="${1:?missing value}"
is_boolean_yes "$value" && echo "true" || echo "false"
}
########################
# Execute/run PHP code and print to stdout
# Globals:
# None
# Stdin:
# Code to execute
# Arguments:
# $1..$n - Input arguments to script
# Returns:
# None
#########################
php_execute_print_output() {
local php_cmd
# Obtain the command specified via stdin
php_cmd="$(</dev/stdin)"
debug "Executing PHP code:\n${php_cmd}"
php -- "$@" <<< "<?php ${php_cmd}"
}
########################
# Execute/run PHP code
# Globals:
# None
# Stdin:
# Code to execute
# Arguments:
# $1..$n - Input arguments to script
# Returns:
# None
#########################
php_execute() {
debug_execute php_execute_print_output "$@"
}
########################
# Execute/run PHP code and print to stdout
# Globals:
# None
# Stdin:
# Code to execute
# Arguments:
# $1..$n - Input arguments to script
# Returns:
# None
#########################
php_execute_print_output() {
local php_cmd
# Obtain the command specified via stdin
php_cmd="$(</dev/stdin)"
debug "Executing PHP code:\n${php_cmd}"
php -- "$@" <<< "<?php ${php_cmd}"
}
########################
# Execute/run PHP code
# Globals:
# None
# Stdin:
# Code to execute
# Arguments:
# $1..$n - Input arguments to script
# Returns:
# None
#########################
php_execute() {
debug_execute php_execute_print_output "$@"
}
########################
# Stop PHP-FPM
# Globals:
# PHP_FPM_PID_FILE
# Arguments:
# $1 - Signal (default: SIGTERM)
# Returns:
# None
#########################
php_fpm_stop() {
local -r signal="${1:-}"
is_php_fpm_not_running && return
stop_service_using_pid "$PHP_FPM_PID_FILE" "$signal"
}
########################
# Reload PHP-FPM configuration
# Globals:
# PHP_FPM_PID_FILE
# Arguments:
# None
# Returns:
# None
#########################
php_fpm_reload() {
php_fpm_stop "USR2"
}
########################
# Check if PHP-FPM is enabled for the current Bitnami installation
# Globals:
# None
# Arguments:
# None
# Returns:
# true if PHP-FPM is enabled, false otherwise
########################
is_php_fpm_enabled() {
if [[ "$(web_server_type)" = "apache" ]]; then
# If mod_php is enabled, then PHP-FPM is cannot be
if apachectl -M | grep -q -E "php[0-9]?_module"; then
false
else
true
fi
else
# Assume PHP-FPM is enabled with any other configuration (i.e. NGINX)
true
fi
}
########################
# Check if PHP-FPM is running
# Globals:
# PHP_FPM_PID_FILE
# Arguments:
# None
# Returns:
# true if PHP-FPM is running, false otherwise
########################
is_php_fpm_running() {
local pid
pid="$(get_pid_from_file "$PHP_FPM_PID_FILE")"
if [[ -n "$pid" ]]; then
is_service_running "$pid"
else
false
fi
}
########################
# Check if PHP-FPM is running
# Globals:
# PHP_FPM_PID_FILE
# Arguments:
# None
# Returns:
# true PHP-FPM is not running, false otherwise
########################
is_php_fpm_not_running() {
! is_php_fpm_running
}

477
7/debian-12/rootfs/opt/bitnami/scripts/libsuitecrm.sh
Unescape View File

@ -0,0 +1,477 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami SuiteCRM library
# shellcheck disable=SC1091
# Load generic libraries
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libpersistence.sh
. /opt/bitnami/scripts/libwebserver.sh
# Load database library
if [[ -f /opt/bitnami/scripts/libmysqlclient.sh ]]; then
. /opt/bitnami/scripts/libmysqlclient.sh
elif [[ -f /opt/bitnami/scripts/libmysql.sh ]]; then
. /opt/bitnami/scripts/libmysql.sh
elif [[ -f /opt/bitnami/scripts/libmariadb.sh ]]; then
. /opt/bitnami/scripts/libmariadb.sh
fi
# Rewrite env variables if SuiteCRM 7 is detected
if [[ ! -d "${SUITECRM_BASE_DIR}/public" ]]; then
export SUITECRM_CONF_FILE="${SUITECRM_BASE_DIR}/config.php"
export SUITECRM_SILENT_INSTALL_CONF_FILE="${SUITECRM_BASE_DIR}/config_si.php"
fi
########################
# Validate settings in SUITECRM_* env vars
# Globals:
# SUITECRM_*
# Arguments:
# None
# Returns:
# 0 if the validation succeeded, 1 otherwise
#########################
suitecrm_validate() {
debug "Validating settings in SUITECRM_* environment variables..."
local error_code=0
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
check_yes_no_value() {
if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then
print_validation_error "The allowed values for ${1} are: yes no"
fi
}
check_multi_value() {
if [[ " ${2} " != *" ${!1} "* ]]; then
print_validation_error "The allowed values for ${1} are: ${2}"
fi
}
check_true_false_value() {
if ! is_true_false_value "${!1}"; then
print_validation_error "The allowed values for $1 are [true, false]"
fi
}
check_valid_port() {
local port_var="${1:?missing port variable}"
local err
if ! err="$(validate_port "${!port_var}")"; then
print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
fi
}
# Validate user inputs
! is_empty_value "$SUITECRM_VALIDATE_USER_IP" && check_true_false_value "SUITECRM_VALIDATE_USER_IP"
check_yes_no_value "SUITECRM_ENABLE_HTTPS"
# Validate credentials
for empty_env_var in "SUITECRM_DATABASE_PASSWORD" "SUITECRM_PASSWORD"; do
is_empty_value "${!empty_env_var}" && print_validation_error "The ${empty_env_var} environment variable is empty or not set."
done
# Validate SMTP credentials
if ! is_empty_value "$SUITECRM_SMTP_HOST"; then
for empty_env_var in "SUITECRM_SMTP_USER" "SUITECRM_SMTP_PASSWORD"; do
is_empty_value "${!empty_env_var}" && warn "The ${empty_env_var} environment variable is empty or not set."
done
is_empty_value "$SUITECRM_SMTP_PORT_NUMBER" && print_validation_error "The SUITECRM_SMTP_PORT_NUMBER environment variable is empty or not set."
! is_empty_value "$SUITECRM_SMTP_PORT_NUMBER" && check_valid_port "SUITECRM_SMTP_PORT_NUMBER"
! is_empty_value "$SUITECRM_SMTP_PROTOCOL" && check_multi_value "SUITECRM_SMTP_PROTOCOL" "ssl tls"
fi
# Check that the web server is properly set up
web_server_validate || print_validation_error "Web server validation failed"
return "$error_code"
}
########################
# Ensure SuiteCRM is initialized
# Globals:
# SUITECRM_*
# Arguments:
# None
# Returns:
# None
#########################
suitecrm_initialize() {
# Check if SuiteCRM has already been initialized and persisted in a previous run
local db_host db_port db_name db_user db_pass
local -r app_name="suitecrm"
if ! is_app_initialized "$app_name"; then
# Ensure SuiteCRM persisted directories exist (i.e. when a volume has been mounted to /bitnami)
info "Ensuring SuiteCRM directories exist"
ensure_dir_exists "$SUITECRM_VOLUME_DIR"
# Use daemon:daemon ownership for compatibility when running as a non-root user
am_i_root && configure_permissions_ownership "$SUITECRM_VOLUME_DIR" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "$WEB_SERVER_DAEMON_GROUP"
info "Trying to connect to the database server"
db_host="$SUITECRM_DATABASE_HOST"
db_port="$SUITECRM_DATABASE_PORT_NUMBER"
db_name="$SUITECRM_DATABASE_NAME"
db_user="$SUITECRM_DATABASE_USER"
db_pass="$SUITECRM_DATABASE_PASSWORD"
suitecrm_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass"
local -r template_dir="${BITNAMI_ROOT_DIR}/scripts/suitecrm/bitnami-templates"
if ! is_boolean_yes "$SUITECRM_SKIP_BOOTSTRAP"; then
# If SuiteCRM 7, use legacy install wizard
if [[ ! -d "${SUITECRM_BASE_DIR}/public" ]]; then
# Render configuration file for silent install ('config_si.php')
(
export url_protocol=http
is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https
render-template "${template_dir}/config_si.php.tpl" > "$SUITECRM_SILENT_INSTALL_CONF_FILE"
)
web_server_start
suitecrm_7_pass_wizard
# Configure SMTP via application wizard
if ! is_empty_value "$SUITECRM_SMTP_HOST"; then
info "Configuring SMTP"
suitecrm_pass_smtp_wizard
fi
web_server_stop
# Delete configuration file for silent install as it's not needed anymore
rm "$SUITECRM_SILENT_INSTALL_CONF_FILE"
else
suitecrm_pass_wizard
# Configure SMTP via application wizard
if ! is_empty_value "$SUITECRM_SMTP_HOST"; then
web_server_start
info "Configuring SMTP"
suitecrm_pass_smtp_wizard
web_server_stop
fi
fi
else
info "An already initialized SuiteCRM database was provided, configuration will be skipped"
# A very basic 'config.php' will be generated with enough information for the application to be able to connect to the database
# Afterwards we will make use of the application's 'Rebuild Config File' functionality to create a complete configuration file
# Then we will be able to use the application's scripts to generate cache files, '.htaccess' and other required files
info "Generating SuiteCRM configuration file"
(
export db_host db_port db_name db_user db_pass
render-template "${template_dir}/config_db.php.tpl" > "$SUITECRM_CONF_FILE"
# Ensure the configuration file is writable by the web server
# Negate the condition to always return true and avoid causing exit code
! am_i_root || configure_permissions_ownership "$SUITECRM_CONF_FILE" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root"
)
suitecrm_rebuild_files
fi
info "Persisting SuiteCRM installation"
persist_app "$app_name" "$SUITECRM_DATA_TO_PERSIST"
else
info "Restoring persisted SuiteCRM installation"
restore_persisted_app "$app_name" "$SUITECRM_DATA_TO_PERSIST"
info "Trying to connect to the database server"
db_host="$(suitecrm_conf_get "dbconfig" "db_host_name")"
db_port="$(suitecrm_conf_get "dbconfig" "db_port")"
db_name="$(suitecrm_conf_get "dbconfig" "db_name")"
db_user="$(suitecrm_conf_get "dbconfig" "db_user_name")"
db_pass="$(suitecrm_conf_get "dbconfig" "db_password")"
suitecrm_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass"
fi
# Ensure SuiteCRM cron jobs are created when running setup with a root user
# https://docs.suitecrm.com/blog/scheduler-jobs/
local -a cron_cmd=(cd "${SUITECRM_BASE_DIR};" "${PHP_BIN_DIR}/php" "-f" "cron.php")
if am_i_root; then
generate_cron_conf "suitecrm" "${cron_cmd[*]} > /dev/null 2>&1" --run-as "$WEB_SERVER_DAEMON_USER" --schedule "*/1 * * * *"
else
warn "Skipping cron configuration for SuiteCRM because of running as a non-root user"
fi
# Avoid exit code of previous commands to affect the result of this function
true
}
########################
# Get an entry from the SuiteCRM configuration file ('config.php')
# Globals:
# SUITECRM_*
# Arguments:
# $1 - PHP variable name
# Returns:
# None
#########################
suitecrm_conf_get() {
local key="${1:?key missing}"
# Construct a PHP array path for the configuration, so each key is passed as a separate argument
local path="\$sugar_config"
for key in "$@"; do
path="${path}['${key}']"
done
debug "Getting ${key} from SuiteCRM configuration"
php -r "require ('${SUITECRM_CONF_FILE}'); print_r($path);"
}
########################
# Set an entry into the SuiteCRM configuration file ('config.php')
# Globals:
# SUITECRM_*
# Arguments:
# $1 - PHP variable name
# Returns:
# None
#########################
suitecrm_conf_set() {
local -r key="${1:?key missing}"
local -r value="${2:?missing value}"
debug "Setting ${key} to '${value}' in SuiteCRM configuration"
# Sanitize key (sed does not support fixed string substitutions)
local sanitized_pattern
sanitized_pattern="$(sed 's/[]\[^$.*/]/\\&/g' <<< "$key")"
# Check if the configuration exists in the file
if grep -q -E "$sanitized_pattern" "$SUITECRM_CONF_FILE"; then
# It exists, so replace the line
replace_in_file "$SUITECRM_CONF_FILE" "('${sanitized_pattern}' => ').*(',)" "\1${value}\2"
else
# The SuiteCRM configuration file includes all supported keys, but because of its format,
# we cannot append contents to the end. We can assume thi
warn "Could not set the SuiteCRM '${key}' configuration. Check that the file has not been modified externally."
fi
}
########################
# Wait until the database is accessible with the currently-known credentials
# Globals:
# *
# Arguments:
# $1 - database host
# $2 - database port
# $3 - database name
# $4 - database username
# $5 - database user password (optional)
# Returns:
# true if the database connection succeeded, false otherwise
#########################
suitecrm_wait_for_db_connection() {
local -r db_host="${1:?missing database host}"
local -r db_port="${2:?missing database port}"
local -r db_name="${3:?missing database name}"
local -r db_user="${4:?missing database user}"
local -r db_pass="${5:-}"
check_mysql_connection() {
echo "SELECT 1" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass"
}
if ! retry_while "check_mysql_connection"; then
error "Could not connect to the database"
return 1
fi
}
########################
# Pass SuiteCRM SMTP wizard
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the wizard succeeded, false otherwise
#########################
suitecrm_pass_smtp_wizard() {
local -r port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}"
local wizard_url curl_output
local -a curl_opts curl_data_opts
local url_protocol=http
is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https
local site_url="${url_protocol}://127.0.0.1:${port}/index.php"
cookie_file="/tmp/cookie$(generate_random_string -t alphanumeric -c 8)"
curl_opts=(
"--location"
"--silent"
"--cookie-jar" "$cookie_file"
"--cookie" "$cookie_file"
# Used to avoid XSRF warning
"--referer" "http://localhost"
)
# Step 1: Login to SuiteCRM and check that SMTP is not configured yet
wizard_url="${site_url}?action=Login&module=Users"
curl_data_opts=(
"--data-urlencode" "username_password=${SUITECRM_PASSWORD}"
"--data-urlencode" "user_name=${SUITECRM_USERNAME}"
"--data-urlencode" "return_action=Login"
"--data-urlencode" "module=Users"
"--data-urlencode" "action=Authenticate"
)
curl_output="$(curl "${curl_opts[@]}" "${curl_data_opts[@]}" "${wizard_url}")"
if [[ "$curl_output" != *"an SMTP server must be configured"* ]]; then
error "An error occurred while trying to login to configure SMTP"
return 1
fi
# Step 2: Configure SMTP and check the message to warn about SMTP has gone
wizard_url="${site_url}?module=EmailMan&action=config"
# Check if SMTP should go over SSL
local smtp_protocol=""
[[ "$SUITECRM_SMTP_PROTOCOL" = "ssl" ]] && smtp_protocol="1"
[[ "$SUITECRM_SMTP_PROTOCOL" = "tls" ]] && smtp_protocol="2"
# Check if SMTP user:pass is configured
local smtp_auth_req=0
! is_empty_value "$SUITECRM_SMTP_USER" && smtp_auth_req=1
curl_data_opts=(
"--data-urlencode" "mail_allowusersend=0"
"--data-urlencode" "mail_sendtype=SMTP"
"--data-urlencode" "mail_smtpauth_req=${smtp_auth_req}"
"--data-urlencode" "module=EmailMan"
"--data-urlencode" "mail_smtppass=${SUITECRM_SMTP_PASSWORD}"
"--data-urlencode" "mail_smtpport=${SUITECRM_SMTP_PORT_NUMBER}"
"--data-urlencode" "mail_smtpserver=${SUITECRM_SMTP_HOST}"
"--data-urlencode" "mail_smtptype=other"
"--data-urlencode" "mail_smtpuser=${SUITECRM_SMTP_USER}"
"--data-urlencode" "mail_smtpssl=${smtp_protocol}"
"--data-urlencode" "notify_fromaddress=${SUITECRM_SMTP_NOTIFY_ADDRESS}"
"--data-urlencode" "notify_fromname=${SUITECRM_SMTP_NOTIFY_NAME}"
"--data-urlencode" "action=Save"
)
curl_output="$(curl "${curl_opts[@]}" "${curl_data_opts[@]}" "${wizard_url}")"
if [[ "$curl_output" == *"an SMTP server must be configured"* ]]; then
error "An error occurred configuring SMTP for SuiteCRM"
return 1
fi
}
########################
# Pass SuiteCRM wizard
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the wizard succeeded, false otherwise
#########################
suitecrm_pass_wizard() {
local -a install_args
local url_protocol=http
info "Running setup wizard"
is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https
install_args=(
"--site_host=${url_protocol}://${SUITECRM_HOST}"
"--site_username=${SUITECRM_USERNAME}"
"--site_password=${SUITECRM_PASSWORD}"
"--db_username=${SUITECRM_DATABASE_USER}"
"--db_password=${SUITECRM_DATABASE_PASSWORD}"
"--db_host=${SUITECRM_DATABASE_HOST}"
"--db_port=${SUITECRM_DATABASE_PORT_NUMBER}"
"--db_name=${SUITECRM_DATABASE_NAME}"
"--no-interaction"
)
suitecrm_execute suitecrm:app:install "${install_args[@]}"
}
########################
# Pass SuiteCRM 7 wizard
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the wizard succeeded, false otherwise
#########################
suitecrm_7_pass_wizard() {
local -r port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}"
local wizard_url curl_output
local -a curl_opts curl_data_opts
local url_protocol=http
info "Running setup wizard"
is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https
wizard_url="${url_protocol}://127.0.0.1:${port}/install.php?goto=SilentInstall&cli=true"
curl_opts=("--location" "--silent")
curl_data_opts=(
"--data-urlencode" "current_step=8"
"--data-urlencode" "goto=Next"
)
local wizard_exit_code=0
wizard_error() {
error "An error occurred while installing SuiteCRM: ${*}"
wizard_exit_code=1
}
if ! debug_execute curl "${curl_opts[@]}" "${wizard_url}"; then
wizard_error "The wizard could not be accessed"
fi
if ! grep -q "Save user settings" "${SUITECRM_BASE_DIR}/install.log"; then
wizard_error "Installation failed"
fi
return "$wizard_exit_code"
}
########################
# Rebuild SuiteCRM's configuration file
# Globals:
# *
# Arguments:
# None
# Returns:
# true if succeded, false otherwise
#########################
suitecrm_rebuild_files() {
# The below script executes the code from "Repair > Rebuild Config File" to regenerate the configuration file
# We prefer to run a script rather than via cURL requests because it would require to login, and could cause
# issues with SUITECRM_SKIP_BOOTSTRAP
php_execute <<EOF
chdir('$SUITECRM_BASE_DIR');
define('sugarEntry', true);
require_once('include/utils.php');
// Based on 'install.php' includes
require_once('include/SugarLogger/LoggerManager.php');
require_once('sugar_version.php');
require_once('suitecrm_version.php');
require_once('include/TimeDate.php');
require_once('include/Localization/Localization.php');
require_once('include/SugarTheme/SugarTheme.php');
require_once('include/utils/LogicHook.php');
require_once('data/SugarBean.php');
// Include files that are loaded by 'entryPoint.php'
// (Note: We cannot include 'entryPoint.sh' since it is only expected to work via HTTP requests)
require_once('include/SugarEmailAddress/SugarEmailAddress.php');
require_once('include/utils/file_utils.php');
// Rebuild the configuration file
// Based on the RebuildConfig action in the admin panel
\$clean_config = loadCleanConfig();
rebuildConfigFile(\$clean_config, \$sugar_version);
// Rebuild the .htaccess file
// Based on the UpgradeAccess action in the admin panel
require_once 'include/upload_file.php';
UploadStream::register();
require('modules/Administration/UpgradeAccess.php');
EOF
}
########################
# Execute SuiteCRM console command
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the wizard succeeded, false otherwise
#########################
suitecrm_execute() {
local -a cmd=("php" "${SUITECRM_BASE_DIR}/bin/console" "$@")
# Run as web server user to avoid having to change permissions/ownership afterwards
am_i_root && cmd=("run_as_user" "$WEB_SERVER_DAEMON_USER" "${cmd[@]}")
(
cd "${SUITECRM_BASE_DIR}" || false
debug_execute "${cmd[@]}"
)
}

