From f15adb2bb5c79ccebbdd48ed41e5ab4cdee18671 Mon Sep 17 00:00:00 2001 From: Artem Darius Weber Date: Fri, 30 Aug 2024 09:16:16 +0300 Subject: [PATCH] first commit --- 7/debian-12/Dockerfile | 66 ++ 7/debian-12/docker-compose.yml | 36 + .../opt/bitnami/.bitnami_components.json | 38 + .../opt/bitnami/licenses/licenses.txt | 2 + .../opt/bitnami/scripts/libbitnami.sh | 54 + .../prebuildfs/opt/bitnami/scripts/libfile.sh | 141 +++ .../prebuildfs/opt/bitnami/scripts/libfs.sh | 193 +++ .../prebuildfs/opt/bitnami/scripts/libhook.sh | 18 + .../prebuildfs/opt/bitnami/scripts/liblog.sh | 114 ++ .../prebuildfs/opt/bitnami/scripts/libnet.sh | 171 +++ .../prebuildfs/opt/bitnami/scripts/libos.sh | 657 +++++++++++ .../opt/bitnami/scripts/libpersistence.sh | 124 ++ .../opt/bitnami/scripts/libservice.sh | 496 ++++++++ .../opt/bitnami/scripts/libvalidations.sh | 304 +++++ .../opt/bitnami/scripts/libversion.sh | 51 + .../opt/bitnami/scripts/libwebserver.sh | 476 ++++++++ .../prebuildfs/usr/sbin/install_packages | 27 + 7/debian-12/prebuildfs/usr/sbin/run-script | 24 + .../opt/bitnami/apache/conf/deflate.conf | 5 + .../apache/conf/vhosts/00_status-vhost.conf | 7 + .../rootfs/opt/bitnami/scripts/apache-env.sh | 81 ++ .../scripts/apache-modphp/postunpack.sh | 43 + .../app-generic-http-vhost.conf.tpl | 7 + .../app-generic-https-vhost.conf.tpl | 10 + .../app-generic-prefix.conf.tpl | 1 + .../bitnami-templates/app-http-vhost.conf.tpl | 15 + .../app-https-vhost.conf.tpl | 18 + .../bitnami-templates/app-prefix.conf.tpl | 9 + .../app-proxy-http-vhost.conf.tpl | 11 + .../app-proxy-https-vhost.conf.tpl | 14 + .../app-proxy-prefix.conf.tpl | 11 + .../app-ruby-passenger-http-vhost.conf.tpl | 16 + .../app-ruby-passenger-https-vhost.conf.tpl | 19 + .../app-ruby-passenger-prefix.conf.tpl | 9 + .../bitnami-templates/bitnami-ssl.conf.tpl | 29 + .../apache/bitnami-templates/bitnami.conf.tpl | 17 + .../opt/bitnami/scripts/apache/entrypoint.sh | 35 + .../opt/bitnami/scripts/apache/postunpack.sh | 131 +++ .../opt/bitnami/scripts/apache/reload.sh | 20 + .../opt/bitnami/scripts/apache/restart.sh | 19 + .../rootfs/opt/bitnami/scripts/apache/run.sh | 20 + .../opt/bitnami/scripts/apache/setup.sh | 98 ++ .../opt/bitnami/scripts/apache/start.sh | 34 + .../opt/bitnami/scripts/apache/status.sh | 23 + .../rootfs/opt/bitnami/scripts/apache/stop.sh | 34 + .../rootfs/opt/bitnami/scripts/libapache.sh | 808 +++++++++++++ .../opt/bitnami/scripts/libmysqlclient.sh | 1048 +++++++++++++++++ .../rootfs/opt/bitnami/scripts/libphp.sh | 265 +++++ .../rootfs/opt/bitnami/scripts/libsuitecrm.sh | 477 ++++++++ .../opt/bitnami/scripts/mysql-client-env.sh | 128 ++ .../scripts/mysql-client/postunpack.sh | 21 + .../opt/bitnami/scripts/mysql-client/setup.sh | 21 + .../rootfs/opt/bitnami/scripts/php-env.sh | 91 ++ .../opt/bitnami/scripts/php/postunpack.sh | 47 + .../rootfs/opt/bitnami/scripts/php/reload.sh | 37 + .../rootfs/opt/bitnami/scripts/php/restart.sh | 19 + .../rootfs/opt/bitnami/scripts/php/run.sh | 21 + .../rootfs/opt/bitnami/scripts/php/setup.sh | 34 + .../rootfs/opt/bitnami/scripts/php/start.sh | 34 + .../rootfs/opt/bitnami/scripts/php/status.sh | 23 + .../rootfs/opt/bitnami/scripts/php/stop.sh | 34 + .../opt/bitnami/scripts/suitecrm-env.sh | 120 ++ .../bitnami-templates/config_db.php.tpl | 23 + .../bitnami-templates/config_si.php.tpl | 39 + .../bitnami/scripts/suitecrm/entrypoint.sh | 33 + .../bitnami/scripts/suitecrm/postunpack.sh | 55 + .../opt/bitnami/scripts/suitecrm/run.sh | 42 + .../opt/bitnami/scripts/suitecrm/setup.sh | 41 + .../bitnami/scripts/suitecrm/updatehost.sh | 28 + 7/debian-12/rootfs/post-init.d/php.sh | 33 + 7/debian-12/rootfs/post-init.d/shell.sh | 38 + 7/debian-12/rootfs/post-init.d/sql-mysql.sh | 48 + 7/debian-12/rootfs/post-init.sh | 25 + 7/debian-12/tags-info.yaml | 4 + 8/debian-12/Dockerfile | 66 ++ 8/debian-12/docker-compose.yml | 37 + .../opt/bitnami/.bitnami_components.json | 38 + .../opt/bitnami/licenses/licenses.txt | 2 + .../opt/bitnami/scripts/libbitnami.sh | 54 + .../prebuildfs/opt/bitnami/scripts/libfile.sh | 141 +++ .../prebuildfs/opt/bitnami/scripts/libfs.sh | 193 +++ .../prebuildfs/opt/bitnami/scripts/libhook.sh | 18 + .../prebuildfs/opt/bitnami/scripts/liblog.sh | 114 ++ .../prebuildfs/opt/bitnami/scripts/libnet.sh | 171 +++ .../prebuildfs/opt/bitnami/scripts/libos.sh | 657 +++++++++++ .../opt/bitnami/scripts/libpersistence.sh | 124 ++ .../opt/bitnami/scripts/libservice.sh | 496 ++++++++ .../opt/bitnami/scripts/libvalidations.sh | 304 +++++ .../opt/bitnami/scripts/libversion.sh | 51 + .../opt/bitnami/scripts/libwebserver.sh | 476 ++++++++ .../prebuildfs/usr/sbin/install_packages | 27 + 8/debian-12/prebuildfs/usr/sbin/run-script | 24 + .../opt/bitnami/apache/conf/deflate.conf | 5 + .../apache/conf/vhosts/00_status-vhost.conf | 7 + .../rootfs/opt/bitnami/scripts/apache-env.sh | 81 ++ .../scripts/apache-modphp/postunpack.sh | 43 + .../app-generic-http-vhost.conf.tpl | 7 + .../app-generic-https-vhost.conf.tpl | 10 + .../app-generic-prefix.conf.tpl | 1 + .../bitnami-templates/app-http-vhost.conf.tpl | 15 + .../app-https-vhost.conf.tpl | 18 + .../bitnami-templates/app-prefix.conf.tpl | 9 + .../app-proxy-http-vhost.conf.tpl | 11 + .../app-proxy-https-vhost.conf.tpl | 14 + .../app-proxy-prefix.conf.tpl | 11 + .../app-ruby-passenger-http-vhost.conf.tpl | 16 + .../app-ruby-passenger-https-vhost.conf.tpl | 19 + .../app-ruby-passenger-prefix.conf.tpl | 9 + .../bitnami-templates/bitnami-ssl.conf.tpl | 29 + .../apache/bitnami-templates/bitnami.conf.tpl | 17 + .../opt/bitnami/scripts/apache/entrypoint.sh | 35 + .../opt/bitnami/scripts/apache/postunpack.sh | 131 +++ .../opt/bitnami/scripts/apache/reload.sh | 20 + .../opt/bitnami/scripts/apache/restart.sh | 19 + .../rootfs/opt/bitnami/scripts/apache/run.sh | 20 + .../opt/bitnami/scripts/apache/setup.sh | 98 ++ .../opt/bitnami/scripts/apache/start.sh | 34 + .../opt/bitnami/scripts/apache/status.sh | 23 + .../rootfs/opt/bitnami/scripts/apache/stop.sh | 34 + .../rootfs/opt/bitnami/scripts/libapache.sh | 808 +++++++++++++ .../opt/bitnami/scripts/libmysqlclient.sh | 1048 +++++++++++++++++ .../rootfs/opt/bitnami/scripts/libphp.sh | 265 +++++ .../rootfs/opt/bitnami/scripts/libsuitecrm.sh | 477 ++++++++ .../opt/bitnami/scripts/mysql-client-env.sh | 128 ++ .../scripts/mysql-client/postunpack.sh | 21 + .../opt/bitnami/scripts/mysql-client/setup.sh | 21 + .../rootfs/opt/bitnami/scripts/php-env.sh | 91 ++ .../opt/bitnami/scripts/php/postunpack.sh | 47 + .../rootfs/opt/bitnami/scripts/php/reload.sh | 37 + .../rootfs/opt/bitnami/scripts/php/restart.sh | 19 + .../rootfs/opt/bitnami/scripts/php/run.sh | 21 + .../rootfs/opt/bitnami/scripts/php/setup.sh | 34 + .../rootfs/opt/bitnami/scripts/php/start.sh | 34 + .../rootfs/opt/bitnami/scripts/php/status.sh | 23 + .../rootfs/opt/bitnami/scripts/php/stop.sh | 34 + .../opt/bitnami/scripts/suitecrm-env.sh | 120 ++ .../bitnami-templates/config_db.php.tpl | 23 + .../bitnami-templates/config_si.php.tpl | 39 + .../bitnami/scripts/suitecrm/entrypoint.sh | 33 + .../bitnami/scripts/suitecrm/postunpack.sh | 55 + .../opt/bitnami/scripts/suitecrm/run.sh | 42 + .../opt/bitnami/scripts/suitecrm/setup.sh | 41 + .../bitnami/scripts/suitecrm/updatehost.sh | 28 + 8/debian-12/rootfs/post-init.d/php.sh | 33 + 8/debian-12/rootfs/post-init.d/shell.sh | 38 + 8/debian-12/rootfs/post-init.d/sql-mysql.sh | 48 + 8/debian-12/rootfs/post-init.sh | 25 + 8/debian-12/tags-info.yaml | 5 + README.md | 525 +++++++++ docker-compose.yml | 37 + 150 files changed, 15294 insertions(+) create mode 100644 7/debian-12/Dockerfile create mode 100644 7/debian-12/docker-compose.yml create mode 100644 7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json create mode 100644 7/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh create mode 100644 7/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh create mode 100755 7/debian-12/prebuildfs/usr/sbin/install_packages create mode 100755 7/debian-12/prebuildfs/usr/sbin/run-script create mode 100644 7/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf create mode 100644 7/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-http-vhost.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/libapache.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/libphp.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/libsuitecrm.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/mysql-client-env.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/mysql-client/postunpack.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/mysql-client/setup.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/php-env.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/php/run.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/php/start.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/php/status.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl create mode 100644 7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh create mode 100755 7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh create mode 100755 7/debian-12/rootfs/post-init.d/php.sh create mode 100755 7/debian-12/rootfs/post-init.d/shell.sh create mode 100755 7/debian-12/rootfs/post-init.d/sql-mysql.sh create mode 100755 7/debian-12/rootfs/post-init.sh create mode 100644 7/debian-12/tags-info.yaml create mode 100644 8/debian-12/Dockerfile create mode 100644 8/debian-12/docker-compose.yml create mode 100644 8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json create mode 100644 8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh create mode 100644 8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh create mode 100755 8/debian-12/prebuildfs/usr/sbin/install_packages create mode 100755 8/debian-12/prebuildfs/usr/sbin/run-script create mode 100644 8/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf create mode 100644 8/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-http-vhost.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/libapache.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/libphp.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/libsuitecrm.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/mysql-client-env.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/mysql-client/postunpack.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/mysql-client/setup.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/php-env.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/php/postunpack.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/php/reload.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/php/restart.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/php/run.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/php/setup.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/php/start.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/php/status.