128
7/debian-12/rootfs/opt/bitnami/scripts/mysql-client-env.sh
Unescape View File

@ -0,0 +1,128 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for mysql
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-mysql}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
mysql_env_vars=(
MYSQL_CLIENT_FLAVOR
ALLOW_EMPTY_PASSWORD
MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN
MYSQL_CLIENT_DATABASE_HOST
MYSQL_CLIENT_DATABASE_PORT_NUMBER
MYSQL_CLIENT_DATABASE_ROOT_USER
MYSQL_CLIENT_DATABASE_ROOT_PASSWORD
MYSQL_CLIENT_CREATE_DATABASE_NAME
MYSQL_CLIENT_CREATE_DATABASE_USER
MYSQL_CLIENT_CREATE_DATABASE_PASSWORD
MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET
MYSQL_CLIENT_CREATE_DATABASE_COLLATE
MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES
MYSQL_CLIENT_ENABLE_SSL_WRAPPER
MYSQL_CLIENT_ENABLE_SSL
MYSQL_CLIENT_SSL_CA_FILE
MYSQL_CLIENT_SSL_CERT_FILE
MYSQL_CLIENT_SSL_KEY_FILE
MYSQL_CLIENT_EXTRA_FLAGS
MARIADB_AUTHENTICATION_PLUGIN
MARIADB_HOST
MARIADB_PORT_NUMBER
MARIADB_ROOT_USER
MARIADB_ROOT_PASSWORD
)
for env_var in "${mysql_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset mysql_env_vars
export MYSQL_CLIENT_FLAVOR="${MYSQL_CLIENT_FLAVOR:-mariadb}"
export DB_FLAVOR="$MYSQL_CLIENT_FLAVOR"
# Paths
export DB_BASE_DIR="${BITNAMI_ROOT_DIR}/mysql"
export DB_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/mysql"
export DB_DATA_DIR="${DB_VOLUME_DIR}/data"
export DB_BIN_DIR="${DB_BASE_DIR}/bin"
export DB_SBIN_DIR="${DB_BASE_DIR}/bin"
export DB_CONF_DIR="${DB_BASE_DIR}/conf"
export DB_DEFAULT_CONF_DIR="${DB_BASE_DIR}/conf.default"
export DB_LOGS_DIR="${DB_BASE_DIR}/logs"
export DB_TMP_DIR="${DB_BASE_DIR}/tmp"
export DB_CONF_FILE="${DB_CONF_DIR}/my.cnf"
export DB_PID_FILE="${DB_TMP_DIR}/mysqld.pid"
export DB_SOCKET_FILE="${DB_TMP_DIR}/mysql.sock"
export PATH="${DB_SBIN_DIR}:${DB_BIN_DIR}:/opt/bitnami/common/bin:${PATH}"
# System users (when running with a privileged user)
export DB_DAEMON_USER="mysql"
export DB_DAEMON_GROUP="mysql"
# MySQL client configuration
export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}"
MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN="${MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN:-"${MARIADB_AUTHENTICATION_PLUGIN:-}"}"
export MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN="${MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN:-}"
export DB_AUTHENTICATION_PLUGIN="$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN"
MYSQL_CLIENT_DATABASE_HOST="${MYSQL_CLIENT_DATABASE_HOST:-"${MARIADB_HOST:-}"}"
export MYSQL_CLIENT_DATABASE_HOST="${MYSQL_CLIENT_DATABASE_HOST:-mariadb}"
export DB_HOST="$MYSQL_CLIENT_DATABASE_HOST"
MYSQL_CLIENT_DATABASE_PORT_NUMBER="${MYSQL_CLIENT_DATABASE_PORT_NUMBER:-"${MARIADB_PORT_NUMBER:-}"}"
export MYSQL_CLIENT_DATABASE_PORT_NUMBER="${MYSQL_CLIENT_DATABASE_PORT_NUMBER:-3306}"
export DB_PORT_NUMBER="$MYSQL_CLIENT_DATABASE_PORT_NUMBER"
MYSQL_CLIENT_DATABASE_ROOT_USER="${MYSQL_CLIENT_DATABASE_ROOT_USER:-"${MARIADB_ROOT_USER:-}"}"
export MYSQL_CLIENT_DATABASE_ROOT_USER="${MYSQL_CLIENT_DATABASE_ROOT_USER:-root}"
export DB_ROOT_USER="$MYSQL_CLIENT_DATABASE_ROOT_USER" # only used during the first initialization
MYSQL_CLIENT_DATABASE_ROOT_PASSWORD="${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-"${MARIADB_ROOT_PASSWORD:-}"}"
export MYSQL_CLIENT_DATABASE_ROOT_PASSWORD="${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}"
export DB_ROOT_PASSWORD="$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" # only used during the first initialization
export MYSQL_CLIENT_CREATE_DATABASE_NAME="${MYSQL_CLIENT_CREATE_DATABASE_NAME:-}"
export DB_CREATE_DATABASE_NAME="$MYSQL_CLIENT_CREATE_DATABASE_NAME" # only used during the first initialization
export MYSQL_CLIENT_CREATE_DATABASE_USER="${MYSQL_CLIENT_CREATE_DATABASE_USER:-}"
export DB_CREATE_DATABASE_USER="$MYSQL_CLIENT_CREATE_DATABASE_USER"
export MYSQL_CLIENT_CREATE_DATABASE_PASSWORD="${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}"
export DB_CREATE_DATABASE_PASSWORD="$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD"
export MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET="${MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET:-}"
export DB_CREATE_DATABASE_CHARACTER_SET="$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET"
export MYSQL_CLIENT_CREATE_DATABASE_COLLATE="${MYSQL_CLIENT_CREATE_DATABASE_COLLATE:-}"
export DB_CREATE_DATABASE_COLLATE="$MYSQL_CLIENT_CREATE_DATABASE_COLLATE"
export MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES="${MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES:-}"
export DB_CREATE_DATABASE_PRIVILEGES="$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES"
export MYSQL_CLIENT_ENABLE_SSL_WRAPPER="${MYSQL_CLIENT_ENABLE_SSL_WRAPPER:-no}"
export DB_ENABLE_SSL_WRAPPER="$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"
export MYSQL_CLIENT_ENABLE_SSL="${MYSQL_CLIENT_ENABLE_SSL:-no}"
export DB_ENABLE_SSL="$MYSQL_CLIENT_ENABLE_SSL"
export MYSQL_CLIENT_SSL_CA_FILE="${MYSQL_CLIENT_SSL_CA_FILE:-}"
export DB_SSL_CA_FILE="$MYSQL_CLIENT_SSL_CA_FILE"
export MYSQL_CLIENT_SSL_CERT_FILE="${MYSQL_CLIENT_SSL_CERT_FILE:-}"
export DB_SSL_CERT_FILE="$MYSQL_CLIENT_SSL_CERT_FILE"
export MYSQL_CLIENT_SSL_KEY_FILE="${MYSQL_CLIENT_SSL_KEY_FILE:-}"
export DB_SSL_KEY_FILE="$MYSQL_CLIENT_SSL_KEY_FILE"
export MYSQL_CLIENT_EXTRA_FLAGS="${MYSQL_CLIENT_EXTRA_FLAGS:-no}"
export DB_EXTRA_FLAGS="$MYSQL_CLIENT_EXTRA_FLAGS"
# Custom environment variables may be defined below

21
7/debian-12/rootfs/opt/bitnami/scripts/mysql-client/postunpack.sh
Unescape View File

@ -0,0 +1,21 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libfs.sh
# Load MySQL Client environment variables
. /opt/bitnami/scripts/mysql-client-env.sh
for dir in "$DB_BIN_DIR" "${DB_BASE_DIR}/.bin"; do
ensure_dir_exists "$dir"
chmod g+rwX "$dir"
done

21
7/debian-12/rootfs/opt/bitnami/scripts/mysql-client/setup.sh
Unescape View File

@ -0,0 +1,21 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libmysqlclient.sh
# Load MySQL Client environment variables
. /opt/bitnami/scripts/mysql-client-env.sh
# Ensure MySQL Client environment variables settings are valid
mysql_client_validate
# Ensure MySQL Client is initialized
mysql_client_initialize

91
7/debian-12/rootfs/opt/bitnami/scripts/php-env.sh
Unescape View File

@ -0,0 +1,91 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for php
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-php}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
php_env_vars=(
PHP_FPM_LISTEN_ADDRESS
PHP_DATE_TIMEZONE
PHP_ENABLE_OPCACHE
PHP_MAX_EXECUTION_TIME
PHP_MAX_INPUT_TIME
PHP_MAX_INPUT_VARS
PHP_MEMORY_LIMIT
PHP_POST_MAX_SIZE
PHP_UPLOAD_MAX_FILESIZE
PHP_OPCACHE_ENABLED
)
for env_var in "${php_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset php_env_vars
# Paths
export PHP_BASE_DIR="${BITNAMI_ROOT_DIR}/php"
export PHP_BIN_DIR="${PHP_BASE_DIR}/bin"
export PHP_CONF_DIR="${PHP_BASE_DIR}/etc"
export PHP_DEFAULT_CONF_DIR="${PHP_BASE_DIR}/etc.default"
export PHP_TMP_DIR="${PHP_BASE_DIR}/var/run"
export PHP_CONF_FILE="${PHP_CONF_DIR}/php.ini"
# PHP default build-time configuration
export PHP_DEFAULT_OPCACHE_INTERNED_STRINGS_BUFFER="16" # only used at build time
export PHP_DEFAULT_OPCACHE_MEMORY_CONSUMPTION="192" # only used at build time
export PHP_DEFAULT_OPCACHE_FILE_CACHE="${PHP_TMP_DIR}/opcache_file" # only used at build time
# PHP-FPM configuration
export PHP_FPM_SBIN_DIR="${PHP_BASE_DIR}/sbin"
export PHP_FPM_LOGS_DIR="${PHP_BASE_DIR}/logs"
export PHP_FPM_LOG_FILE="${PHP_FPM_LOGS_DIR}/php-fpm.log"
export PHP_FPM_CONF_FILE="${PHP_CONF_DIR}/php-fpm.conf"
export PHP_FPM_PID_FILE="${PHP_TMP_DIR}/php-fpm.pid"
export PHP_FPM_DEFAULT_LISTEN_ADDRESS="${PHP_TMP_DIR}/www.sock" # only used at build time
export PHP_FPM_LISTEN_ADDRESS="${PHP_FPM_LISTEN_ADDRESS:-}"
export PATH="${PHP_FPM_SBIN_DIR}:${PHP_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}"
# System users (when running with a privileged user)
export PHP_FPM_DAEMON_USER="daemon"
export PHP_FPM_DAEMON_GROUP="daemon"
# PHP configuration
export PHP_DATE_TIMEZONE="${PHP_DATE_TIMEZONE:-}"
PHP_ENABLE_OPCACHE="${PHP_ENABLE_OPCACHE:-"${PHP_OPCACHE_ENABLED:-}"}"
export PHP_ENABLE_OPCACHE="${PHP_ENABLE_OPCACHE:-}"
export PHP_EXPOSE_PHP="0"
export PHP_MAX_EXECUTION_TIME="${PHP_MAX_EXECUTION_TIME:-}"
export PHP_MAX_INPUT_TIME="${PHP_MAX_INPUT_TIME:-}"
export PHP_MAX_INPUT_VARS="${PHP_MAX_INPUT_VARS:-}"
export PHP_MEMORY_LIMIT="${PHP_MEMORY_LIMIT:-}"
export PHP_POST_MAX_SIZE="${PHP_POST_MAX_SIZE:-}"
export PHP_UPLOAD_MAX_FILESIZE="${PHP_UPLOAD_MAX_FILESIZE:-}"
export PHP_OUTPUT_BUFFERING="8196"
# Custom environment variables may be defined below

47
7/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh
Unescape View File

@ -0,0 +1,47 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/libfs.sh
# Load PHP-FPM environment variables
. /opt/bitnami/scripts/php-env.sh
# PHP OPcache optimizations
php_conf_set "opcache.interned_strings_buffer" "$PHP_DEFAULT_OPCACHE_INTERNED_STRINGS_BUFFER"
php_conf_set "opcache.memory_consumption" "$PHP_DEFAULT_OPCACHE_MEMORY_CONSUMPTION"
php_conf_set "opcache.file_cache" "$PHP_DEFAULT_OPCACHE_FILE_CACHE"
# PHP-FPM configuration
php_conf_set "listen" "$PHP_FPM_DEFAULT_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf"
# TMP dir configuration
php_conf_set "upload_tmp_dir" "${PHP_BASE_DIR}/tmp"
php_conf_set "session.save_path" "${PHP_TMP_DIR}/session"
# Ensure directories used by PHP-FPM exist and have proper ownership and permissions
for dir in "$PHP_CONF_DIR" "$PHP_DEFAULT_CONF_DIR" "${PHP_BASE_DIR}/tmp" "$PHP_TMP_DIR" "$PHP_FPM_LOGS_DIR" "${PHP_TMP_DIR}/session"; do
ensure_dir_exists "$dir"
chmod -R g+rwX "$dir"
done
info "Disabling PHP-FPM daemon user/group configuration"
mv "${PHP_CONF_DIR}/common.conf" "${PHP_CONF_DIR}/common.conf.disabled"
touch "${PHP_CONF_DIR}/common.conf"
# Log to stdout/stderr for easy debugging
ln -sf "/dev/stdout" "$PHP_FPM_LOG_FILE"
php_conf_set "error_log" "/dev/stderr"
# Copy all initially generated configuration files to the default directory
# (this is to avoid breaking when entrypoint is being overridden)
cp -r "$PHP_CONF_DIR"/* "$PHP_DEFAULT_CONF_DIR"

37
7/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh
Unescape View File

@ -0,0 +1,37 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1090,SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libwebserver.sh
# Load PHP-FPM environment
. /opt/bitnami/scripts/php-env.sh
# Load web server environment and functions
. "/opt/bitnami/scripts/$(web_server_type)-env.sh"
error_code=0
if is_php_fpm_enabled; then
if is_php_fpm_not_running; then
error "php-fpm is not running"
error_code=1
else
info "** Reloading PHP-FPM configuration **"
php_fpm_reload
fi
else
web_server_reload
fi
exit "$error_code"

19
7/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh
Unescape View File

@ -0,0 +1,19 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libphp.sh
# Load PHP-FPM environment variables
. /opt/bitnami/scripts/php-env.sh
/opt/bitnami/scripts/php/stop.sh
/opt/bitnami/scripts/php/start.sh

21
7/debian-12/rootfs/opt/bitnami/scripts/php/run.sh
Unescape View File

@ -0,0 +1,21 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/liblog.sh
# Load PHP-FPM environment variables
. /opt/bitnami/scripts/php-env.sh
info "** Starting PHP-FPM **"
declare -a args=("--pid" "$PHP_FPM_PID_FILE" "--fpm-config" "$PHP_FPM_CONF_FILE" "-c" "$PHP_CONF_DIR" "-F")
exec "${PHP_FPM_SBIN_DIR}/php-fpm" "${args[@]}"

34
7/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh
Unescape View File

@ -0,0 +1,34 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
# Load PHP-FPM environment variables
. /opt/bitnami/scripts/php-env.sh
# Ensure PHP-FPM daemon user exists and required folder belongs to this user when running as 'root'
if am_i_root; then
ensure_user_exists "$PHP_FPM_DAEMON_USER" --group "$PHP_FPM_DAEMON_GROUP"
ensure_dir_exists "$PHP_TMP_DIR"
chown -R "${PHP_FPM_DAEMON_USER}:${PHP_FPM_DAEMON_GROUP}" "$PHP_TMP_DIR"
# Enable daemon configuration
if [[ ! -f "${PHP_CONF_DIR}/common.conf" ]]; then
cp "${PHP_CONF_DIR}/common.conf.disabled" "${PHP_CONF_DIR}/common.conf"
fi
fi
php_initialize
# Fix logging issue when running as root
! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)"

34
7/debian-12/rootfs/opt/bitnami/scripts/php/start.sh
Unescape View File

@ -0,0 +1,34 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
# Load PHP-FPM environment variables
. /opt/bitnami/scripts/php-env.sh
error_code=0
if is_php_fpm_not_running; then
nohup /opt/bitnami/scripts/php/run.sh >/dev/null 2>&1 &
if ! retry_while "is_php_fpm_running"; then
error "php-fpm did not start"
error_code=1
else
info "php-fpm started"
fi
else
info "php-fpm is already running"
fi
exit "$error_code"

23
7/debian-12/rootfs/opt/bitnami/scripts/php/status.sh
Unescape View File

@ -0,0 +1,23 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/liblog.sh
# Load PHP-FPM environment variables
. /opt/bitnami/scripts/php-env.sh
if is_php_fpm_running; then
info "php-fpm is already running"
else
info "php-fpm is not running"
fi

34
7/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh
Unescape View File

@ -0,0 +1,34 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
# Load PHP-FPM environment variables
. /opt/bitnami/scripts/php-env.sh
error_code=0
if is_php_fpm_running; then
BITNAMI_QUIET=1 php_fpm_stop
if ! retry_while "is_php_fpm_not_running"; then
error "php-fpm could not be stopped"
error_code=1
else
info "php-fpm stopped"
fi
else
info "php-fpm is not running"
fi
exit "$error_code"