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl create mode 100644 8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh create mode 100755 8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh create mode 100755 8/debian-12/rootfs/post-init.d/php.sh create mode 100755 8/debian-12/rootfs/post-init.d/shell.sh create mode 100755 8/debian-12/rootfs/post-init.d/sql-mysql.sh create mode 100755 8/debian-12/rootfs/post-init.sh create mode 100644 8/debian-12/tags-info.yaml create mode 100644 README.md create mode 100644 docker-compose.yml diff --git a/7/debian-12/Dockerfile b/7/debian-12/Dockerfile new file mode 100644 index 0000000..b70593b --- /dev/null +++ b/7/debian-12/Dockerfile @@ -0,0 +1,66 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2024-08-28T06:26:27Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/suitecrm/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="7.14.5-debian-12-r1" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/suitecrm" \ + org.opencontainers.image.title="suitecrm" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="7.14.5" + +ENV OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages acl ca-certificates cron curl libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "render-template-1.0.7-3-linux-${OS_ARCH}-debian-12" \ + "php-8.1.29-9-linux-${OS_ARCH}-debian-12" \ + "apache-2.4.62-1-linux-${OS_ARCH}-debian-12" \ + "mysql-client-11.4.3-0-linux-${OS_ARCH}-debian-12" \ + "libphp-8.1.29-5-linux-${OS_ARCH}-debian-12" \ + "suitecrm-7.14.5-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN sed -i -e '/pam_loginuid.so/ s/^#*/#/' /etc/pam.d/cron + +COPY rootfs / +RUN /opt/bitnami/scripts/mysql-client/postunpack.sh +RUN /opt/bitnami/scripts/apache/postunpack.sh +RUN /opt/bitnami/scripts/php/postunpack.sh +RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh +RUN /opt/bitnami/scripts/suitecrm/postunpack.sh +ENV APACHE_HTTPS_PORT_NUMBER="" \ + APACHE_HTTP_PORT_NUMBER="" \ + APP_VERSION="7.14.5" \ + BITNAMI_APP_NAME="suitecrm" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:$PATH" + +EXPOSE 8080 8443 + +ENTRYPOINT [ "/opt/bitnami/scripts/suitecrm/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/suitecrm/run.sh" ] diff --git a/7/debian-12/docker-compose.yml b/7/debian-12/docker-compose.yml new file mode 100644 index 0000000..786c1ee --- /dev/null +++ b/7/debian-12/docker-compose.yml @@ -0,0 +1,36 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +services: + mariadb: + image: docker.io/bitnami/mariadb:11.4 + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - MARIADB_USER=bn_suitecrm + - MARIADB_DATABASE=bitnami_suitecrm + - MARIADB_PASSWORD=bitnami123 + volumes: + - 'mariadb_data:/bitnami/mariadb' + suitecrm: + image: docker.io/bitnami/suitecrm:7 + ports: + - '80:8080' + - '443:8443' + environment: + - SUITECRM_DATABASE_HOST=mariadb + - SUITECRM_DATABASE_PORT_NUMBER=3306 + - SUITECRM_DATABASE_USER=bn_suitecrm + - SUITECRM_DATABASE_NAME=bitnami_suitecrm + - SUITECRM_DATABASE_PASSWORD=bitnami123 + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + volumes: + - 'suitecrm_data:/bitnami/suitecrm' + depends_on: + - mariadb +volumes: + mariadb_data: + driver: local + suitecrm_data: + driver: local diff --git a/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000..c33caeb --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,38 @@ +{ + "apache": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "2.4.62-1" + }, + "libphp": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.1.29-5" + }, + "mysql-client": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.4.3-0" + }, + "php": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.1.29-9" + }, + "render-template": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.7-3" + }, + "suitecrm": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "7.14.5-0" + } +} \ No newline at end of file diff --git a/7/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/7/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt new file mode 100644 index 0000000..76956b3 --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt @@ -0,0 +1,2 @@ +Bitnami containers ship with software bundles. You can find the licenses under: +/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000..d239f98 --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" + info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "" +} + diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh new file mode 100644 index 0000000..1c69e0e --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh @@ -0,0 +1,141 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing files + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libos.sh + +# Functions + +######################## +# Replace a regex-matching string in a file +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - substitute regex +# $4 - use POSIX regex. Default: true +# Returns: +# None +######################### +replace_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + local posix_regex=${4:-true} + + local result + + # We should avoid using 'sed in-place' substitutions + # 1) They are not compatible with files mounted from ConfigMap(s) + # 2) We found incompatibility issues with Debian10 and "in-place" substitutions + local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues + if [[ $posix_regex = true ]]; then + result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" + else + result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" + fi + echo "$result" > "$filename" +} + +######################## +# Replace a regex-matching multiline string in a file +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - substitute regex +# Returns: +# None +######################### +replace_in_file_multiline() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + + local result + local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues + result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" + echo "$result" > "$filename" +} + +######################## +# Remove a line in a file based on a regex +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - use POSIX regex. Default: true +# Returns: +# None +######################### +remove_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local posix_regex=${3:-true} + local result + + # We should avoid using 'sed in-place' substitutions + # 1) They are not compatible with files mounted from ConfigMap(s) + # 2) We found incompatibility issues with Debian10 and "in-place" substitutions + if [[ $posix_regex = true ]]; then + result="$(sed -E "/$match_regex/d" "$filename")" + else + result="$(sed "/$match_regex/d" "$filename")" + fi + echo "$result" > "$filename" +} + +######################## +# Appends text after the last line matching a pattern +# Arguments: +# $1 - file +# $2 - match regex +# $3 - contents to add +# Returns: +# None +######################### +append_file_after_last_match() { + local file="${1:?missing file}" + local match_regex="${2:?missing pattern}" + local value="${3:?missing value}" + + # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again + result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" + echo "$result" > "$file" +} + +######################## +# Wait until certain entry is present in a log file +# Arguments: +# $1 - entry to look for +# $2 - log file +# $3 - max retries. Default: 12 +# $4 - sleep between retries (in seconds). Default: 5 +# Returns: +# Boolean +######################### +wait_for_log_entry() { + local -r entry="${1:-missing entry}" + local -r log_file="${2:-missing log file}" + local -r retries="${3:-12}" + local -r interval_time="${4:-5}" + local attempt=0 + + check_log_file_for_entry() { + if ! grep -qE "$entry" "$log_file"; then + debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" + return 1 + fi + } + debug "Checking that ${log_file} log file contains entry \"${entry}\"" + if retry_while check_log_file_for_entry "$retries" "$interval_time"; then + debug "Found entry \"${entry}\" in ${log_file}" + true + else + error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" + debug_execute cat "$log_file" + return 1 + fi +} diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh new file mode 100644 index 0000000..970d624 --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh @@ -0,0 +1,193 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for file system actions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Ensure a file/directory is owned (user and group) but the given user +# Arguments: +# $1 - filepath +# $2 - owner +# Returns: +# None +######################### +owned_by() { + local path="${1:?path is missing}" + local owner="${2:?owner is missing}" + local group="${3:-}" + + if [[ -n $group ]]; then + chown "$owner":"$group" "$path" + else + chown "$owner":"$owner" "$path" + fi +} + +######################## +# Ensure a directory exists and, optionally, is owned by the given user +# Arguments: +# $1 - directory +# $2 - owner +# Returns: +# None +######################### +ensure_dir_exists() { + local dir="${1:?directory is missing}" + local owner_user="${2:-}" + local owner_group="${3:-}" + + [ -d "${dir}" ] || mkdir -p "${dir}" + if [[ -n $owner_user ]]; then + owned_by "$dir" "$owner_user" "$owner_group" + fi +} + +######################## +# Checks whether a directory is empty or not +# arguments: +# $1 - directory +# returns: +# boolean +######################### +is_dir_empty() { + local -r path="${1:?missing directory}" + # Calculate real path in order to avoid issues with symlinks + local -r dir="$(realpath "$path")" + if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then + true + else + false + fi +} + +######################## +# Checks whether a mounted directory is empty or not +# arguments: +# $1 - directory +# returns: +# boolean +######################### +is_mounted_dir_empty() { + local dir="${1:?missing directory}" + + if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then + true + else + false + fi +} + +######################## +# Checks whether a file can be written to or not +# arguments: +# $1 - file +# returns: +# boolean +######################### +is_file_writable() { + local file="${1:?missing file}" + local dir + dir="$(dirname "$file")" + + if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then + true + else + false + fi +} + +######################## +# Relativize a path +# arguments: +# $1 - path +# $2 - base +# returns: +# None +######################### +relativize() { + local -r path="${1:?missing path}" + local -r base="${2:?missing base}" + pushd "$base" >/dev/null || exit + realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' + popd >/dev/null || exit +} + +######################## +# Configure permisions and ownership recursively +# Globals: +# None +# Arguments: +# $1 - paths (as a string). +# Flags: +# -f|--file-mode - mode for directories. +# -d|--dir-mode - mode for files. +# -u|--user - user +# -g|--group - group +# Returns: +# None +######################### +configure_permissions_ownership() { + local -r paths="${1:?paths is missing}" + local dir_mode="" + local file_mode="" + local user="" + local group="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -f | --file-mode) + shift + file_mode="${1:?missing mode for files}" + ;; + -d | --dir-mode) + shift + dir_mode="${1:?missing mode for directories}" + ;; + -u | --user) + shift + user="${1:?missing user}" + ;; + -g | --group) + shift + group="${1:?missing group}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + read -r -a filepaths <<<"$paths" + for p in "${filepaths[@]}"; do + if [[ -e "$p" ]]; then + find -L "$p" -printf "" + if [[ -n $dir_mode ]]; then + find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" + fi + if [[ -n $file_mode ]]; then + find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" + fi + if [[ -n $user ]] && [[ -n $group ]]; then + find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" + elif [[ -n $user ]] && [[ -z $group ]]; then + find -L "$p" -print0 | xargs -r -0 chown "${user}" + elif [[ -z $user ]] && [[ -n $group ]]; then + find -L "$p" -print0 | xargs -r -0 chgrp "${group}" + fi + else + stderr_print "$p does not exist" + fi + done +} diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh new file mode 100644 index 0000000..f3a5fe7 --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library to use for scripts expected to be used as Kubernetes lifecycle hooks + +# shellcheck disable=SC1091 + +# Load generic libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh + +# Override functions that log to stdout/stderr of the current process, so they print to process 1 +for function_to_override in stderr_print debug_execute; do + # Output is sent to output of process 1 and thus end up in the container log + # The hook output in general isn't saved + eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" +done diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh new file mode 100644 index 0000000..450f05b --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for logging functions + +# Constants +RESET='\033[0m' +RED='\033[38;5;1m' +GREEN='\033[38;5;2m' +YELLOW='\033[38;5;3m' +MAGENTA='\033[38;5;5m' +CYAN='\033[38;5;6m' + +# Functions + +######################## +# Print to STDERR +# Arguments: +# Message to print +# Returns: +# None +######################### +stderr_print() { + # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it + local bool="${BITNAMI_QUIET:-false}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + printf "%b\\n" "${*}" >&2 + fi +} + +######################## +# Log message +# Arguments: +# Message to log +# Returns: +# None +######################### +log() { + stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" +} +######################## +# Log an 'info' message +# Arguments: +# Message to log +# Returns: +# None +######################### +info() { + log "${GREEN}INFO ${RESET} ==> ${*}" +} +######################## +# Log message +# Arguments: +# Message to log +# Returns: +# None +######################### +warn() { + log "${YELLOW}WARN ${RESET} ==> ${*}" +} +######################## +# Log an 'error' message +# Arguments: +# Message to log +# Returns: +# None +######################### +error() { + log "${RED}ERROR${RESET} ==> ${*}" +} +######################## +# Log a 'debug' message +# Globals: +# BITNAMI_DEBUG +# Arguments: +# None +# Returns: +# None +######################### +debug() { + # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it + local bool="${BITNAMI_DEBUG:-false}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + log "${MAGENTA}DEBUG${RESET} ==> ${*}" + fi +} + +######################## +# Indent a string +# Arguments: +# $1 - string +# $2 - number of indentation characters (default: 4) +# $3 - indentation character (default: " ") +# Returns: +# None +######################### +indent() { + local string="${1:-}" + local num="${2:?missing num}" + local char="${3:-" "}" + # Build the indentation unit string + local indent_unit="" + for ((i = 0; i < num; i++)); do + indent_unit="${indent_unit}${char}" + done + # shellcheck disable=SC2001 + # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions + echo "$string" | sed "s/^/${indent_unit}/" +} diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh new file mode 100644 index 0000000..004e426 --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -0,0 +1,171 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for network functions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh + +# Functions + +######################## +# Resolve IP address for a host/domain (i.e. DNS lookup) +# Arguments: +# $1 - Hostname to resolve +# $2 - IP address version (v4, v6), leave empty for resolving to any version +# Returns: +# IP +######################### +dns_lookup() { + local host="${1:?host is missing}" + local ip_version="${2:-}" + getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 +} + +######################### +# Wait for a hostname and return the IP +# Arguments: +# $1 - hostname +# $2 - number of retries +# $3 - seconds to wait between retries +# Returns: +# - IP address that corresponds to the hostname +######################### +wait_for_dns_lookup() { + local hostname="${1:?hostname is missing}" + local retries="${2:-5}" + local seconds="${3:-1}" + check_host() { + if [[ $(dns_lookup "$hostname") == "" ]]; then + false + else + true + fi + } + # Wait for the host to be ready + retry_while "check_host ${hostname}" "$retries" "$seconds" + dns_lookup "$hostname" +} + +######################## +# Get machine's IP +# Arguments: +# None +# Returns: +# Machine IP +######################### +get_machine_ip() { + local -a ip_addresses + local hostname + hostname="$(hostname)" + read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" + if [[ "${#ip_addresses[@]}" -gt 1 ]]; then + warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" + elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then + error "Could not find any IP address associated to hostname ${hostname}" + exit 1 + fi + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi +} + +######################## +# Check if the provided argument is a resolved hostname +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_hostname_resolved() { + local -r host="${1:?missing value}" + if [[ -n "$(dns_lookup "$host")" ]]; then + true + else + false + fi +} + +######################## +# Parse URL +# Globals: +# None +# Arguments: +# $1 - uri - String +# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String +# Returns: +# String +parse_uri() { + local uri="${1:?uri is missing}" + local component="${2:?component is missing}" + + # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with + # additional sub-expressions to split authority into userinfo, host and port + # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) + local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' + # || | ||| | | | | | | | | | + # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment + # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... + # | 4 authority + # 3 //... + local index=0 + case "$component" in + scheme) + index=2 + ;; + authority) + index=4 + ;; + userinfo) + index=6 + ;; + host) + index=7 + ;; + port) + index=9 + ;; + path) + index=10 + ;; + query) + index=13 + ;; + fragment) + index=14 + ;; + *) + stderr_print "unrecognized component $component" + return 1 + ;; + esac + [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" +} + +######################## +# Wait for a HTTP connection to succeed +# Globals: +# * +# Arguments: +# $1 - URL to wait for +# $2 - Maximum amount of retries (optional) +# $3 - Time between retries (optional) +# Returns: +# true if the HTTP connection succeeded, false otherwise +######################### +wait_for_http_connection() { + local url="${1:?missing url}" + local retries="${2:-}" + local sleep_time="${3:-}" + if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then + error "Could not connect to ${url}" + return 1 + fi +} diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh new file mode 100644 index 0000000..9d908c4 --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh @@ -0,0 +1,657 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for operating system actions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libvalidations.sh + +# Functions + +######################## +# Check if an user exists in the system +# Arguments: +# $1 - user +# Returns: +# Boolean +######################### +user_exists() { + local user="${1:?user is missing}" + id "$user" >/dev/null 2>&1 +} + +######################## +# Check if a group exists in the system +# Arguments: +# $1 - group +# Returns: +# Boolean +######################### +group_exists() { + local group="${1:?group is missing}" + getent group "$group" >/dev/null 2>&1 +} + +######################## +# Create a group in the system if it does not exist already +# Arguments: +# $1 - group +# Flags: +# -i|--gid - the ID for the new group +# -s|--system - Whether to create new user as system user (uid <= 999) +# Returns: +# None +######################### +ensure_group_exists() { + local group="${1:?group is missing}" + local gid="" + local is_system_user=false + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -i | --gid) + shift + gid="${1:?missing gid}" + ;; + -s | --system) + is_system_user=true + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + if ! group_exists "$group"; then + local -a args=("$group") + if [[ -n "$gid" ]]; then + if group_exists "$gid"; then + error "The GID $gid is already in use." >&2 + return 1 + fi + args+=("--gid" "$gid") + fi + $is_system_user && args+=("--system") + groupadd "${args[@]}" >/dev/null 2>&1 + fi +} + +######################## +# Create an user in the system if it does not exist already +# Arguments: +# $1 - user +# Flags: +# -i|--uid - the ID for the new user +# -g|--group - the group the new user should belong to +# -a|--append-groups - comma-separated list of supplemental groups to append to the new user +# -h|--home - the home directory for the new user +# -s|--system - whether to create new user as system user (uid <= 999) +# Returns: +# None +######################### +ensure_user_exists() { + local user="${1:?user is missing}" + local uid="" + local group="" + local append_groups="" + local home="" + local is_system_user=false + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -i | --uid) + shift + uid="${1:?missing uid}" + ;; + -g | --group) + shift + group="${1:?missing group}" + ;; + -a | --append-groups) + shift + append_groups="${1:?missing append_groups}" + ;; + -h | --home) + shift + home="${1:?missing home directory}" + ;; + -s | --system) + is_system_user=true + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + if ! user_exists "$user"; then + local -a user_args=("-N" "$user") + if [[ -n "$uid" ]]; then + if user_exists "$uid"; then + error "The UID $uid is already in use." + return 1 + fi + user_args+=("--uid" "$uid") + else + $is_system_user && user_args+=("--system") + fi + useradd "${user_args[@]}" >/dev/null 2>&1 + fi + + if [[ -n "$group" ]]; then + local -a group_args=("$group") + $is_system_user && group_args+=("--system") + ensure_group_exists "${group_args[@]}" + usermod -g "$group" "$user" >/dev/null 2>&1 + fi + + if [[ -n "$append_groups" ]]; then + local -a groups + read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" + for group in "${groups[@]}"; do + ensure_group_exists "$group" + usermod -aG "$group" "$user" >/dev/null 2>&1 + done + fi + + if [[ -n "$home" ]]; then + mkdir -p "$home" + usermod -d "$home" "$user" >/dev/null 2>&1 + configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" + fi +} + +######################## +# Check if the script is currently running as root +# Arguments: +# $1 - user +# $2 - group +# Returns: +# Boolean +######################### +am_i_root() { + if [[ "$(id -u)" = "0" ]]; then + true + else + false + fi +} + +######################## +# Print OS metadata +# Arguments: +# $1 - Flag name +# Flags: +# --id - Distro ID +# --version - Distro version +# --branch - Distro branch +# --codename - Distro codename +# --name - Distro name +# --pretty-name - Distro pretty name +# Returns: +# String +######################### +get_os_metadata() { + local -r flag_name="${1:?missing flag}" + # Helper function + get_os_release_metadata() { + local -r env_name="${1:?missing environment variable name}" + ( + . /etc/os-release + echo "${!env_name}" + ) + } + case "$flag_name" in + --id) + get_os_release_metadata ID + ;; + --version) + get_os_release_metadata VERSION_ID + ;; + --branch) + get_os_release_metadata VERSION_ID | sed 's/\..*//' + ;; + --codename) + get_os_release_metadata VERSION_CODENAME + ;; + --name) + get_os_release_metadata NAME + ;; + --pretty-name) + get_os_release_metadata PRETTY_NAME + ;; + *) + error "Unknown flag ${flag_name}" + return 1 + ;; + esac +} + +######################## +# Get total memory available +# Arguments: +# None +# Returns: +# Memory in bytes +######################### +get_total_memory() { + echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) +} + +######################## +# Get machine size depending on specified memory +# Globals: +# None +# Arguments: +# None +# Flags: +# --memory - memory size (optional) +# Returns: +# Detected instance size +######################### +get_machine_size() { + local memory="" + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + --memory) + shift + memory="${1:?missing memory}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if [[ -z "$memory" ]]; then + debug "Memory was not specified, detecting available memory automatically" + memory="$(get_total_memory)" + fi + sanitized_memory=$(convert_to_mb "$memory") + if [[ "$sanitized_memory" -gt 26000 ]]; then + echo 2xlarge + elif [[ "$sanitized_memory" -gt 13000 ]]; then + echo xlarge + elif [[ "$sanitized_memory" -gt 6000 ]]; then + echo large + elif [[ "$sanitized_memory" -gt 3000 ]]; then + echo medium + elif [[ "$sanitized_memory" -gt 1500 ]]; then + echo small + else + echo micro + fi +} + +######################## +# Get machine size depending on specified memory +# Globals: +# None +# Arguments: +# $1 - memory size (optional) +# Returns: +# Detected instance size +######################### +get_supported_machine_sizes() { + echo micro small medium large xlarge 2xlarge +} + +######################## +# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) +# Globals: +# None +# Arguments: +# $1 - memory size +# Returns: +# Result of the conversion +######################### +convert_to_mb() { + local amount="${1:-}" + if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then + size="${BASH_REMATCH[1]}" + unit="${BASH_REMATCH[2]}" + if [[ "$unit" = "g" || "$unit" = "G" ]]; then + amount="$((size * 1024))" + else + amount="$size" + fi + fi + echo "$amount" +} + +######################### +# Redirects output to /dev/null if debug mode is disabled +# Globals: +# BITNAMI_DEBUG +# Arguments: +# $@ - Command to execute +# Returns: +# None +######################### +debug_execute() { + if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then + "$@" + else + "$@" >/dev/null 2>&1 + fi +} + +######################## +# Retries a command a given number of times +# Arguments: +# $1 - cmd (as a string) +# $2 - max retries. Default: 12 +# $3 - sleep between retries (in seconds). Default: 5 +# Returns: +# Boolean +######################### +retry_while() { + local cmd="${1:?cmd is missing}" + local retries="${2:-12}" + local sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<<"$cmd" + for ((i = 1; i <= retries; i += 1)); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value +} + +######################## +# Generate a random string +# Arguments: +# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii +# -c|--count - Number of characters, defaults to 32 +# Arguments: +# None +# Returns: +# None +# Returns: +# String +######################### +generate_random_string() { + local type="ascii" + local count="32" + local filter + local result + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + -t | --type) + shift + type="$1" + ;; + -c | --count) + shift + count="$1" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Validate type + case "$type" in + ascii) + filter="[:print:]" + ;; + numeric) + filter="0-9" + ;; + alphanumeric) + filter="a-zA-Z0-9" + ;; + alphanumeric+special|special+alphanumeric) + # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters + # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex + filter='a-zA-Z0-9:@.,/+!