120
7/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh
Unescape View File

@ -0,0 +1,120 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for suitecrm
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-suitecrm}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
suitecrm_env_vars=(
SUITECRM_DATA_TO_PERSIST
SUITECRM_SKIP_BOOTSTRAP
SUITECRM_USERNAME
SUITECRM_PASSWORD
SUITECRM_EMAIL
SUITECRM_HOST
SUITECRM_ENABLE_HTTPS
SUITECRM_EXTERNAL_HTTP_PORT_NUMBER
SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER
SUITECRM_VALIDATE_USER_IP
SUITECRM_SMTP_HOST
SUITECRM_SMTP_PORT_NUMBER
SUITECRM_SMTP_USER
SUITECRM_SMTP_PASSWORD
SUITECRM_SMTP_PROTOCOL
SUITECRM_SMTP_NOTIFY_ADDRESS
SUITECRM_SMTP_NOTIFY_NAME
SUITECRM_DATABASE_HOST
SUITECRM_DATABASE_PORT_NUMBER
SUITECRM_DATABASE_NAME
SUITECRM_DATABASE_USER
SUITECRM_DATABASE_PASSWORD
SMTP_HOST
SMTP_PORT
SUITECRM_SMTP_PORT
SMTP_USER
SMTP_PASSWORD
SMTP_PROTOCOL
)
for env_var in "${suitecrm_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset suitecrm_env_vars
# Paths
export SUITECRM_BASE_DIR="${BITNAMI_ROOT_DIR}/suitecrm"
export SUITECRM_CONF_FILE="${SUITECRM_BASE_DIR}/public/legacy/config.php"
export SUITECRM_SILENT_INSTALL_CONF_FILE="${SUITECRM_BASE_DIR}/public/legacy/config_si.php"
# SuiteCRM persistence configuration
export SUITECRM_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/suitecrm"
export SUITECRM_MOUNTED_CONF_FILE="${SUITECRM_VOLUME_DIR}/config_si.php"
export SUITECRM_DATA_TO_PERSIST="${SUITECRM_DATA_TO_PERSIST:-$SUITECRM_BASE_DIR}"
# SuiteCRM configuration
export SUITECRM_SKIP_BOOTSTRAP="${SUITECRM_SKIP_BOOTSTRAP:-}" # only used during the first initialization
# SuiteCRM credentials
export SUITECRM_USERNAME="${SUITECRM_USERNAME:-user}" # only used during the first initialization
export SUITECRM_PASSWORD="${SUITECRM_PASSWORD:-bitnami}" # only used during the first initialization
export SUITECRM_EMAIL="${SUITECRM_EMAIL:-user@example.com}" # only used during the first initialization
export SUITECRM_HOST="${SUITECRM_HOST:-localhost}" # only used during the first initialization
export SUITECRM_ENABLE_HTTPS="${SUITECRM_ENABLE_HTTPS:-no}" # only used during the first initialization
export SUITECRM_EXTERNAL_HTTP_PORT_NUMBER="${SUITECRM_EXTERNAL_HTTP_PORT_NUMBER:-80}" # only used during the first initialization
export SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER="${SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER:-443}" # only used during the first initialization
export SUITECRM_VALIDATE_USER_IP="${SUITECRM_VALIDATE_USER_IP:-true}"
# SuiteCRM SMTP credentials
SUITECRM_SMTP_HOST="${SUITECRM_SMTP_HOST:-"${SMTP_HOST:-}"}"
export SUITECRM_SMTP_HOST="${SUITECRM_SMTP_HOST:-}" # only used during the first initialization
SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-"${SMTP_PORT:-}"}"
SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-"${SUITECRM_SMTP_PORT:-}"}"
export SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-}" # only used during the first initialization
SUITECRM_SMTP_USER="${SUITECRM_SMTP_USER:-"${SMTP_USER:-}"}"
export SUITECRM_SMTP_USER="${SUITECRM_SMTP_USER:-}" # only used during the first initialization
SUITECRM_SMTP_PASSWORD="${SUITECRM_SMTP_PASSWORD:-"${SMTP_PASSWORD:-}"}"
export SUITECRM_SMTP_PASSWORD="${SUITECRM_SMTP_PASSWORD:-}" # only used during the first initialization
SUITECRM_SMTP_PROTOCOL="${SUITECRM_SMTP_PROTOCOL:-"${SMTP_PROTOCOL:-}"}"
export SUITECRM_SMTP_PROTOCOL="${SUITECRM_SMTP_PROTOCOL:-}" # only used during the first initialization
export SUITECRM_SMTP_NOTIFY_ADDRESS="${SUITECRM_SMTP_NOTIFY_ADDRESS:-${SUITECRM_EMAIL}}"
export SUITECRM_SMTP_NOTIFY_NAME="${SUITECRM_SMTP_NOTIFY_NAME:-SuiteCRM}"
# Database configuration
export SUITECRM_DEFAULT_DATABASE_HOST="mariadb" # only used at build time
export SUITECRM_DATABASE_HOST="${SUITECRM_DATABASE_HOST:-$SUITECRM_DEFAULT_DATABASE_HOST}" # only used during the first initialization
export SUITECRM_DATABASE_PORT_NUMBER="${SUITECRM_DATABASE_PORT_NUMBER:-3306}" # only used during the first initialization
export SUITECRM_DATABASE_NAME="${SUITECRM_DATABASE_NAME:-bitnami_suitecrm}" # only used during the first initialization
export SUITECRM_DATABASE_USER="${SUITECRM_DATABASE_USER:-bn_suitecrm}" # only used during the first initialization
export SUITECRM_DATABASE_PASSWORD="${SUITECRM_DATABASE_PASSWORD:-}" # only used during the first initialization
# PHP configuration
export PHP_DEFAULT_MEMORY_LIMIT="256M" # only used at build time
export PHP_DEFAULT_POST_MAX_SIZE="60M" # only used at build time
export PHP_DEFAULT_UPLOAD_MAX_FILESIZE="60M" # only used at build time
# Custom environment variables may be defined below

23
7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl
Unescape View File

@ -0,0 +1,23 @@
// This file is based on a config.php file from a completed install. You can obtain it by disabling the wizard and browsing to the application.
// This will be used for new installs using existing databases, where we will first use a very basic config file and then repair via the app to add missing fields.
<?php
$sugar_config = array (
'dbconfig' =>
array (
'db_host_name' => '{{db_host}}',
'db_host_instance' => '',
'db_user_name' => '{{db_user}}',
'db_password' => '{{db_pass}}',
'db_name' => '{{db_name}}',
'db_type' => 'mysql',
'db_port' => '{{db_port}}',
'db_manager' => 'MysqliManager',
),
'dbconfigoption' =>
array (
'persistent' => true,
'autofree' => false,
'debug' => 0,
'ssl' => false,
),
);

39
7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl
Unescape View File

@ -0,0 +1,39 @@
// This file is based on https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_9.3/Architecture/Configurator/Silent_Installer_Settings/#config_siphp
<?php
$sugar_config_si = array(
'setup_site_url' => '{{url_protocol}}://{{SUITECRM_HOST}}',
'setup_system_name' => 'Bitnami SuiteCRM',
'setup_db_host_name' => '{{SUITECRM_DATABASE_HOST}}',
'setup_site_admin_user_name' => '{{SUITECRM_USERNAME}}',
'setup_site_admin_email' => ' {{SUITECRM_EMAIL}}',
'setup_site_admin_password' => '{{SUITECRM_PASSWORD}}',
'demoData' => false,
'setup_db_type' => 'mysql',
'setup_db_host_name' => '{{SUITECRM_DATABASE_HOST}}',
'setup_db_database_name' => '{{SUITECRM_DATABASE_NAME}}',
'setup_db_port_num' => '{{SUITECRM_DATABASE_PORT_NUMBER}}',
'setup_db_sugarsales_user' => '{{SUITECRM_DATABASE_USER}}',
'setup_db_sugarsales_password' => '{{SUITECRM_DATABASE_PASSWORD}}',
'setup_db_admin_user_name' => '{{SUITECRM_DATABASE_USER}}',
'setup_db_admin_password' => '{{SUITECRM_DATABASE_PASSWORD}}',
'setup_db_drop_tables' => false,
'setup_db_create_database' => true,
'default_currency_iso4217' => 'USD',
'default_currency_name' => 'US Dollars',
'default_currency_significant_digits' => '2',
'default_currency_symbol' => '$',
'default_date_format' => 'Y-m-d',
'default_time_format' => 'H:i',
'default_decimal_seperator' => '.',
'default_export_charset' => 'ISO-8859-1',
'default_language' => 'en_us',
'default_locale_name_format' => 's f l',
'default_number_grouping_seperator' => ',',
'export_delimiter' => ',',
'verify_client_ip' => {{SUITECRM_VALIDATE_USER_IP}},
'session_dir' => '/tmp',
);
?>

33
7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh
Unescape View File

@ -0,0 +1,33 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load SuiteCRM environment
. /opt/bitnami/scripts/suitecrm-env.sh
# Load libraries
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libwebserver.sh
print_welcome_page
if [[ "$1" = "/opt/bitnami/scripts/suitecrm/run.sh" || "$1" = "/opt/bitnami/scripts/$(web_server_type)/run.sh" || "$1" = "/opt/bitnami/scripts/nginx-php-fpm/run.sh" ]]; then
info "** Starting SuiteCRM setup **"
/opt/bitnami/scripts/"$(web_server_type)"/setup.sh
/opt/bitnami/scripts/php/setup.sh
/opt/bitnami/scripts/mysql-client/setup.sh
/opt/bitnami/scripts/suitecrm/setup.sh
/post-init.sh
info "** SuiteCRM setup finished! **"
fi
echo ""
exec "$@"

55
7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh
Unescape View File

@ -0,0 +1,55 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1090,SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load SuiteCRM environment
. /opt/bitnami/scripts/suitecrm-env.sh
# Load PHP environment for 'php_conf_set' (after 'suitecrm-env.sh' so that MODULE is not set to a wrong value)
. /opt/bitnami/scripts/php-env.sh
# Load libraries
. /opt/bitnami/scripts/libsuitecrm.sh
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libphp.sh
. /opt/bitnami/scripts/libwebserver.sh
# Load web server environment and functions (after SuiteCRM environment file so MODULE is not set to a wrong value)
. "/opt/bitnami/scripts/$(web_server_type)-env.sh"
# Ensure the SuiteCRM base directory exists and has proper permissions
info "Configuring file permissions for SuiteCRM"
ensure_user_exists "$WEB_SERVER_DAEMON_USER" --group "$WEB_SERVER_DAEMON_GROUP"
for dir in "$SUITECRM_BASE_DIR" "$SUITECRM_VOLUME_DIR" "${SUITECRM_BASE_DIR}/tmp"; do
ensure_dir_exists "$dir"
# Use daemon:daemon ownership for compatibility when running as a non-root user
configure_permissions_ownership "$dir" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root"
done
# Configure required PHP options for application to work properly, based on build-time defaults
info "Configuring default PHP options for SuiteCRM"
php_conf_set memory_limit "$PHP_DEFAULT_MEMORY_LIMIT"
php_conf_set upload_max_filesize "$PHP_DEFAULT_UPLOAD_MAX_FILESIZE"
php_conf_set post_max_size "$PHP_DEFAULT_POST_MAX_SIZE"
# Disabling opcache to be able to modify parameters using the system setting panel. Ref: T18279
php_conf_set "opcache.enable" "Off"
# Enable default web server configuration for SuiteCRM
info "Creating default web server configuration for SuiteCRM"
web_server_validate
# Not moving .htaccess because SuiteCRM generates some of them during installation
# Backward compatibility with SuiteCRM 7
if [[ -d "${SUITECRM_BASE_DIR}/public" ]]; then
ensure_web_server_app_configuration_exists "suitecrm" --type php --apache-move-htaccess "no" --document-root "${BITNAMI_ROOT_DIR}/suitecrm/public"
else
ensure_web_server_app_configuration_exists "suitecrm" --type php --apache-move-htaccess "no"
fi

42
7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh
Unescape View File

@ -0,0 +1,42 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load SuiteCRM environment
. /opt/bitnami/scripts/suitecrm-env.sh
# Load libraries
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libservice.sh
. /opt/bitnami/scripts/libwebserver.sh
# Catch SIGTERM signal and stop all child processes
_forwardTerm() {
warn "Caught signal SIGTERM, passing it to child processes..."
pgrep -P $$ | xargs kill -TERM 2>/dev/null
wait
exit $?
}
trap _forwardTerm TERM
# Start cron
if am_i_root; then
info "** Starting cron **"
if ! cron_start; then
error "Failed to start cron. Check that it is installed and its configuration is correct."
exit 1
fi
else
warn "Cron will not be started because of running as a non-root user"
fi
# Start Apache
exec "/opt/bitnami/scripts/$(web_server_type)/run.sh"

41
7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh
Unescape View File

@ -0,0 +1,41 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1090,SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load SuiteCRM environment
. /opt/bitnami/scripts/suitecrm-env.sh
# Load MySQL Client environment for 'mysql_remote_execute' (after 'suitecrm-env.sh' so that MODULE is not set to a wrong value)
if [[ -f /opt/bitnami/scripts/mysql-client-env.sh ]]; then
. /opt/bitnami/scripts/mysql-client-env.sh
elif [[ -f /opt/bitnami/scripts/mysql-env.sh ]]; then
. /opt/bitnami/scripts/mysql-env.sh
elif [[ -f /opt/bitnami/scripts/mariadb-env.sh ]]; then
. /opt/bitnami/scripts/mariadb-env.sh
fi
# Load PHP environment for cron configuration (after 'moodle-env.sh' so that MODULE is not set to a wrong value)
. /opt/bitnami/scripts/php-env.sh
# Load libraries
. /opt/bitnami/scripts/libsuitecrm.sh
. /opt/bitnami/scripts/libwebserver.sh
# Load web server environment and functions (after SuiteCRM environment file so MODULE is not set to a wrong value)
. "/opt/bitnami/scripts/$(web_server_type)-env.sh"
# Ensure SuiteCRM environment variables are valid
suitecrm_validate
# Update web server configuration with runtime environment (needs to happen before the initialization)
web_server_update_app_configuration "suitecrm"
# Ensure SuiteCRM is initialized
suitecrm_initialize

28
7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh
Unescape View File

@ -0,0 +1,28 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1090,SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load SuiteCRM environment
. /opt/bitnami/scripts/suitecrm-env.sh
# Load libraries
. /opt/bitnami/scripts/libsuitecrm.sh
. /opt/bitnami/scripts/libfile.sh
SUITECRM_SERVER_HOST="${1:?missing host}"
if is_boolean_yes "$SUITECRM_ENABLE_HTTPS"; then
SUITECRM_SERVER_URL="https://${SUITECRM_SERVER_HOST}"
[[ "$SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER" != "443" ]] && SUITECRM_SERVER_URL+=":${SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER}"
else
SUITECRM_SERVER_URL="http://${SUITECRM_SERVER_HOST}"
[[ "$SUITECRM_EXTERNAL_HTTP_PORT_NUMBER" != "80" ]] && SUITECRM_SERVER_URL+=":${SUITECRM_EXTERNAL_HTTP_PORT_NUMBER}"
fi
suitecrm_conf_set "site_url" "$SUITECRM_SERVER_URL"
suitecrm_conf_set "host_name" "$SUITECRM_SERVER_HOST"

33
7/debian-12/rootfs/post-init.d/php.sh
Unescape View File

@ -0,0 +1,33 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Executes custom PHP init scripts
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries with logging functions
if [[ -f /opt/bitnami/base/functions ]]; then
. /opt/bitnami/base/functions
else
. /opt/bitnami/scripts/liblog.sh
fi
# Loop through all input files passed via stdin
read -r -a custom_init_scripts <<< "$@"
failure=0
if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then
for custom_init_script in "${custom_init_scripts[@]}"; do
[[ "$custom_init_script" != *".php" ]] && continue
info "Executing ${custom_init_script} with PHP interpreter"
php "$custom_init_script" || failure=1
[[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}"
done
fi
exit "$failure"