=' + ;; + *) + echo "Invalid type ${type}" >&2 + return 1 + ;; + esac + # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size + # Note there is a very small chance of strings starting with EOL character + # Therefore, the higher amount of lines read, this will happen less frequently + result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" + echo "$result" +} + +######################## +# Create md5 hash from a string +# Arguments: +# $1 - string +# Returns: +# md5 hash - string +######################### +generate_md5_hash() { + local -r str="${1:?missing input string}" + echo -n "$str" | md5sum | awk '{print $1}' +} + +######################## +# Create sha1 hash from a string +# Arguments: +# $1 - string +# $2 - algorithm - 1 (default), 224, 256, 384, 512 +# Returns: +# sha1 hash - string +######################### +generate_sha_hash() { + local -r str="${1:?missing input string}" + local -r algorithm="${2:-1}" + echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' +} + +######################## +# Converts a string to its hexadecimal representation +# Arguments: +# $1 - string +# Returns: +# hexadecimal representation of the string +######################### +convert_to_hex() { + local -r str=${1:?missing input string} + local -i iterator + local char + for ((iterator = 0; iterator < ${#str}; iterator++)); do + char=${str:iterator:1} + printf '%x' "'${char}" + done +} + +######################## +# Get boot time +# Globals: +# None +# Arguments: +# None +# Returns: +# Boot time metadata +######################### +get_boot_time() { + stat /proc --format=%Y +} + +######################## +# Get machine ID +# Globals: +# None +# Arguments: +# None +# Returns: +# Machine ID +######################### +get_machine_id() { + local machine_id + if [[ -f /etc/machine-id ]]; then + machine_id="$(cat /etc/machine-id)" + fi + if [[ -z "$machine_id" ]]; then + # Fallback to the boot-time, which will at least ensure a unique ID in the current session + machine_id="$(get_boot_time)" + fi + echo "$machine_id" +} + +######################## +# Get the root partition's disk device ID (e.g. /dev/sda1) +# Globals: +# None +# Arguments: +# None +# Returns: +# Root partition disk ID +######################### +get_disk_device_id() { + local device_id="" + if grep -q ^/dev /proc/mounts; then + device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" + fi + # If it could not be autodetected, fallback to /dev/sda1 as a default + if [[ -z "$device_id" || ! -b "$device_id" ]]; then + device_id="/dev/sda1" + fi + echo "$device_id" +} + +######################## +# Get the root disk device ID (e.g. /dev/sda) +# Globals: +# None +# Arguments: +# None +# Returns: +# Root disk ID +######################### +get_root_disk_device_id() { + get_disk_device_id | sed -E 's/p?[0-9]+$//' +} + +######################## +# Get the root disk size in bytes +# Globals: +# None +# Arguments: +# None +# Returns: +# Root disk size in bytes +######################### +get_root_disk_size() { + fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true +} + +######################## +# Run command as a specific user and group (optional) +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Returns: +# Exit code of the specified command +######################### +run_as_user() { + run_chroot "$@" +} + +######################## +# Execute command as a specific user and group (optional), +# replacing the current process image +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Returns: +# Exit code of the specified command +######################### +exec_as_user() { + run_chroot --replace-process "$@" +} + +######################## +# Run a command using chroot +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Flags: +# -r | --replace-process - Replace the current process image (optional) +# Returns: +# Exit code of the specified command +######################### +run_chroot() { + local userspec + local user + local homedir + local replace=false + local -r cwd="$(pwd)" + + # Parse and validate flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -r | --replace-process) + replace=true + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + # Parse and validate arguments + if [[ "$#" -lt 2 ]]; then + echo "expected at least 2 arguments" + return 1 + else + userspec=$1 + shift + + # userspec can optionally include the group, so we parse the user + user=$(echo "$userspec" | cut -d':' -f1) + fi + + if ! am_i_root; then + error "Could not switch to '${userspec}': Operation not permitted" + return 1 + fi + + # Get the HOME directory for the user to switch, as chroot does + # not properly update this env and some scripts rely on it + homedir=$(eval echo "~${user}") + if [[ ! -d $homedir ]]; then + homedir="${HOME:-/}" + fi + + # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion + if [[ "$replace" = true ]]; then + exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" + else + chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" + fi +} diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh new file mode 100644 index 0000000..18445e7 --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh @@ -0,0 +1,124 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami persistence library +# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libversion.sh + +# Functions + +######################## +# Persist an application directory +# Globals: +# BITNAMI_ROOT_DIR +# BITNAMI_VOLUME_DIR +# Arguments: +# $1 - App folder name +# $2 - List of app files to persist +# Returns: +# true if all steps succeeded, false otherwise +######################### +persist_app() { + local -r app="${1:?missing app}" + local -a files_to_restore + read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" + local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + # Persist the individual files + if [[ "${#files_to_persist[@]}" -le 0 ]]; then + warn "No files are configured to be persisted" + return + fi + pushd "$install_dir" >/dev/null || exit + local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder + local -r tmp_file="/tmp/perms.acl" + for file_to_persist in "${files_to_persist[@]}"; do + if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then + error "Cannot persist '${file_to_persist}' because it does not exist" + return 1 + fi + file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" + file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" + file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" + # Get original permissions for existing files, which will be applied later + # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume + getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" + # Copy directories to the volume + ensure_dir_exists "$file_to_persist_destination_folder" + cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" + # Restore permissions + pushd "$persist_dir" >/dev/null || exit + if am_i_root; then + setfacl --restore="$tmp_file" + else + # When running as non-root, don't change ownership + setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") + fi + popd >/dev/null || exit + done + popd >/dev/null || exit + rm -f "$tmp_file" + # Install the persisted files into the installation directory, via symlinks + restore_persisted_app "$@" +} + +######################## +# Restore a persisted application directory +# Globals: +# BITNAMI_ROOT_DIR +# BITNAMI_VOLUME_DIR +# FORCE_MAJOR_UPGRADE +# Arguments: +# $1 - App folder name +# $2 - List of app files to restore +# Returns: +# true if all steps succeeded, false otherwise +######################### +restore_persisted_app() { + local -r app="${1:?missing app}" + local -a files_to_restore + read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" + local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + # Restore the individual persisted files + if [[ "${#files_to_restore[@]}" -le 0 ]]; then + warn "No persisted files are configured to be restored" + return + fi + local file_to_restore_relative file_to_restore_origin file_to_restore_destination + for file_to_restore in "${files_to_restore[@]}"; do + file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" + # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed + file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" + file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" + rm -rf "$file_to_restore_origin" + ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" + done +} + +######################## +# Check if an application directory was already persisted +# Globals: +# BITNAMI_VOLUME_DIR +# Arguments: +# $1 - App folder name +# Returns: +# true if all steps succeeded, false otherwise +######################### +is_app_initialized() { + local -r app="${1:?missing app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + if ! is_mounted_dir_empty "$persist_dir"; then + true + else + false + fi +} diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh new file mode 100644 index 0000000..1f9b330 --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh @@ -0,0 +1,496 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing services + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Read the provided pid file and returns a PID +# Arguments: +# $1 - Pid file +# Returns: +# PID +######################### +get_pid_from_file() { + local pid_file="${1:?pid file is missing}" + + if [[ -f "$pid_file" ]]; then + if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then + echo "$(< "$pid_file")" + fi + fi +} + +######################## +# Check if a provided PID corresponds to a running service +# Arguments: +# $1 - PID +# Returns: +# Boolean +######################### +is_service_running() { + local pid="${1:?pid is missing}" + + kill -0 "$pid" 2>/dev/null +} + +######################## +# Stop a service by sending a termination signal to its pid +# Arguments: +# $1 - Pid file +# $2 - Signal number (optional) +# Returns: +# None +######################### +stop_service_using_pid() { + local pid_file="${1:?pid file is missing}" + local signal="${2:-}" + local pid + + pid="$(get_pid_from_file "$pid_file")" + [[ -z "$pid" ]] || ! is_service_running "$pid" && return + + if [[ -n "$signal" ]]; then + kill "-${signal}" "$pid" + else + kill "$pid" + fi + + local counter=10 + while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do + sleep 1 + counter=$((counter - 1)) + done +} + +######################## +# Start cron daemon +# Arguments: +# None +# Returns: +# true if started correctly, false otherwise +######################### +cron_start() { + if [[ -x "/usr/sbin/cron" ]]; then + /usr/sbin/cron + elif [[ -x "/usr/sbin/crond" ]]; then + /usr/sbin/crond + else + false + fi +} + +######################## +# Generate a cron configuration file for a given service +# Arguments: +# $1 - Service name +# $2 - Command +# Flags: +# --run-as - User to run as (default: root) +# --schedule - Cron schedule configuration (default: * * * * *) +# Returns: +# None +######################### +generate_cron_conf() { + local service_name="${1:?service name is missing}" + local cmd="${2:?command is missing}" + local run_as="root" + local schedule="* * * * *" + local clean="true" + + # Parse optional CLI flags + shift 2 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --run-as) + shift + run_as="$1" + ;; + --schedule) + shift + schedule="$1" + ;; + --no-clean) + clean="false" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + mkdir -p /etc/cron.d + if "$clean"; then + cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" + fi +} + +######################## +# Remove a cron configuration file for a given service +# Arguments: +# $1 - Service name +# Returns: +# None +######################### +remove_cron_conf() { + local service_name="${1:?service name is missing}" + local cron_conf_dir="/etc/monit/conf.d" + rm -f "${cron_conf_dir}/${service_name}" +} + +######################## +# Generate a monit configuration file for a given service +# Arguments: +# $1 - Service name +# $2 - Pid file +# $3 - Start command +# $4 - Stop command +# Flags: +# --disable - Whether to disable the monit configuration +# Returns: +# None +######################### +generate_monit_conf() { + local service_name="${1:?service name is missing}" + local pid_file="${2:?pid file is missing}" + local start_command="${3:?start command is missing}" + local stop_command="${4:?stop command is missing}" + local monit_conf_dir="/etc/monit/conf.d" + local disabled="no" + + # Parse optional CLI flags + shift 4 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --disable) + disabled="yes" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + is_boolean_yes "$disabled" && conf_suffix=".disabled" + mkdir -p "$monit_conf_dir" + cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 + return 1 + ;; + esac + shift + done + + mkdir -p "$logrotate_conf_dir" + cat < "${logrotate_conf_dir}/${service_name}" +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +${log_path} { + ${period} + rotate ${rotations} + dateext + compress + copytruncate + missingok +$(indent "$extra" 2) +} +EOF +} + +######################## +# Remove a logrotate configuration file +# Arguments: +# $1 - Service name +# Returns: +# None +######################### +remove_logrotate_conf() { + local service_name="${1:?service name is missing}" + local logrotate_conf_dir="/etc/logrotate.d" + rm -f "${logrotate_conf_dir}/${service_name}" +} + +######################## +# Generate a Systemd configuration file +# Arguments: +# $1 - Service name +# Flags: +# --custom-service-content - Custom content to add to the [service] block +# --environment - Environment variable to define (multiple --environment options may be passed) +# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) +# --exec-start - Start command (required) +# --exec-start-pre - Pre-start command (optional) +# --exec-start-post - Post-start command (optional) +# --exec-stop - Stop command (optional) +# --exec-reload - Reload command (optional) +# --group - System group to start the service with +# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) +# --restart - When to restart the Systemd service after being stopped (defaults to always) +# --pid-file - Service PID file +# --standard-output - File where to print stdout output +# --standard-error - File where to print stderr output +# --success-exit-status - Exit code that indicates a successful shutdown +# --type - Systemd unit type (defaults to forking) +# --user - System user to start the service with +# --working-directory - Working directory at which to start the service +# Returns: +# None +######################### +generate_systemd_conf() { + local -r service_name="${1:?service name is missing}" + local -r systemd_units_dir="/etc/systemd/system" + local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" + # Default values + local name="$service_name" + local type="forking" + local user="" + local group="" + local environment="" + local environment_file="" + local exec_start="" + local exec_start_pre="" + local exec_start_post="" + local exec_stop="" + local exec_reload="" + local restart="always" + local pid_file="" + local standard_output="journal" + local standard_error="" + local limits_content="" + local success_exit_status="" + local custom_service_content="" + local working_directory="" + # Parse CLI flags + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --name \ + | --type \ + | --user \ + | --group \ + | --exec-start \ + | --exec-stop \ + | --exec-reload \ + | --restart \ + | --pid-file \ + | --standard-output \ + | --standard-error \ + | --success-exit-status \ + | --custom-service-content \ + | --working-directory \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "$var_name"="${1:?"${var_name} value is missing"}" + ;; + --limit-*) + [[ -n "$limits_content" ]] && limits_content+=$'\n' + var_name="${1//--limit-}" + shift + limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" + ;; + --exec-start-pre) + shift + [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' + exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" + ;; + --exec-start-post) + shift + [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' + exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" + ;; + --environment) + shift + # It is possible to add multiple environment lines + [[ -n "$environment" ]] && environment+=$'\n' + environment+="Environment=${1:?"--environment value is missing"}" + ;; + --environment-file) + shift + # It is possible to add multiple environment-file lines + [[ -n "$environment_file" ]] && environment_file+=$'\n' + environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + # Validate inputs + local error="no" + if [[ -z "$exec_start" ]]; then + error "The --exec-start option is required" + error="yes" + fi + if [[ "$error" != "no" ]]; then + return 1 + fi + # Generate the Systemd unit + cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" + fi + if [[ -n "$exec_start_pre" ]]; then + # This variable may contain multiple ExecStartPre= directives + cat >> "$service_file" <<< "$exec_start_pre" + fi + if [[ -n "$exec_start" ]]; then + cat >> "$service_file" <<< "ExecStart=${exec_start}" + fi + if [[ -n "$exec_start_post" ]]; then + # This variable may contain multiple ExecStartPost= directives + cat >> "$service_file" <<< "$exec_start_post" + fi + # Optional stop and reload commands + if [[ -n "$exec_stop" ]]; then + cat >> "$service_file" <<< "ExecStop=${exec_stop}" + fi + if [[ -n "$exec_reload" ]]; then + cat >> "$service_file" <<< "ExecReload=${exec_reload}" + fi + # User and group + if [[ -n "$user" ]]; then + cat >> "$service_file" <<< "User=${user}" + fi + if [[ -n "$group" ]]; then + cat >> "$service_file" <<< "Group=${group}" + fi + # PID file allows to determine if the main process is running properly (for Restart=always) + if [[ -n "$pid_file" ]]; then + cat >> "$service_file" <<< "PIDFile=${pid_file}" + fi + if [[ -n "$restart" ]]; then + cat >> "$service_file" <<< "Restart=${restart}" + fi + # Environment flags + if [[ -n "$environment" ]]; then + # This variable may contain multiple Environment= directives + cat >> "$service_file" <<< "$environment" + fi + if [[ -n "$environment_file" ]]; then + # This variable may contain multiple EnvironmentFile= directives + cat >> "$service_file" <<< "$environment_file" + fi + # Logging + if [[ -n "$standard_output" ]]; then + cat >> "$service_file" <<< "StandardOutput=${standard_output}" + fi + if [[ -n "$standard_error" ]]; then + cat >> "$service_file" <<< "StandardError=${standard_error}" + fi + if [[ -n "$custom_service_content" ]]; then + # This variable may contain multiple miscellaneous directives + cat >> "$service_file" <<< "$custom_service_content" + fi + if [[ -n "$success_exit_status" ]]; then + cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean or is the string 'yes/true' +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_boolean_yes() { + local -r bool="${1:-}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean yes/no value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_yes_no_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(yes|no)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean true/false value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_true_false_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(true|false)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean 1/0 value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_1_0_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^[10]$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is an empty string or not defined +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_empty_value() { + local -r val="${1:-}" + if [[ -z "$val" ]]; then + true + else + false + fi +} + +######################## +# Validate if the provided argument is a valid port +# Arguments: +# $1 - Port to validate +# Returns: +# Boolean and error message +######################### +validate_port() { + local value + local unprivileged=0 + + # Parse flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -unprivileged) + unprivileged=1 + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [[ "$#" -gt 1 ]]; then + echo "too many arguments provided" + return 2 + elif [[ "$#" -eq 0 ]]; then + stderr_print "missing port argument" + return 1 + else + value=$1 + fi + + if [[ -z "$value" ]]; then + echo "the value is empty" + return 1 + else + if ! is_int "$value"; then + echo "value is not an integer" + return 2 + elif [[ "$value" -lt 0 ]]; then + echo "negative value provided" + return 2 + elif [[ "$value" -gt 65535 ]]; then + echo "requested port is greater than 65535" + return 2 + elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then + echo "privileged port requested" + return 3 + fi + fi +} + +######################## +# Validate if the provided argument is a valid IPv6 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ipv6() { + local ip="${1:?ip is missing}" + local stat=1 + local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' + local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' + + if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then + stat=0 + fi + return $stat +} + +######################## +# Validate if the provided argument is a valid IPv4 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ipv4() { + local ip="${1:?ip is missing}" + local stat=1 + + if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" + [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ + && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] + stat=$? + fi + return $stat +} + +######################## +# Validate if the provided argument is a valid IPv4 or IPv6 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ip() { + local ip="${1:?ip is missing}" + local stat=1 + + if validate_ipv4 "$ip"; then + stat=0 + else + stat=$(validate_ipv6 "$ip") + fi + return $stat +} + +######################## +# Validate a string format +# Arguments: +# $1 - String to validate +# Returns: +# Boolean +######################### +validate_string() { + local string + local min_length=-1 + local max_length=-1 + + # Parse flags + while [ "$#" -gt 0 ]; do + case "$1" in + -min-length) + shift + min_length=${1:-} + ;; + -max-length) + shift + max_length=${1:-} + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [ "$#" -gt 1 ]; then + stderr_print "too many arguments provided" + return 2 + elif [ "$#" -eq 0 ]; then + stderr_print "missing string" + return 1 + else + string=$1 + fi + + if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then + echo "string length is less than $min_length" + return 1 + fi + if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then + echo "string length is great than $max_length" + return 1 + fi +} diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh new file mode 100644 index 0000000..f0d5a5c --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing versions strings + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions +######################## +# Gets semantic version +# Arguments: +# $1 - version: string to extract major.minor.patch +# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch +# Returns: +# array with the major, minor and release +######################### +get_sematic_version () { + local version="${1:?version is required}" + local section="${2:?section is required}" + local -a version_sections + + #Regex to parse versions: x.y.z + local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' + + if [[ "$version" =~ $regex ]]; then + local i=1 + local j=1 + local n=${#BASH_REMATCH[*]} + + while [[ $i -lt $n ]]; do + if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then + version_sections[j]="${BASH_REMATCH[$i]}" + ((j++)) + fi + ((i++)) + done + + local number_regex='^[0-9]+$' + if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then + echo "${version_sections[$section]}" + return + else + stderr_print "Section allowed values are: 1, 2, and 3" + return 1 + fi + fi +} diff --git