38
7/debian-12/rootfs/post-init.d/shell.sh
Unescape View File

@ -0,0 +1,38 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Executes custom Bash init scripts
# shellcheck disable=SC1090,SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries with logging functions
if [[ -f /opt/bitnami/base/functions ]]; then
. /opt/bitnami/base/functions
else
. /opt/bitnami/scripts/liblog.sh
fi
# Loop through all input files passed via stdin
read -r -a custom_init_scripts <<< "$@"
failure=0
if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then
for custom_init_script in "${custom_init_scripts[@]}"; do
[[ "$custom_init_script" != *".sh" ]] && continue
if [[ -x "$custom_init_script" ]]; then
info "Executing ${custom_init_script}"
"$custom_init_script" || failure="1"
else
info "Sourcing ${custom_init_script} as it is not executable by the current user, any error may cause initialization to fail"
. "$custom_init_script"
fi
[[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}"
done
fi
exit "$failure"

48
7/debian-12/rootfs/post-init.d/sql-mysql.sh
Unescape View File

@ -0,0 +1,48 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Executes custom MySQL (.sql or .sql.gz) init scripts
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries with logging functions
if [[ -f /opt/bitnami/base/functions ]]; then
. /opt/bitnami/base/functions
else
. /opt/bitnami/scripts/liblog.sh
fi
mysql_execute() {
local -r sql_file="${1:?missing file}"
local failure=0
mysql_cmd=("mysql" "-h" "$MARIADB_HOST" "-P" "$MARIADB_PORT_NUMBER" "-u" "$MARIADB_ROOT_USER")
if [[ "${ALLOW_EMPTY_PASSWORD:-no}" != "yes" ]]; then
mysql_cmd+=("-p${MARIADB_ROOT_PASSWORD}")
fi
if [[ "$sql_file" == *".sql" ]]; then
"${mysql_cmd[@]}" < "$sql_file" || failure=$?
elif [[ "$sql_file" == *".sql.gz" ]]; then
gunzip -c "$sql_file" | "${mysql_cmd[@]}" || failure=$?
fi
return "$failure"
}
# Loop through all input files passed via stdin
read -r -a custom_init_scripts <<< "$@"
failure=0
if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then
for custom_init_script in "${custom_init_scripts[@]}"; do
[[ ! "$custom_init_script" =~ ^.*(\.sql|\.sql\.gz)$ ]] && continue
info "Executing ${custom_init_script}"
mysql_execute "$custom_init_script" || failure=1
[[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}"
done
fi
exit "$failure"

25
7/debian-12/rootfs/post-init.sh
Unescape View File

@ -0,0 +1,25 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Only execute init scripts once
if [[ ! -f "/bitnami/suitecrm/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then
read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)"
if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/suitecrm/.user_scripts_initialized" ]]; then
mkdir -p "/bitnami/suitecrm"
for init_script in "${init_scripts[@]}"; do
for init_script_type_handler in /post-init.d/*.sh; do
"$init_script_type_handler" "$init_script"
done
done
fi
touch "/bitnami/suitecrm/.user_scripts_initialized"
fi

4
7/debian-12/tags-info.yaml
Unescape View File

@ -0,0 +1,4 @@
rolling-tags:
- "7"
- 7-debian-12
- 7.14.5

66
8/debian-12/Dockerfile
Unescape View File

@ -0,0 +1,66 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
FROM docker.io/bitnami/minideb:bookworm
ARG TARGETARCH
LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2024-08-24T06:14:51Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/suitecrm/README.md" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="8.6.2-debian-12-r1" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/suitecrm" \
org.opencontainers.image.title="suitecrm" \
org.opencontainers.image.vendor="Broadcom, Inc." \
org.opencontainers.image.version="8.6.2"
ENV OS_ARCH="${TARGETARCH:-amd64}" \
OS_FLAVOUR="debian-12" \
OS_NAME="linux"
COPY prebuildfs /
SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
# Install required system packages and dependencies
RUN install_packages acl ca-certificates cron curl libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps zlib1g
RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
COMPONENTS=( \
"render-template-1.0.7-3-linux-${OS_ARCH}-debian-12" \
"php-8.1.29-9-linux-${OS_ARCH}-debian-12" \
"apache-2.4.62-0-linux-${OS_ARCH}-debian-12" \
"mysql-client-11.4.3-0-linux-${OS_ARCH}-debian-12" \
"libphp-8.1.29-4-linux-${OS_ARCH}-debian-12" \
"suitecrm-8.6.2-0-linux-${OS_ARCH}-debian-12" \
) ; \
for COMPONENT in "${COMPONENTS[@]}"; do \
if [ ! -f "${COMPONENT}.tar.gz" ]; then \
curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \
curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \
fi ; \
sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \
rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
done
RUN apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
RUN sed -i -e '/pam_loginuid.so/ s/^#*/#/' /etc/pam.d/cron
COPY rootfs /
RUN /opt/bitnami/scripts/mysql-client/postunpack.sh
RUN /opt/bitnami/scripts/apache/postunpack.sh
RUN /opt/bitnami/scripts/php/postunpack.sh
RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh
RUN /opt/bitnami/scripts/suitecrm/postunpack.sh
ENV APACHE_HTTPS_PORT_NUMBER="" \
APACHE_HTTP_PORT_NUMBER="" \
APP_VERSION="8.6.2" \
BITNAMI_APP_NAME="suitecrm" \
PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:$PATH"
EXPOSE 8080 8443
ENTRYPOINT [ "/opt/bitnami/scripts/suitecrm/entrypoint.sh" ]
CMD [ "/opt/bitnami/scripts/suitecrm/run.sh" ]

37
8/debian-12/docker-compose.yml
Unescape View File

@ -0,0 +1,37 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
version: '2'
services:
mariadb:
image: docker.io/bitnami/mariadb:11.4
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
- MARIADB_USER=bn_suitecrm
- MARIADB_DATABASE=bitnami_suitecrm
- MARIADB_PASSWORD=bitnami123
volumes:
- 'mariadb_data:/bitnami/mariadb'
suitecrm:
image: docker.io/bitnami/suitecrm:8
ports:
- '80:8080'
- '443:8443'
environment:
- SUITECRM_DATABASE_HOST=mariadb
- SUITECRM_DATABASE_PORT_NUMBER=3306
- SUITECRM_DATABASE_USER=bn_suitecrm
- SUITECRM_DATABASE_NAME=bitnami_suitecrm
- SUITECRM_DATABASE_PASSWORD=bitnami123
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
volumes:
- 'suitecrm_data:/bitnami/suitecrm'
depends_on:
- mariadb
volumes:
mariadb_data:
driver: local
suitecrm_data:
driver: local

38
8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
Unescape View File

@ -0,0 +1,38 @@
{
"apache": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "2.4.62-0"
},
"libphp": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "8.1.29-4"
},
"mysql-client": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "11.4.3-0"
},
"php": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "8.1.29-9"
},
"render-template": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "1.0.7-3"
},
"suitecrm": {
"arch": "amd64",
"distro": "debian-12",
"type": "NAMI",
"version": "8.6.2-0"
}
}

2
8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
Unescape View File

@ -0,0 +1,2 @@
Bitnami containers ship with software bundles. You can find the licenses under:
/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

54
8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh
Unescape View File

@ -0,0 +1,54 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami custom library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Constants
BOLD='\033[1m'
# Functions
########################
# Print the welcome page
# Globals:
# DISABLE_WELCOME_MESSAGE
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_welcome_page() {
if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
if [[ -n "$BITNAMI_APP_NAME" ]]; then
print_image_welcome_page
fi
fi
}
########################
# Print the welcome page for a Bitnami Docker image
# Globals:
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_image_welcome_page() {
local github_url="https://github.com/bitnami/containers"
info ""
info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}"
info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}"
info ""
}

141
8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh
Unescape View File

@ -0,0 +1,141 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing files
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libos.sh
# Functions
########################
# Replace a regex-matching string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# $4 - use POSIX regex. Default: true
# Returns:
# None
#########################
replace_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local posix_regex=${4:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
if [[ $posix_regex = true ]]; then
result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
else
result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Replace a regex-matching multiline string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# Returns:
# None
#########################
replace_in_file_multiline() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local result
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
echo "$result" > "$filename"
}
########################
# Remove a line in a file based on a regex
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - use POSIX regex. Default: true
# Returns:
# None
#########################
remove_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local posix_regex=${3:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
if [[ $posix_regex = true ]]; then
result="$(sed -E "/$match_regex/d" "$filename")"
else
result="$(sed "/$match_regex/d" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Appends text after the last line matching a pattern
# Arguments:
# $1 - file
# $2 - match regex
# $3 - contents to add
# Returns:
# None
#########################
append_file_after_last_match() {
local file="${1:?missing file}"
local match_regex="${2:?missing pattern}"
local value="${3:?missing value}"
# We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
echo "$result" > "$file"
}
########################
# Wait until certain entry is present in a log file
# Arguments:
# $1 - entry to look for
# $2 - log file
# $3 - max retries. Default: 12
# $4 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
wait_for_log_entry() {
local -r entry="${1:-missing entry}"
local -r log_file="${2:-missing log file}"
local -r retries="${3:-12}"
local -r interval_time="${4:-5}"
local attempt=0
check_log_file_for_entry() {
if ! grep -qE "$entry" "$log_file"; then
debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
return 1
fi
}
debug "Checking that ${log_file} log file contains entry \"${entry}\""
if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
debug "Found entry \"${entry}\" in ${log_file}"
true
else
error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
debug_execute cat "$log_file"
return 1
fi
}

193
8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh
Unescape View File

@ -0,0 +1,193 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for file system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Ensure a file/directory is owned (user and group) but the given user
# Arguments:
# $1 - filepath
# $2 - owner
# Returns:
# None
#########################
owned_by() {
local path="${1:?path is missing}"
local owner="${2:?owner is missing}"
local group="${3:-}"
if [[ -n $group ]]; then
chown "$owner":"$group" "$path"
else
chown "$owner":"$owner" "$path"
fi
}
########################
# Ensure a directory exists and, optionally, is owned by the given user
# Arguments:
# $1 - directory
# $2 - owner
# Returns:
# None
#########################
ensure_dir_exists() {
local dir="${1:?directory is missing}"
local owner_user="${2:-}"
local owner_group="${3:-}"
[ -d "${dir}" ] || mkdir -p "${dir}"
if [[ -n $owner_user ]]; then
owned_by "$dir" "$owner_user" "$owner_group"
fi
}
########################
# Checks whether a directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_dir_empty() {
local -r path="${1:?missing directory}"
# Calculate real path in order to avoid issues with symlinks
local -r dir="$(realpath "$path")"
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
true
else
false
fi
}
########################
# Checks whether a mounted directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_mounted_dir_empty() {
local dir="${1:?missing directory}"
if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then
true
else
false
fi
}
########################
# Checks whether a file can be written to or not
# arguments:
# $1 - file
# returns:
# boolean
#########################
is_file_writable() {
local file="${1:?missing file}"
local dir
dir="$(dirname "$file")"
if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then
true
else
false
fi
}
########################
# Relativize a path
# arguments:
# $1 - path
# $2 - base
# returns:
# None
#########################
relativize() {
local -r path="${1:?missing path}"
local -r base="${2:?missing base}"
pushd "$base" >/dev/null || exit
realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||'
popd >/dev/null || exit
}
########################
# Configure permisions and ownership recursively
# Globals:
# None
# Arguments:
# $1 - paths (as a string).
# Flags:
# -f|--file-mode - mode for directories.
# -d|--dir-mode - mode for files.
# -u|--user - user
# -g|--group - group
# Returns:
# None
#########################
configure_permissions_ownership() {
local -r paths="${1:?paths is missing}"
local dir_mode=""
local file_mode=""
local user=""
local group=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-f | --file-mode)
shift
file_mode="${1:?missing mode for files}"
;;
-d | --dir-mode)
shift
dir_mode="${1:?missing mode for directories}"
;;
-u | --user)
shift
user="${1:?missing user}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a filepaths <<<"$paths"
for p in "${filepaths[@]}"; do
if [[ -e "$p" ]]; then
find -L "$p" -printf ""
if [[ -n $dir_mode ]]; then
find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
fi
if [[ -n $file_mode ]]; then
find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
fi
if [[ -n $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}"
elif [[ -n $user ]] && [[ -z $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}"
elif [[ -z $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chgrp "${group}"
fi
else
stderr_print "$p does not exist"
fi
done
}

18
8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh
Unescape View File

@ -0,0 +1,18 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library to use for scripts expected to be used as Kubernetes lifecycle hooks
# shellcheck disable=SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
# Override functions that log to stdout/stderr of the current process, so they print to process 1
for function_to_override in stderr_print debug_execute; do
# Output is sent to output of process 1 and thus end up in the container log
# The hook output in general isn't saved
eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2"
done

114
8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh
Unescape View File

@ -0,0 +1,114 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for logging functions
# Constants
RESET='\033[0m'
RED='\033[38;5;1m'
GREEN='\033[38;5;2m'
YELLOW='\033[38;5;3m'
MAGENTA='\033[38;5;5m'
CYAN='\033[38;5;6m'
# Functions
########################
# Print to STDERR
# Arguments:
# Message to print
# Returns:
# None
#########################
stderr_print() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_QUIET:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
printf "%b\\n" "${*}" >&2
fi
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
log() {
stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}"
}
########################
# Log an 'info' message
# Arguments:
# Message to log
# Returns:
# None
#########################
info() {
log "${GREEN}INFO ${RESET} ==> ${*}"
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
warn() {
log "${YELLOW}WARN ${RESET} ==> ${*}"
}
########################
# Log an 'error' message
# Arguments:
# Message to log
# Returns:
# None
#########################
error() {
log "${RED}ERROR${RESET} ==> ${*}"
}
########################
# Log a 'debug' message
# Globals:
# BITNAMI_DEBUG
# Arguments:
# None
# Returns:
# None
#########################
debug() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_DEBUG:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
log "${MAGENTA}DEBUG${RESET} ==> ${*}"
fi
}
########################
# Indent a string
# Arguments:
# $1 - string
# $2 - number of indentation characters (default: 4)
# $3 - indentation character (default: " ")
# Returns:
# None
#########################
indent() {
local string="${1:-}"
local num="${2:?missing num}"
local char="${3:-" "}"
# Build the indentation unit string
local indent_unit=""
for ((i = 0; i < num; i++)); do
indent_unit="${indent_unit}${char}"
done
# shellcheck disable=SC2001
# Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions
echo "$string" | sed "s/^/${indent_unit}/"
}

171
8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh
Unescape View File

@ -0,0 +1,171 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for network functions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Resolve IP address for a host/domain (i.e. DNS lookup)
# Arguments:
# $1 - Hostname to resolve
# $2 - IP address version (v4, v6), leave empty for resolving to any version
# Returns:
# IP
#########################
dns_lookup() {
local host="${1:?host is missing}"
local ip_version="${2:-}"
getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1
}
#########################
# Wait for a hostname and return the IP
# Arguments:
# $1 - hostname
# $2 - number of retries
# $3 - seconds to wait between retries
# Returns:
# - IP address that corresponds to the hostname
#########################
wait_for_dns_lookup() {
local hostname="${1:?hostname is missing}"
local retries="${2:-5}"
local seconds="${3:-1}"
check_host() {
if [[ $(dns_lookup "$hostname") == "" ]]; then
false
else
true
fi
}
# Wait for the host to be ready
retry_while "check_host ${hostname}" "$retries" "$seconds"
dns_lookup "$hostname"
}
########################
# Get machine's IP
# Arguments:
# None
# Returns:
# Machine IP
#########################
get_machine_ip() {
local -a ip_addresses
local hostname
hostname="$(hostname)"
read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)"
if [[ "${#ip_addresses[@]}" -gt 1 ]]; then
warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}"
elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then
error "Could not find any IP address associated to hostname ${hostname}"
exit 1
fi
# Check if the first IP address is IPv6 to add brackets
if validate_ipv6 "${ip_addresses[0]}" ; then
echo "[${ip_addresses[0]}]"
else
echo "${ip_addresses[0]}"
fi
}
########################
# Check if the provided argument is a resolved hostname
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_hostname_resolved() {
local -r host="${1:?missing value}"
if [[ -n "$(dns_lookup "$host")" ]]; then
true
else
false
fi
}
########################
# Parse URL
# Globals:
# None
# Arguments:
# $1 - uri - String
# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String
# Returns:
# String
parse_uri() {
local uri="${1:?uri is missing}"
local component="${2:?component is missing}"
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
# additional sub-expressions to split authority into userinfo, host and port
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
# || | ||| | | | | | | | | |
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
# | 4 authority
# 3 //...
local index=0
case "$component" in
scheme)
index=2
;;
authority)
index=4
;;
userinfo)
index=6
;;
host)
index=7
;;
port)
index=9
;;
path)
index=10
;;
query)
index=13
;;
fragment)
index=14
;;
*)
stderr_print "unrecognized component $component"
return 1
;;
esac
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
}
########################
# Wait for a HTTP connection to succeed
# Globals:
# *
# Arguments:
# $1 - URL to wait for
# $2 - Maximum amount of retries (optional)
# $3 - Time between retries (optional)
# Returns:
# true if the HTTP connection succeeded, false otherwise
#########################
wait_for_http_connection() {
local url="${1:?missing url}"
local retries="${2:-}"
local sleep_time="${3:-}"
if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then
error "Could not connect to ${url}"
return 1
fi
}

657
8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh
Unescape View File

@ -0,0 +1,657 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for operating system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Check if an user exists in the system
# Arguments:
# $1 - user
# Returns:
# Boolean
#########################
user_exists() {
local user="${1:?user is missing}"
id "$user" >/dev/null 2>&1
}
########################
# Check if a group exists in the system
# Arguments:
# $1 - group
# Returns:
# Boolean
#########################
group_exists() {
local group="${1:?group is missing}"
getent group "$group" >/dev/null 2>&1
}
########################
# Create a group in the system if it does not exist already
# Arguments:
# $1 - group
# Flags:
# -i|--gid - the ID for the new group
# -s|--system - Whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_group_exists() {
local group="${1:?group is missing}"
local gid=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --gid)
shift
gid="${1:?missing gid}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! group_exists "$group"; then
local -a args=("$group")
if [[ -n "$gid" ]]; then
if group_exists "$gid"; then
error "The GID $gid is already in use." >&2
return 1
fi
args+=("--gid" "$gid")
fi
$is_system_user && args+=("--system")
groupadd "${args[@]}" >/dev/null 2>&1
fi
}
########################
# Create an user in the system if it does not exist already
# Arguments:
# $1 - user
# Flags:
# -i|--uid - the ID for the new user
# -g|--group - the group the new user should belong to
# -a|--append-groups - comma-separated list of supplemental groups to append to the new user
# -h|--home - the home directory for the new user
# -s|--system - whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_user_exists() {
local user="${1:?user is missing}"
local uid=""
local group=""
local append_groups=""
local home=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --uid)
shift
uid="${1:?missing uid}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
-a | --append-groups)
shift
append_groups="${1:?missing append_groups}"
;;
-h | --home)
shift
home="${1:?missing home directory}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! user_exists "$user"; then
local -a user_args=("-N" "$user")
if [[ -n "$uid" ]]; then
if user_exists "$uid"; then
error "The UID $uid is already in use."
return 1
fi
user_args+=("--uid" "$uid")
else
$is_system_user && user_args+=("--system")
fi
useradd "${user_args[@]}" >/dev/null 2>&1
fi
if [[ -n "$group" ]]; then
local -a group_args=("$group")
$is_system_user && group_args+=("--system")
ensure_group_exists "${group_args[@]}"
usermod -g "$group" "$user" >/dev/null 2>&1
fi
if [[ -n "$append_groups" ]]; then
local -a groups
read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")"
for group in "${groups[@]}"; do
ensure_group_exists "$group"
usermod -aG "$group" "$user" >/dev/null 2>&1
done
fi
if [[ -n "$home" ]]; then
mkdir -p "$home"
usermod -d "$home" "$user" >/dev/null 2>&1
configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
fi
}
########################
# Check if the script is currently running as root
# Arguments:
# $1 - user
# $2 - group
# Returns:
# Boolean
#########################
am_i_root() {
if [[ "$(id -u)" = "0" ]]; then
true
else
false
fi
}
########################
# Print OS metadata
# Arguments:
# $1 - Flag name
# Flags:
# --id - Distro ID
# --version - Distro version
# --branch - Distro branch
# --codename - Distro codename
# --name - Distro name
# --pretty-name - Distro pretty name
# Returns:
# String
#########################
get_os_metadata() {
local -r flag_name="${1:?missing flag}"
# Helper function
get_os_release_metadata() {
local -r env_name="${1:?missing environment variable name}"
(
. /etc/os-release
echo "${!env_name}"
)
}
case "$flag_name" in
--id)
get_os_release_metadata ID
;;
--version)
get_os_release_metadata VERSION_ID
;;
--branch)
get_os_release_metadata VERSION_ID | sed 's/\..*//'
;;
--codename)
get_os_release_metadata VERSION_CODENAME
;;
--name)
get_os_release_metadata NAME
;;
--pretty-name)
get_os_release_metadata PRETTY_NAME
;;
*)
error "Unknown flag ${flag_name}"
return 1
;;
esac
}
########################
# Get total memory available
# Arguments:
# None
# Returns:
# Memory in bytes
#########################
get_total_memory() {
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# None
# Flags:
# --memory - memory size (optional)
# Returns:
# Detected instance size
#########################
get_machine_size() {
local memory=""
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
--memory)
shift
memory="${1:?missing memory}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if [[ -z "$memory" ]]; then
debug "Memory was not specified, detecting available memory automatically"
memory="$(get_total_memory)"
fi
sanitized_memory=$(convert_to_mb "$memory")
if [[ "$sanitized_memory" -gt 26000 ]]; then
echo 2xlarge
elif [[ "$sanitized_memory" -gt 13000 ]]; then
echo xlarge
elif [[ "$sanitized_memory" -gt 6000 ]]; then
echo large
elif [[ "$sanitized_memory" -gt 3000 ]]; then
echo medium
elif [[ "$sanitized_memory" -gt 1500 ]]; then
echo small
else
echo micro
fi
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# $1 - memory size (optional)
# Returns:
# Detected instance size
#########################
get_supported_machine_sizes() {
echo micro small medium large xlarge 2xlarge
}
########################
# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048)
# Globals:
# None
# Arguments:
# $1 - memory size
# Returns:
# Result of the conversion
#########################
convert_to_mb() {
local amount="${1:-}"
if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then
size="${BASH_REMATCH[1]}"
unit="${BASH_REMATCH[2]}"
if [[ "$unit" = "g" || "$unit" = "G" ]]; then
amount="$((size * 1024))"
else
amount="$size"
fi
fi
echo "$amount"
}
#########################
# Redirects output to /dev/null if debug mode is disabled
# Globals:
# BITNAMI_DEBUG
# Arguments:
# $@ - Command to execute
# Returns:
# None
#########################
debug_execute() {
if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then
"$@"
else
"$@" >/dev/null 2>&1
fi
}
########################
# Retries a command a given number of times
# Arguments:
# $1 - cmd (as a string)
# $2 - max retries. Default: 12
# $3 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
retry_while() {
local cmd="${1:?cmd is missing}"
local retries="${2:-12}"
local sleep_time="${3:-5}"
local return_value=1
read -r -a command <<<"$cmd"
for ((i = 1; i <= retries; i += 1)); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
########################
# Generate a random string
# Arguments:
# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii
# -c|--count - Number of characters, defaults to 32
# Arguments:
# None
# Returns:
# None
# Returns:
# String
#########################
generate_random_string() {
local type="ascii"
local count="32"
local filter
local result
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
-t | --type)
shift
type="$1"
;;
-c | --count)
shift
count="$1"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Validate type
case "$type" in
ascii)
filter="[:print:]"
;;
numeric)
filter="0-9"
;;
alphanumeric)
filter="a-zA-Z0-9"
;;
alphanumeric+special|special+alphanumeric)
# Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
# Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
filter='a-zA-Z0-9:@.,/+!='
;;
*)
echo "Invalid type ${type}" >&2
return 1
;;
esac
# Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size
# Note there is a very small chance of strings starting with EOL character
# Therefore, the higher amount of lines read, this will happen less frequently
result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")"
echo "$result"
}
########################
# Create md5 hash from a string
# Arguments:
# $1 - string
# Returns:
# md5 hash - string
#########################
generate_md5_hash() {
local -r str="${1:?missing input string}"
echo -n "$str" | md5sum | awk '{print $1}'
}
########################
# Create sha1 hash from a string
# Arguments:
# $1 - string
# $2 - algorithm - 1 (default), 224, 256, 384, 512
# Returns:
# sha1 hash - string
#########################
generate_sha_hash() {
local -r str="${1:?missing input string}"
local -r algorithm="${2:-1}"
echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}'
}
########################
# Converts a string to its hexadecimal representation
# Arguments:
# $1 - string
# Returns:
# hexadecimal representation of the string
#########################
convert_to_hex() {
local -r str=${1:?missing input string}
local -i iterator
local char
for ((iterator = 0; iterator < ${#str}; iterator++)); do
char=${str:iterator:1}
printf '%x' "'${char}"
done
}
########################
# Get boot time
# Globals:
# None
# Arguments:
# None
# Returns:
# Boot time metadata
#########################
get_boot_time() {
stat /proc --format=%Y
}
########################
# Get machine ID
# Globals:
# None
# Arguments:
# None
# Returns:
# Machine ID
#########################
get_machine_id() {
local machine_id
if [[ -f /etc/machine-id ]]; then
machine_id="$(cat /etc/machine-id)"
fi
if [[ -z "$machine_id" ]]; then
# Fallback to the boot-time, which will at least ensure a unique ID in the current session
machine_id="$(get_boot_time)"
fi
echo "$machine_id"
}
########################
# Get the root partition's disk device ID (e.g. /dev/sda1)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root partition disk ID
#########################
get_disk_device_id() {
local device_id=""
if grep -q ^/dev /proc/mounts; then
device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
fi
# If it could not be autodetected, fallback to /dev/sda1 as a default
if [[ -z "$device_id" || ! -b "$device_id" ]]; then
device_id="/dev/sda1"
fi
echo "$device_id"
}
########################
# Get the root disk device ID (e.g. /dev/sda)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk ID
#########################
get_root_disk_device_id() {
get_disk_device_id | sed -E 's/p?[0-9]+$//'
}
########################
# Get the root disk size in bytes
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk size in bytes
#########################
get_root_disk_size() {
fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
}
########################
# Run command as a specific user and group (optional)
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
run_as_user() {
run_chroot "$@"
}
########################
# Execute command as a specific user and group (optional),
# replacing the current process image
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
exec_as_user() {
run_chroot --replace-process "$@"
}
########################
# Run a command using chroot
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Flags:
# -r | --replace-process - Replace the current process image (optional)
# Returns:
# Exit code of the specified command
#########################
run_chroot() {
local userspec
local user
local homedir
local replace=false
local -r cwd="$(pwd)"
# Parse and validate flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-r | --replace-process)
replace=true
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
# Parse and validate arguments
if [[ "$#" -lt 2 ]]; then
echo "expected at least 2 arguments"
return 1
else
userspec=$1
shift
# userspec can optionally include the group, so we parse the user
user=$(echo "$userspec" | cut -d':' -f1)
fi
if ! am_i_root; then
error "Could not switch to '${userspec}': Operation not permitted"
return 1
fi
# Get the HOME directory for the user to switch, as chroot does
# not properly update this env and some scripts rely on it
homedir=$(eval echo "~${user}")
if [[ ! -d $homedir ]]; then
homedir="${HOME:-/}"
fi
# Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
if [[ "$replace" = true ]]; then
exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
else
chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
fi
}