a/7/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/7/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh new file mode 100644 index 0000000..acb84fc --- /dev/null +++ b/7/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh @@ -0,0 +1,476 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami web server handler library + +# shellcheck disable=SC1090,SC1091 + +# Load generic libraries +. /opt/bitnami/scripts/liblog.sh + +######################## +# Execute a command (or list of commands) with the web server environment and library loaded +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_execute() { + local -r web_server="${1:?missing web server}" + shift + # Run program in sub-shell to avoid web server environment getting loaded when not necessary + ( + . "/opt/bitnami/scripts/lib${web_server}.sh" + . "/opt/bitnami/scripts/${web_server}-env.sh" + "$@" + ) +} + +######################## +# Prints the list of enabled web servers +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_list() { + local -r -a supported_web_servers=(apache nginx) + local -a existing_web_servers=() + for web_server in "${supported_web_servers[@]}"; do + [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") + done + echo "${existing_web_servers[@]:-}" +} + +######################## +# Prints the currently-enabled web server type (only one, in order of preference) +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_type() { + local -a web_servers + read -r -a web_servers <<< "$(web_server_list)" + echo "${web_servers[0]:-}" +} + +######################## +# Validate that a supported web server is configured +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_validate() { + local error_code=0 + local supported_web_servers=("apache" "nginx") + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then + print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" + elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then + print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." + fi + + return "$error_code" +} + +######################## +# Check whether the web server is running +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the web server is running, false otherwise +######################### +is_web_server_running() { + "is_$(web_server_type)_running" +} + +######################## +# Start web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_start() { + info "Starting $(web_server_type) in background" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl start "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" + fi +} + +######################## +# Stop web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_stop() { + info "Stopping $(web_server_type)" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl stop "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" + fi +} + +######################## +# Restart web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_restart() { + info "Restarting $(web_server_type)" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl restart "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" + fi +} + +######################## +# Reload web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_reload() { + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl reload "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" + fi +} + +######################## +# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on which configuration template to use +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --disable - Whether to render server configurations with a .disabled prefix +# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix +# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix +# --http-port - HTTP port number +# --https-port - HTTPS port number +# --document-root - Path to document root directory +# Apache-specific flags: +# --apache-additional-configuration - Additional vhost configuration (no default) +# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) +# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) +# --apache-before-vhost-configuration - Configuration to add before the directive (no default) +# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --apache-extra-directory-configuration - Extra configuration for the document root directory +# --apache-proxy-address - Address where to proxy requests +# --apache-proxy-configuration - Extra configuration for the proxy +# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost +# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost +# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# NGINX-specific flags: +# --nginx-additional-configuration - Additional server block configuration (no default) +# --nginx-external-configuration - Configuration external to server block (no default) +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_web_server_app_configuration_exists() { + local app="${1:?missing app}" + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --disable \ + | --disable-http \ + | --disable-https \ + ) + apache_args+=("$1") + nginx_args+=("$1") + ;; + --hosts \ + | --server-name \ + | --server-aliases \ + | --type \ + | --allow-remote-connections \ + | --http-port \ + | --https-port \ + | --document-root \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-additional-http-configuration \ + | --apache-additional-https-configuration \ + | --apache-before-vhost-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-proxy-address \ + | --apache-proxy-configuration \ + | --apache-proxy-http-configuration \ + | --apache-proxy-https-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "${2:?missing value}") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration \ + | --nginx-external-configuration) + nginx_args+=("${1//nginx-/}" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" + done +} + +######################## +# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Returns: +# true if the configuration was disabled, false otherwise +######################## +ensure_web_server_app_configuration_not_exists() { + local app="${1:?missing app}" + local -a web_servers + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" + done +} + +######################## +# Ensure the web server loads the configuration for an application in a URL prefix +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --document-root - Path to document root directory +# --prefix - URL prefix from where it will be accessible (i.e. /myapp) +# --type - Application type, which has an effect on what configuration template will be used +# Apache-specific flags: +# --apache-additional-configuration - Additional vhost configuration (no default) +# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') +# --apache-extra-directory-configuration - Extra configuration for the document root directory +# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup +# NGINX-specific flags: +# --nginx-additional-configuration - Additional server block configuration (no default) +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_web_server_prefix_configuration_exists() { + local app="${1:?missing app}" + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --allow-remote-connections \ + | --document-root \ + | --prefix \ + | --type \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "$2") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration) + nginx_args+=("${1//nginx-/}" "$2") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" + done +} + +######################## +# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --enable-http - Enable HTTP app configuration (if not enabled already) +# --enable-https - Enable HTTPS app configuration (if not enabled already) +# --disable-http - Disable HTTP app configuration (if not disabled already) +# --disable-https - Disable HTTPS app configuration (if not disabled already) +# --http-port - HTTP port number +# --https-port - HTTPS port number +# Returns: +# true if the configuration was updated, false otherwise +######################## +web_server_update_app_configuration() { + local app="${1:?missing app}" + shift + local -a args web_servers + args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --enable-http \ + | --enable-https \ + | --disable-http \ + | --disable-https \ + ) + args+=("$1") + ;; + --hosts \ + | --server-name \ + | --server-aliases \ + | --http-port \ + | --https-port \ + ) + args+=("$1" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" + done +} + +######################## +# Enable loading page, which shows users that the initialization process is not yet completed +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_enable_loading_page() { + ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ + --apache-additional-configuration " +# Show a HTTP 503 Service Unavailable page by default +RedirectMatch 503 ^/$ +# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes +ErrorDocument 404 /index.html +ErrorDocument 503 /index.html" \ + --nginx-additional-configuration " +# Show a HTTP 503 Service Unavailable page by default +location / { + return 503; +} +# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes +error_page 404 @installing; +error_page 503 @installing; +location @installing { + rewrite ^(.*)$ /index.html break; +}" + web_server_reload +} + +######################## +# Enable loading page, which shows users that the initialization process is not yet completed +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_disable_install_page() { + ensure_web_server_app_configuration_not_exists "__loading" + web_server_reload +} diff --git a/7/debian-12/prebuildfs/usr/sbin/install_packages b/7/debian-12/prebuildfs/usr/sbin/install_packages new file mode 100755 index 0000000..ccce248 --- /dev/null +++ b/7/debian-12/prebuildfs/usr/sbin/install_packages @@ -0,0 +1,27 @@ +#!/bin/sh +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +set -eu + +n=0 +max=2 +export DEBIAN_FRONTEND=noninteractive + +until [ $n -gt $max ]; do + set +e + ( + apt-get update -qq && + apt-get install -y --no-install-recommends "$@" + ) + CODE=$? + set -e + if [ $CODE -eq 0 ]; then + break + fi + if [ $n -eq $max ]; then + exit $CODE + fi + echo "apt failed, retrying" + n=$(($n + 1)) +done +apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/7/debian-12/prebuildfs/usr/sbin/run-script b/7/debian-12/prebuildfs/usr/sbin/run-script new file mode 100755 index 0000000..0e07c90 --- /dev/null +++ b/7/debian-12/prebuildfs/usr/sbin/run-script @@ -0,0 +1,24 @@ +#!/bin/sh +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +set -u + +if [ $# -eq 0 ]; then + >&2 echo "No arguments provided" + exit 1 +fi + +script=$1 +exit_code="${2:-96}" +fail_if_not_present="${3:-n}" + +if test -f "$script"; then + sh $script + + if [ $? -ne 0 ]; then + exit $((exit_code)) + fi +elif [ "$fail_if_not_present" = "y" ]; then + >&2 echo "script not found: $script" + exit 127 +fi diff --git a/7/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf b/7/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf new file mode 100644 index 0000000..6016f8f --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf @@ -0,0 +1,5 @@ + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript + AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript + AddOutputFilterByType DEFLATE application/rss+xml + diff --git a/7/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/7/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf new file mode 100644 index 0000000..c0838da --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf @@ -0,0 +1,7 @@ + + ServerName status.localhost + + Require local + SetHandler server-status + + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh new file mode 100644 index 0000000..b8762c6 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh @@ -0,0 +1,81 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for apache + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-apache}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +apache_env_vars=( + APACHE_HTTP_PORT_NUMBER + APACHE_HTTPS_PORT_NUMBER + APACHE_SERVER_TOKENS + APACHE_HTTP_PORT + APACHE_HTTPS_PORT +) +for env_var in "${apache_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset apache_env_vars +export WEB_SERVER_TYPE="apache" + +# Paths +export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache" +export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin" +export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf" +export