124
8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh
Unescape View File

@ -0,0 +1,124 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami persistence library
# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libversion.sh
# Functions
########################
# Persist an application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# $2 - List of app files to persist
# Returns:
# true if all steps succeeded, false otherwise
#########################
persist_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Persist the individual files
if [[ "${#files_to_persist[@]}" -le 0 ]]; then
warn "No files are configured to be persisted"
return
fi
pushd "$install_dir" >/dev/null || exit
local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder
local -r tmp_file="/tmp/perms.acl"
for file_to_persist in "${files_to_persist[@]}"; do
if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then
error "Cannot persist '${file_to_persist}' because it does not exist"
return 1
fi
file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")"
file_to_persist_destination="${persist_dir}/${file_to_persist_relative}"
file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
# Get original permissions for existing files, which will be applied later
# Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume
getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file"
# Copy directories to the volume
ensure_dir_exists "$file_to_persist_destination_folder"
cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder"
# Restore permissions
pushd "$persist_dir" >/dev/null || exit
if am_i_root; then
setfacl --restore="$tmp_file"
else
# When running as non-root, don't change ownership
setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
fi
popd >/dev/null || exit
done
popd >/dev/null || exit
rm -f "$tmp_file"
# Install the persisted files into the installation directory, via symlinks
restore_persisted_app "$@"
}
########################
# Restore a persisted application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# FORCE_MAJOR_UPGRADE
# Arguments:
# $1 - App folder name
# $2 - List of app files to restore
# Returns:
# true if all steps succeeded, false otherwise
#########################
restore_persisted_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Restore the individual persisted files
if [[ "${#files_to_restore[@]}" -le 0 ]]; then
warn "No persisted files are configured to be restored"
return
fi
local file_to_restore_relative file_to_restore_origin file_to_restore_destination
for file_to_restore in "${files_to_restore[@]}"; do
file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")"
# We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed
file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")"
file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")"
rm -rf "$file_to_restore_origin"
ln -sfn "$file_to_restore_destination" "$file_to_restore_origin"
done
}
########################
# Check if an application directory was already persisted
# Globals:
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# Returns:
# true if all steps succeeded, false otherwise
#########################
is_app_initialized() {
local -r app="${1:?missing app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
if ! is_mounted_dir_empty "$persist_dir"; then
true
else
false
fi
}

496
8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh
Unescape View File

@ -0,0 +1,496 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing services
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Read the provided pid file and returns a PID
# Arguments:
# $1 - Pid file
# Returns:
# PID
#########################
get_pid_from_file() {
local pid_file="${1:?pid file is missing}"
if [[ -f "$pid_file" ]]; then
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
echo "$(< "$pid_file")"
fi
fi
}
########################
# Check if a provided PID corresponds to a running service
# Arguments:
# $1 - PID
# Returns:
# Boolean
#########################
is_service_running() {
local pid="${1:?pid is missing}"
kill -0 "$pid" 2>/dev/null
}
########################
# Stop a service by sending a termination signal to its pid
# Arguments:
# $1 - Pid file
# $2 - Signal number (optional)
# Returns:
# None
#########################
stop_service_using_pid() {
local pid_file="${1:?pid file is missing}"
local signal="${2:-}"
local pid
pid="$(get_pid_from_file "$pid_file")"
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
if [[ -n "$signal" ]]; then
kill "-${signal}" "$pid"
else
kill "$pid"
fi
local counter=10
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
sleep 1
counter=$((counter - 1))
done
}
########################
# Start cron daemon
# Arguments:
# None
# Returns:
# true if started correctly, false otherwise
#########################
cron_start() {
if [[ -x "/usr/sbin/cron" ]]; then
/usr/sbin/cron
elif [[ -x "/usr/sbin/crond" ]]; then
/usr/sbin/crond
else
false
fi
}
########################
# Generate a cron configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Command
# Flags:
# --run-as - User to run as (default: root)
# --schedule - Cron schedule configuration (default: * * * * *)
# Returns:
# None
#########################
generate_cron_conf() {
local service_name="${1:?service name is missing}"
local cmd="${2:?command is missing}"
local run_as="root"
local schedule="* * * * *"
local clean="true"
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--run-as)
shift
run_as="$1"
;;
--schedule)
shift
schedule="$1"
;;
--no-clean)
clean="false"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p /etc/cron.d
if "$clean"; then
cat > "/etc/cron.d/${service_name}" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${schedule} ${run_as} ${cmd}
EOF
else
echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name"
fi
}
########################
# Remove a cron configuration file for a given service
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_cron_conf() {
local service_name="${1:?service name is missing}"
local cron_conf_dir="/etc/monit/conf.d"
rm -f "${cron_conf_dir}/${service_name}"
}
########################
# Generate a monit configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Pid file
# $3 - Start command
# $4 - Stop command
# Flags:
# --disable - Whether to disable the monit configuration
# Returns:
# None
#########################
generate_monit_conf() {
local service_name="${1:?service name is missing}"
local pid_file="${2:?pid file is missing}"
local start_command="${3:?start command is missing}"
local stop_command="${4:?stop command is missing}"
local monit_conf_dir="/etc/monit/conf.d"
local disabled="no"
# Parse optional CLI flags
shift 4
while [[ "$#" -gt 0 ]]; do
case "$1" in
--disable)
disabled="yes"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
is_boolean_yes "$disabled" && conf_suffix=".disabled"
mkdir -p "$monit_conf_dir"
cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
check process ${service_name}
with pidfile "${pid_file}"
start program = "${start_command}" with timeout 90 seconds
stop program = "${stop_command}" with timeout 90 seconds
EOF
}
########################
# Remove a monit configuration file for a given service
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_monit_conf() {
local service_name="${1:?service name is missing}"
local monit_conf_dir="/etc/monit/conf.d"
rm -f "${monit_conf_dir}/${service_name}.conf"
}
########################
# Generate a logrotate configuration file
# Arguments:
# $1 - Service name
# $2 - Log files pattern
# Flags:
# --period - Period
# --rotations - Number of rotations to store
# --extra - Extra options (Optional)
# Returns:
# None
#########################
generate_logrotate_conf() {
local service_name="${1:?service name is missing}"
local log_path="${2:?log path is missing}"
local period="weekly"
local rotations="150"
local extra=""
local logrotate_conf_dir="/etc/logrotate.d"
local var_name
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--period|--rotations|--extra)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p "$logrotate_conf_dir"
cat <<EOF | sed '/^\s*$/d' > "${logrotate_conf_dir}/${service_name}"
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${log_path} {
${period}
rotate ${rotations}
dateext
compress
copytruncate
missingok
$(indent "$extra" 2)
}
EOF
}
########################
# Remove a logrotate configuration file
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_logrotate_conf() {
local service_name="${1:?service name is missing}"
local logrotate_conf_dir="/etc/logrotate.d"
rm -f "${logrotate_conf_dir}/${service_name}"
}
########################
# Generate a Systemd configuration file
# Arguments:
# $1 - Service name
# Flags:
# --custom-service-content - Custom content to add to the [service] block
# --environment - Environment variable to define (multiple --environment options may be passed)
# --environment-file - Text file with environment variables (multiple --environment-file options may be passed)
# --exec-start - Start command (required)
# --exec-start-pre - Pre-start command (optional)
# --exec-start-post - Post-start command (optional)
# --exec-stop - Stop command (optional)
# --exec-reload - Reload command (optional)
# --group - System group to start the service with
# --name - Service full name (e.g. Apache HTTP Server, defaults to $1)
# --restart - When to restart the Systemd service after being stopped (defaults to always)
# --pid-file - Service PID file
# --standard-output - File where to print stdout output
# --standard-error - File where to print stderr output
# --success-exit-status - Exit code that indicates a successful shutdown
# --type - Systemd unit type (defaults to forking)
# --user - System user to start the service with
# --working-directory - Working directory at which to start the service
# Returns:
# None
#########################
generate_systemd_conf() {
local -r service_name="${1:?service name is missing}"
local -r systemd_units_dir="/etc/systemd/system"
local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service"
# Default values
local name="$service_name"
local type="forking"
local user=""
local group=""
local environment=""
local environment_file=""
local exec_start=""
local exec_start_pre=""
local exec_start_post=""
local exec_stop=""
local exec_reload=""
local restart="always"
local pid_file=""
local standard_output="journal"
local standard_error=""
local limits_content=""
local success_exit_status=""
local custom_service_content=""
local working_directory=""
# Parse CLI flags
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--name \
| --type \
| --user \
| --group \
| --exec-start \
| --exec-stop \
| --exec-reload \
| --restart \
| --pid-file \
| --standard-output \
| --standard-error \
| --success-exit-status \
| --custom-service-content \
| --working-directory \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"${var_name} value is missing"}"
;;
--limit-*)
[[ -n "$limits_content" ]] && limits_content+=$'\n'
var_name="${1//--limit-}"
shift
limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}"
;;
--exec-start-pre)
shift
[[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n'
exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}"
;;
--exec-start-post)
shift
[[ -n "$exec_start_post" ]] && exec_start_post+=$'\n'
exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}"
;;
--environment)
shift
# It is possible to add multiple environment lines
[[ -n "$environment" ]] && environment+=$'\n'
environment+="Environment=${1:?"--environment value is missing"}"
;;
--environment-file)
shift
# It is possible to add multiple environment-file lines
[[ -n "$environment_file" ]] && environment_file+=$'\n'
environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
# Validate inputs
local error="no"
if [[ -z "$exec_start" ]]; then
error "The --exec-start option is required"
error="yes"
fi
if [[ "$error" != "no" ]]; then
return 1
fi
# Generate the Systemd unit
cat > "$service_file" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
[Unit]
Description=Bitnami service for ${name}
# Starting/stopping the main bitnami service should cause the same effect for this service
PartOf=bitnami.service
[Service]
Type=${type}
EOF
if [[ -n "$working_directory" ]]; then
cat >> "$service_file" <<< "WorkingDirectory=${working_directory}"
fi
if [[ -n "$exec_start_pre" ]]; then
# This variable may contain multiple ExecStartPre= directives
cat >> "$service_file" <<< "$exec_start_pre"
fi
if [[ -n "$exec_start" ]]; then
cat >> "$service_file" <<< "ExecStart=${exec_start}"
fi
if [[ -n "$exec_start_post" ]]; then
# This variable may contain multiple ExecStartPost= directives
cat >> "$service_file" <<< "$exec_start_post"
fi
# Optional stop and reload commands
if [[ -n "$exec_stop" ]]; then
cat >> "$service_file" <<< "ExecStop=${exec_stop}"
fi
if [[ -n "$exec_reload" ]]; then
cat >> "$service_file" <<< "ExecReload=${exec_reload}"
fi
# User and group
if [[ -n "$user" ]]; then
cat >> "$service_file" <<< "User=${user}"
fi
if [[ -n "$group" ]]; then
cat >> "$service_file" <<< "Group=${group}"
fi
# PID file allows to determine if the main process is running properly (for Restart=always)
if [[ -n "$pid_file" ]]; then
cat >> "$service_file" <<< "PIDFile=${pid_file}"
fi
if [[ -n "$restart" ]]; then
cat >> "$service_file" <<< "Restart=${restart}"
fi
# Environment flags
if [[ -n "$environment" ]]; then
# This variable may contain multiple Environment= directives
cat >> "$service_file" <<< "$environment"
fi
if [[ -n "$environment_file" ]]; then
# This variable may contain multiple EnvironmentFile= directives
cat >> "$service_file" <<< "$environment_file"
fi
# Logging
if [[ -n "$standard_output" ]]; then
cat >> "$service_file" <<< "StandardOutput=${standard_output}"
fi
if [[ -n "$standard_error" ]]; then
cat >> "$service_file" <<< "StandardError=${standard_error}"
fi
if [[ -n "$custom_service_content" ]]; then
# This variable may contain multiple miscellaneous directives
cat >> "$service_file" <<< "$custom_service_content"
fi
if [[ -n "$success_exit_status" ]]; then
cat >> "$service_file" <<EOF
# When the process receives a SIGTERM signal, it exits with code ${success_exit_status}
SuccessExitStatus=${success_exit_status}
EOF
fi
cat >> "$service_file" <<EOF
# Optimizations
TimeoutStartSec=2min
TimeoutStopSec=30s
IgnoreSIGPIPE=no
KillMode=mixed
EOF
if [[ -n "$limits_content" ]]; then
cat >> "$service_file" <<EOF
# Limits
${limits_content}
EOF
fi
cat >> "$service_file" <<EOF
[Install]
# Enabling/disabling the main bitnami service should cause the same effect for this service
WantedBy=bitnami.service
EOF
}

304
8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh
Unescape View File

@ -0,0 +1,304 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Validation functions library
# shellcheck disable=SC1091,SC2086
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Check if the provided argument is an integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_int() {
local -r int="${1:?missing value}"
if [[ "$int" =~ ^-?[0-9]+ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a positive integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_positive_int() {
local -r int="${1:?missing value}"
if is_int "$int" && (( "${int}" >= 0 )); then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean or is the string 'yes/true'
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_boolean_yes() {
local -r bool="${1:-}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean yes/no value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_yes_no_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(yes|no)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean true/false value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_true_false_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(true|false)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean 1/0 value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_1_0_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^[10]$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is an empty string or not defined
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_empty_value() {
local -r val="${1:-}"
if [[ -z "$val" ]]; then
true
else
false
fi
}
########################
# Validate if the provided argument is a valid port
# Arguments:
# $1 - Port to validate
# Returns:
# Boolean and error message
#########################
validate_port() {
local value
local unprivileged=0
# Parse flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-unprivileged)
unprivileged=1
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [[ "$#" -gt 1 ]]; then
echo "too many arguments provided"
return 2
elif [[ "$#" -eq 0 ]]; then
stderr_print "missing port argument"
return 1
else
value=$1
fi
if [[ -z "$value" ]]; then
echo "the value is empty"
return 1
else
if ! is_int "$value"; then
echo "value is not an integer"
return 2
elif [[ "$value" -lt 0 ]]; then
echo "negative value provided"
return 2
elif [[ "$value" -gt 65535 ]]; then
echo "requested port is greater than 65535"
return 2
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
echo "privileged port requested"
return 3
fi
fi
}
########################
# Validate if the provided argument is a valid IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv6() {
local ip="${1:?ip is missing}"
local stat=1
local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$'
local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$'
if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then
stat=0
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv4() {
local ip="${1:?ip is missing}"
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
stat=$?
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 or IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ip() {
local ip="${1:?ip is missing}"
local stat=1
if validate_ipv4 "$ip"; then
stat=0
else
stat=$(validate_ipv6 "$ip")
fi
return $stat
}
########################
# Validate a string format
# Arguments:
# $1 - String to validate
# Returns:
# Boolean
#########################
validate_string() {
local string
local min_length=-1
local max_length=-1
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
-min-length)
shift
min_length=${1:-}
;;
-max-length)
shift
max_length=${1:-}
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [ "$#" -gt 1 ]; then
stderr_print "too many arguments provided"
return 2
elif [ "$#" -eq 0 ]; then
stderr_print "missing string"
return 1
else
string=$1
fi
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
echo "string length is less than $min_length"
return 1
fi
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
echo "string length is great than $max_length"
return 1
fi
}

51
8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh
Unescape View File

@ -0,0 +1,51 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing versions strings
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Gets semantic version
# Arguments:
# $1 - version: string to extract major.minor.patch
# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch
# Returns:
# array with the major, minor and release
#########################
get_sematic_version () {
local version="${1:?version is required}"
local section="${2:?section is required}"
local -a version_sections
#Regex to parse versions: x.y.z
local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?'
if [[ "$version" =~ $regex ]]; then
local i=1
local j=1
local n=${#BASH_REMATCH[*]}
while [[ $i -lt $n ]]; do
if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then
version_sections[j]="${BASH_REMATCH[$i]}"
((j++))
fi
((i++))
done
local number_regex='^[0-9]+$'
if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then
echo "${version_sections[$section]}"
return
else
stderr_print "Section allowed values are: 1, 2, and 3"
return 1
fi
fi
}

476
8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh
Unescape View File

@ -0,0 +1,476 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami web server handler library
# shellcheck disable=SC1090,SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
########################
# Execute a command (or list of commands) with the web server environment and library loaded
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_execute() {
local -r web_server="${1:?missing web server}"
shift
# Run program in sub-shell to avoid web server environment getting loaded when not necessary
(
. "/opt/bitnami/scripts/lib${web_server}.sh"
. "/opt/bitnami/scripts/${web_server}-env.sh"
"$@"
)
}
########################
# Prints the list of enabled web servers
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_list() {
local -r -a supported_web_servers=(apache nginx)
local -a existing_web_servers=()
for web_server in "${supported_web_servers[@]}"; do
[[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server")
done
echo "${existing_web_servers[@]:-}"
}
########################
# Prints the currently-enabled web server type (only one, in order of preference)
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_type() {
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
echo "${web_servers[0]:-}"
}
########################
# Validate that a supported web server is configured
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_validate() {
local error_code=0
local supported_web_servers=("apache" "nginx")
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then
print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}"
elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then
print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable."
fi
return "$error_code"
}
########################
# Check whether the web server is running
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the web server is running, false otherwise
#########################
is_web_server_running() {
"is_$(web_server_type)_running"
}
########################
# Start web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_start() {
info "Starting $(web_server_type) in background"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl start "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh"
fi
}
########################
# Stop web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_stop() {
info "Stopping $(web_server_type)"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl stop "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh"
fi
}
########################
# Restart web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_restart() {
info "Restarting $(web_server_type)"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl restart "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh"
fi
}
########################
# Reload web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_reload() {
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl reload "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh"
fi
}
########################
# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on which configuration template to use
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --disable - Whether to render server configurations with a .disabled prefix
# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix
# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix
# --http-port - HTTP port number
# --https-port - HTTPS port number
# --document-root - Path to document root directory
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default)
# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default)
# --apache-before-vhost-configuration - Configuration to add before the <VirtualHost> directive (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-proxy-address - Address where to proxy requests
# --apache-proxy-configuration - Extra configuration for the proxy
# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost
# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# --nginx-external-configuration - Configuration external to server block (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_app_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--disable \
| --disable-http \
| --disable-https \
)
apache_args+=("$1")
nginx_args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --type \
| --allow-remote-connections \
| --http-port \
| --https-port \
| --document-root \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-additional-http-configuration \
| --apache-additional-https-configuration \
| --apache-before-vhost-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-proxy-address \
| --apache-proxy-configuration \
| --apache-proxy-http-configuration \
| --apache-proxy-https-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "${2:?missing value}")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration \
| --nginx-external-configuration)
nginx_args+=("${1//nginx-/}" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Returns:
# true if the configuration was disabled, false otherwise
########################
ensure_web_server_app_configuration_not_exists() {
local app="${1:?missing app}"
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app"
done
}
########################
# Ensure the web server loads the configuration for an application in a URL prefix
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --document-root - Path to document root directory
# --prefix - URL prefix from where it will be accessible (i.e. /myapp)
# --type - Application type, which has an effect on what configuration template will be used
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no')
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_prefix_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--allow-remote-connections \
| --document-root \
| --prefix \
| --type \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "$2")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration)
nginx_args+=("${1//nginx-/}" "$2")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --enable-http - Enable HTTP app configuration (if not enabled already)
# --enable-https - Enable HTTPS app configuration (if not enabled already)
# --disable-http - Disable HTTP app configuration (if not disabled already)
# --disable-https - Disable HTTPS app configuration (if not disabled already)
# --http-port - HTTP port number
# --https-port - HTTPS port number
# Returns:
# true if the configuration was updated, false otherwise
########################
web_server_update_app_configuration() {
local app="${1:?missing app}"
shift
local -a args web_servers
args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--enable-http \
| --enable-https \
| --disable-http \
| --disable-https \
)
args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --http-port \
| --https-port \
)
args+=("$1" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}"
done
}
########################
# Enable loading page, which shows users that the initialization process is not yet completed
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_enable_loading_page() {
ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \
--apache-additional-configuration "
# Show a HTTP 503 Service Unavailable page by default
RedirectMatch 503 ^/$
# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes
ErrorDocument 404 /index.html
ErrorDocument 503 /index.html" \
--nginx-additional-configuration "
# Show a HTTP 503 Service Unavailable page by default
location / {
return 503;
}
# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes
error_page 404 @installing;
error_page 503 @installing;
location @installing {
rewrite ^(.*)$ /index.html break;
}"
web_server_reload
}
########################
# Enable loading page, which shows users that the initialization process is not yet completed
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_disable_install_page() {
ensure_web_server_app_configuration_not_exists "__loading"
web_server_reload
}

27
8/debian-12/prebuildfs/usr/sbin/install_packages
Unescape View File

@ -0,0 +1,27 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get update -qq &&
apt-get install -y --no-install-recommends "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

24
8/debian-12/prebuildfs/usr/sbin/run-script
Unescape View File

@ -0,0 +1,24 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -u
if [ $# -eq 0 ]; then
>&2 echo "No arguments provided"
exit 1
fi
script=$1
exit_code="${2:-96}"
fail_if_not_present="${3:-n}"
if test -f "$script"; then
sh $script
if [ $? -ne 0 ]; then
exit $((exit_code))
fi
elif [ "$fail_if_not_present" = "y" ]; then
>&2 echo "script not found: $script"
exit 127
fi

5
8/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf
Unescape View File

@ -0,0 +1,5 @@
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
AddOutputFilterByType DEFLATE application/rss+xml
</IfModule>

7
8/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf
Unescape View File

@ -0,0 +1,7 @@
<VirtualHost 127.0.0.1:80>
ServerName status.localhost
<Location /server-status>
Require local
SetHandler server-status
</Location>
</VirtualHost>

81
8/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh
Unescape View File

@ -0,0 +1,81 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for apache
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-apache}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
apache_env_vars=(
APACHE_HTTP_PORT_NUMBER
APACHE_HTTPS_PORT_NUMBER
APACHE_SERVER_TOKENS
APACHE_HTTP_PORT
APACHE_HTTPS_PORT
)
for env_var in "${apache_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset apache_env_vars
export WEB_SERVER_TYPE="apache"
# Paths
export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache"
export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin"
export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf"
export APACHE_DEFAULT_CONF_DIR="${APACHE_BASE_DIR}/conf.default"
export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs"
export APACHE_TMP_DIR="${APACHE_BASE_DIR}/var/run"
export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs"
export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts"
export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess"
export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf"
export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid"
export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}"
# System users (when running with a privileged user)
export APACHE_DAEMON_USER="daemon"
export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER"
export APACHE_DAEMON_GROUP="daemon"
export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP"
export WEB_SERVER_GROUP="$APACHE_DAEMON_GROUP"
# Apache configuration
export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080"
export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER" # only used at build time
export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443"
export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER" # only used at build time
APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-"${APACHE_HTTP_PORT:-}"}"
export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}"
export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER"
APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-"${APACHE_HTTPS_PORT:-}"}"
export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}"
export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER"
export APACHE_SERVER_TOKENS="${APACHE_SERVER_TOKENS:-Prod}"
# Custom environment variables may be defined below

43
8/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh
Unescape View File

@ -0,0 +1,43 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libversion.sh
. /opt/bitnami/scripts/libapache.sh
# Load Apache environment
. /opt/bitnami/scripts/apache-env.sh
. /opt/bitnami/scripts/php-env.sh
# Enable required Apache modules
apache_enable_module "mpm_prefork_module"
php_version="$("${PHP_BIN_DIR}/php" -v | grep ^PHP | cut -d' ' -f2))"
php_major_version="$(get_sematic_version "$php_version" 1)"
if [[ "$php_major_version" -eq "8" ]]; then
apache_enable_module "php_module" "modules/libphp.so"
else
apache_enable_module "php${php_major_version}_module" "modules/libphp${php_major_version}.so"
fi
# Disable incompatible Apache modules
apache_disable_module "mpm_event_module"
# Write Apache configuration
apache_php_conf_file="${APACHE_CONF_DIR}/bitnami/php.conf"
cat > "$apache_php_conf_file" <<EOF
AddType application/x-httpd-php .php
DirectoryIndex index.html index.htm index.php
EOF
ensure_apache_configuration_exists "Include \"${apache_php_conf_file}\""
# Copy all initially generated configuration files to the default directory
# (this is to avoid breaking when entrypoint is being overridden)
cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR"

7
8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-http-vhost.conf.tpl
Unescape View File

@ -0,0 +1,7 @@
{{http_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{http_listen_addresses}}>
{{server_name_configuration}}
{{additional_http_configuration}}
{{additional_configuration}}
</VirtualHost>

10
8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl
Unescape View File

@ -0,0 +1,10 @@
{{https_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{https_listen_addresses}}>
{{server_name_configuration}}
SSLEngine on
SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt"
SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key"
{{additional_https_configuration}}
{{additional_configuration}}
</VirtualHost>

1
8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl
Unescape View File

@ -0,0 +1 @@
{{additional_configuration}}

15
8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl
Unescape View File

@ -0,0 +1,15 @@
{{http_listen_configuration}}
{{before_vhost_configuration}}
<VirtualHost {{http_listen_addresses}}>
{{server_name_configuration}}
DocumentRoot {{document_root}}
<Directory "{{document_root}}">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride {{allow_override}}
{{acl_configuration}}
{{extra_directory_configuration}}
</Directory>
{{additional_http_configuration}}
{{additional_configuration}}
{{htaccess_include}}
</VirtualHost>

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save