APACHE_DEFAULT_CONF_DIR="${APACHE_BASE_DIR}/conf.default" +export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs" +export APACHE_TMP_DIR="${APACHE_BASE_DIR}/var/run" +export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs" +export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts" +export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess" +export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf" +export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid" +export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" + +# System users (when running with a privileged user) +export APACHE_DAEMON_USER="daemon" +export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER" +export APACHE_DAEMON_GROUP="daemon" +export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP" +export WEB_SERVER_GROUP="$APACHE_DAEMON_GROUP" + +# Apache configuration +export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080" +export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER" # only used at build time +export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443" +export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER" # only used at build time +APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-"${APACHE_HTTP_PORT:-}"}" +export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}" +export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER" +APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-"${APACHE_HTTPS_PORT:-}"}" +export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}" +export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER" +export APACHE_SERVER_TOKENS="${APACHE_SERVER_TOKENS:-Prod}" + +# Custom environment variables may be defined below diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh new file mode 100755 index 0000000..f2303ab --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libversion.sh +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh +. /opt/bitnami/scripts/php-env.sh + +# Enable required Apache modules +apache_enable_module "mpm_prefork_module" +php_version="$("${PHP_BIN_DIR}/php" -v | grep ^PHP | cut -d' ' -f2))" +php_major_version="$(get_sematic_version "$php_version" 1)" +if [[ "$php_major_version" -eq "8" ]]; then + apache_enable_module "php_module" "modules/libphp.so" +else + apache_enable_module "php${php_major_version}_module" "modules/libphp${php_major_version}.so" +fi + +# Disable incompatible Apache modules +apache_disable_module "mpm_event_module" + +# Write Apache configuration +apache_php_conf_file="${APACHE_CONF_DIR}/bitnami/php.conf" +cat > "$apache_php_conf_file" < + {{server_name_configuration}} + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl new file mode 100644 index 0000000..5895385 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl @@ -0,0 +1,10 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl new file mode 100644 index 0000000..c895e53 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl @@ -0,0 +1 @@ +{{additional_configuration}} diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl new file mode 100644 index 0000000..96be8f8 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl @@ -0,0 +1,15 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + + {{additional_http_configuration}} + {{additional_configuration}} + {{htaccess_include}} + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl new file mode 100644 index 0000000..1ad9389 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl @@ -0,0 +1,18 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + + {{additional_https_configuration}} + {{additional_configuration}} + {{htaccess_include}} + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl new file mode 100644 index 0000000..fc0f6c2 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl @@ -0,0 +1,9 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + +{{additional_configuration}} +{{htaccess_include}} diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl new file mode 100644 index 0000000..9440b89 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl @@ -0,0 +1,11 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + {{proxy_configuration}} + {{proxy_http_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl new file mode 100644 index 0000000..577cd46 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl @@ -0,0 +1,14 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + {{proxy_configuration}} + {{proxy_https_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl new file mode 100644 index 0000000..7ac08b1 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl @@ -0,0 +1,11 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{proxy_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{extra_directory_configuration}} + +{{additional_configuration}} diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl new file mode 100644 index 0000000..f518c7d --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl @@ -0,0 +1,16 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} +PassengerPreStart http://localhost:{{http_port}}/ + + {{server_name_configuration}} + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl new file mode 100644 index 0000000..5aae54c --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl @@ -0,0 +1,19 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} +PassengerPreStart https://localhost:{{https_port}}/ + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl new file mode 100644 index 0000000..2242d65 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl @@ -0,0 +1,9 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + +{{additional_configuration}} diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl new file mode 100644 index 0000000..f1d31ed --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl @@ -0,0 +1,29 @@ +# Default SSL Virtual Host configuration. + + + LoadModule ssl_module modules/mod_ssl.so + + +Listen 443 +SSLProtocol all -SSLv2 -SSLv3 +SSLHonorCipherOrder on +SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4" +SSLPassPhraseDialog builtin +SSLSessionCache "shmcb:{{APACHE_LOGS_DIR}}/ssl_scache(512000)" +SSLSessionCacheTimeout 300 + + + DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + # Error Documents + ErrorDocument 503 /503.html + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl new file mode 100644 index 0000000..75a255c --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl @@ -0,0 +1,17 @@ +# Default Virtual Host configuration. + +# Let Apache know we're behind a SSL reverse proxy +SetEnvIf X-Forwarded-Proto https HTTPS=on + + + DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + # Error Documents + ErrorDocument 503 /503.html + + diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh new file mode 100755 index 0000000..f43c6c4 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +#set -o xtrace + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +print_welcome_page + +# We add the copy from default config in the entrypoint to not break users +# bypassing the setup.sh logic. If the file already exists do not overwrite (in +# case someone mounts a configuration file in /opt/bitnami/apache/conf) +debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" +cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" + +if [[ "$*" == *"/opt/bitnami/scripts/apache/run.sh"* ]]; then + info "** Starting Apache setup **" + /opt/bitnami/scripts/apache/setup.sh + info "** Apache setup finished! **" +fi + +echo "" +exec "$@" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh new file mode 100755 index 0000000..eb8f766 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh @@ -0,0 +1,131 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh + +######################## +# Sets up the default Bitnami configuration +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_setup_bitnami_config() { + local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" + + # Enable Apache modules + local -a modules_to_enable=( + "deflate_module" + "negotiation_module" + "proxy[^\s]*_module" + "rewrite_module" + "slotmem_shm_module" + "socache_shmcb_module" + "ssl_module" + "status_module" + "version_module" + ) + for module in "${modules_to_enable[@]}"; do + apache_enable_module "$module" + done + + # Disable Apache modules + local -a modules_to_disable=( + "http2_module" + "proxy_hcheck_module" + "proxy_html_module" + "proxy_http2_module" + ) + for module in "${modules_to_disable[@]}"; do + apache_disable_module "$module" + done + + # Bitnami customizations + ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" + render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + + # Add new configuration only once, to avoid a second postunpack run breaking Apache + local apache_conf_add + apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < + RequestHeader unset Proxy + +EOF + fi +} + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +apache_setup_bitnami_config + +# Ensure non-root user has write permissions on a set of directories +for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do + ensure_dir_exists "$dir" + chmod -R g+rwX "$dir" +done + +# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides +ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" + +ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" +ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" + +# This file is necessary for avoiding the error +# "unable to write random state" +# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean + +touch /.rnd && chmod g+rw /.rnd + +# Copy all initially generated configuration files to the default directory +# (this is to avoid breaking when entrypoint is being overridden) +cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh new file mode 100755 index 0000000..b5c43c4 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +info "** Reloading Apache configuration **" +exec "${APACHE_BIN_DIR}/apachectl" -k graceful diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh new file mode 100755 index 0000000..7735dea --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +/opt/bitnami/scripts/apache/stop.sh +/opt/bitnami/scripts/apache/start.sh diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh new file mode 100755 index 0000000..23f1e31 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +info "** Starting Apache **" +exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh new file mode 100755 index 0000000..c1f6b37 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh @@ -0,0 +1,98 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +# Ensure Apache environment variables are valid +apache_validate + +# Ensure Apache daemon user exists when running as 'root' +am_i_root && ensure_user_exists "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" + +if ! is_dir_empty "$APACHE_DEFAULT_CONF_DIR"; then + # We add the copy from default config in the initialize function for web applications + # that make use of the Apache setup.sh script + debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" + cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" +fi +# Generate SSL certs (without a passphrase) +ensure_dir_exists "${APACHE_CONF_DIR}/bitnami/certs" +if [[ ! -f "${APACHE_CONF_DIR}/bitnami/certs/server.crt" ]]; then + info "Generating sample certificates" + SSL_KEY_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.key" + SSL_CERT_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.crt" + SSL_CSR_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.csr" + SSL_SUBJ="/CN=example.com" + SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" + rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" + openssl genrsa -out "$SSL_KEY_FILE" 4096 + # OpenSSL version 1.0.x does not use the same parameters as OpenSSL >= 1.1.x + if [[ "$(openssl version | grep -oE "[0-9]+\.[0-9]+")" == "1.0" ]]; then + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" + else + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" + fi + openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") + rm -f "$SSL_CSR_FILE" +fi +# Load SSL configuration +if [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]] && [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then + ensure_apache_configuration_exists "Include \"${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf\"" "bitnami-ssl\.conf" "${APACHE_CONF_DIR}/bitnami/bitnami.conf" +fi + +# Copy vhosts files +if ! is_dir_empty "/vhosts"; then + info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'" + cp -Lr "/vhosts/." "${APACHE_VHOSTS_DIR}" +fi + +# Mount certificate files +if ! is_dir_empty "${APACHE_BASE_DIR}/certs"; then + warn "The directory '${APACHE_BASE_DIR}/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#using-custom-ssl-certificates" + warn "Restoring certificates at '${APACHE_BASE_DIR}/certs' to '${APACHE_CONF_DIR}/bitnami/certs'" + rm -rf "${APACHE_CONF_DIR}/bitnami/certs" + ln -sf "${APACHE_BASE_DIR}/certs" "${APACHE_CONF_DIR}/bitnami/certs" +elif ! is_dir_empty "/certs"; then + info "Mounting certificates files from '/certs'" + rm -rf "${APACHE_CONF_DIR}/bitnami/certs" + ln -sf "/certs" "${APACHE_CONF_DIR}/bitnami/certs" +fi + +# Mount application files +if ! is_dir_empty "/app"; then + info "Mounting application files from '/app'" + rm -rf "$APACHE_HTDOCS_DIR" + ln -sf "/app" "$APACHE_HTDOCS_DIR" +fi + +# Restore persisted configuration files (deprecated) +if ! is_dir_empty "/bitnami/apache/conf"; then + warn "The directory '/bitnami/apache/conf' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '${APACHE_CONF_DIR}' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#full-configuration" + warn "Restoring configuration at '/bitnami/apache/conf' to '${APACHE_CONF_DIR}'" + rm -rf "$APACHE_CONF_DIR" + ln -sf "/bitnami/apache/conf" "$APACHE_CONF_DIR" +fi + +# Update ports in configuration +[[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && info "Configuring the HTTP port" && apache_configure_http_port "$APACHE_HTTP_PORT_NUMBER" +[[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && info "Configuring the HTTPS port" && apache_configure_https_port "$APACHE_HTTPS_PORT_NUMBER" + +# Configure ServerTokens with user values +[[ -n "$APACHE_SERVER_TOKENS" ]] && info "Configuring Apache ServerTokens directive" && apache_configure_server_tokens "$APACHE_SERVER_TOKENS" + +# Fix logging issue when running as root +! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh new file mode 100755 index 0000000..b47c8aa --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +error_code=0 + +if is_apache_not_running; then + "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" + if ! retry_while "is_apache_running"; then + error "apache did not start" + error_code=1 + else + info "apache started" + fi +else + info "apache is already running" +fi + +exit "$error_code" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh new file mode 100755 index 0000000..db8c132 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +if is_apache_running; then + info "apache is already running" +else + info "apache is not running" +fi diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh b/7/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh new file mode 100755 index 0000000..adc6613 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +error_code=0 + +if is_apache_running; then + BITNAMI_QUIET=1 apache_stop + if ! retry_while "is_apache_not_running"; then + error "apache could not be stopped" + error_code=1 + else + info "apache stopped" + fi +else + info "apache is not running" +fi + +exit "$error_code" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/libapache.sh b/7/debian-12/rootfs/opt/bitnami/scripts/libapache.sh new file mode 100644 index 0000000..d6eb686 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/libapache.sh @@ -0,0 +1,808 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami Apache library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libservice.sh + +######################## +# Validate settings in APACHE_* env vars +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_validate() { + debug "Validating settings in APACHE_* environment variables" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + check_allowed_port() { + local port_var="${1:?missing port variable}" + local -a validate_port_args=() + ! am_i_root && validate_port_args+=("-unprivileged") + validate_port_args+=("${!port_var}") + if ! err=$(validate_port "${validate_port_args[@]}"); then + print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." + fi + } + + [[ -w "$APACHE_CONF_FILE" ]] || warn "The Apache configuration file '${APACHE_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied." + + if [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]]; then + if [[ "$APACHE_HTTP_PORT_NUMBER" -eq "$APACHE_HTTPS_PORT_NUMBER" ]]; then + print_validation_error "APACHE_HTTP_PORT_NUMBER and APACHE_HTTPS_PORT_NUMBER are bound to the same port!" + fi + fi + + [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTP_PORT_NUMBER + [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTPS_PORT_NUMBER + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Configure Apache's HTTP port +# Globals: +# APACHE_CONF_FILE, APACHE_CONF_DIR +# Arguments: +# None +# Returns: +# None +######################### +apache_configure_http_port() { + local -r port=${1:?missing port} + local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" + local -r server_name_exp="s|^\s*#?\s*ServerName\s+([^:\s]+)(:[0-9]+)?$|ServerName \1:${port}|" + local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_FILE}" + apache_configuration="$(sed -E -e "$listen_exp" -e "$server_name_exp" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi + + if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami.conf" + apache_configuration="$(sed -E "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami.conf")" + echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + fi + + if [[ -w "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_VHOSTS_DIR}/00_status-vhost.conf" + apache_configuration="$(sed -E "$vhost_exp" "${APACHE_VHOSTS_DIR}/00_status-vhost.conf")" + echo "$apache_configuration" > "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" + fi +} + +######################## +# Configure Apache's HTTPS port +# Globals: +# APACHE_CONF_DIR +# Arguments: +# None +# Returns: +# None +######################### +apache_configure_https_port() { + local -r port=${1:?missing port} + local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" + local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" + local apache_configuration + + if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + apache_configuration="$(sed -E -e "$listen_exp" -e "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf")" + echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + fi +} + +######################## +# Configure Apache's ServerTokens directive +# Globals: +# APACHE_CONF_DIR +# Arguments: +# $1 - Value for ServerTokens directive +# Returns: +# None +######################### +apache_configure_server_tokens() { + local -r value=${1:?missing value} + local -r server_tokens_exp="s|^\s*ServerTokens\s+\w+\s*$|ServerTokens ${value}|" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Configuring ServerTokens ${value} on file ${APACHE_CONF_FILE}" + apache_configuration="$(sed -E -e "$server_tokens_exp" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi +} + +######################## +# Enable a module in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Module to enable +# $2 - Path to module .so file (optional if already defined in httpd.conf) +# Returns: +# None +######################### +apache_enable_module() { + local -r name="${1:?missing name}" + local -r file="${2:-}" + local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Enabling module '${name}'" + if grep -q -E "$regex" "$APACHE_CONF_FILE"; then + # Uncomment line if the module was already defined + replace_in_file "$APACHE_CONF_FILE" "$regex" "\1" + elif [[ -n "$file" ]]; then + # Add right after the last LoadModule, so all Apache modules are organized in the same section of the file + append_file_after_last_match "$APACHE_CONF_FILE" "^[#\s]*LoadModule" "LoadModule ${name} ${file}" + else + error "Module ${name} was not defined in ${APACHE_CONF_FILE}. Please specify the 'file' parameter for 'apache_enable_module'." + fi + fi +} + +######################## +# Disable a module in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Module to disable +# Returns: +# None +######################### +apache_disable_module() { + local -r name="${1:?missing name}" + local -r file="${2:-}" + local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Disabling module '${name}'" + replace_in_file "$APACHE_CONF_FILE" "$regex" "#\1" + fi +} + +######################## +# Stop Apache +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_stop() { + is_apache_not_running && return + stop_service_using_pid "$APACHE_PID_FILE" +} + +######################## +# Check if Apache is running +# Globals: +# APACHE_PID_FILE +# Arguments: +# None +# Returns: +# Whether Apache is running +######################## +is_apache_running() { + local pid + pid="$(get_pid_from_file "$APACHE_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if Apache is running +# Globals: +# APACHE_PID_FILE +# Arguments: +# None +# Returns: +# Whether Apache is not running +######################## +is_apache_not_running() { + ! is_apache_running +} + +######################## +# Ensure configuration gets added to the main Apache configuration file +# Globals: +# APACHE_* +# Arguments: +# $1 - configuration string +# $2 - pattern to use for checking if the configuration already exists (default: $1) +# $3 - Apache configuration file (default: $APACHE_CONF_FILE) +# Returns: +# None +######################## +ensure_apache_configuration_exists() { + local -r conf="${1:?conf missing}" + local -r pattern="${2:-"$conf"}" + local -r conf_file="${3:-"$APACHE_CONF_FILE"}" + # Enable configuration by appending to httpd.conf + if ! grep -E -q "$pattern" "$conf_file"; then + if is_file_writable "$conf_file"; then + cat >> "$conf_file" <<< "$conf" + else + error "Could not add the following configuration to '${conf_file}:" + error "" + error "$(indent "$conf" 4)" + error "" + error "Include the configuration manually and try again." + return 1 + fi + fi +} + +######################## +# Collect all the .htaccess files from /opt/bitnami/$name and write the result in the 'htaccess' directory +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# $2 - Overwrite the original .htaccess with the explanation text (defaults to 'yes') +# Flags: +# --document-root - Path to document root directory +# Returns: +# None +######################## +apache_replace_htaccess_files() { + local -r app="${1:?missing app}" + local -r result_file="${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" + # Default options + local document_root="${BITNAMI_ROOT_DIR}/${app}" + local overwrite="yes" + local -a htaccess_files + local htaccess_dir + local htaccess_contents + # Validate arguments + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --document-root) + shift + document_root="$1" + ;; + --overwrite) + shift + overwrite="$1" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + if is_file_writable "$result_file"; then + # Locate all .htaccess files inside the document root + read -r -a htaccess_files <<< "$(find "$document_root" -name .htaccess -print0 | xargs -0)" + [[ "${#htaccess_files[@]}" = 0 ]] && return + # Create file with root group write privileges, so it can be modified in non-root containers + [[ ! -f "$result_file" ]] && touch "$result_file" && chmod g+rw "$result_file" + for htaccess_file in "${htaccess_files[@]}"; do + htaccess_dir="$(dirname "$htaccess_file")" + htaccess_contents="$(indent "$(< "$htaccess_file")" 2)" + # Skip if it was already included to the resulting htaccess file + if grep -q "^" <<< "$htaccess_contents"; then + continue + fi + # Add to the htaccess file + cat >> "$result_file" < +${htaccess_contents} + +EOF + # Overwrite the original .htaccess with the explanation text + if is_boolean_yes "$overwrite"; then + echo "# This configuration has been moved to the ${result_file} config file for performance and security reasons" > "$htaccess_file" + fi + done + elif [[ ! -f "$result_file" ]]; then + error "Could not create htaccess for ${app} at '${result_file}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} htaccess file '${result_file}' is not writable. Configurations based on environment variables will not be applied for this file." + return + fi +} + +######################## +# Ensure an Apache application configuration exists (in virtual host format) +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases (defaults to '*') +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --disable - Whether to render the app's virtual hosts with a .disabled prefix +# --disable-http - Whether to render the app's HTTP virtual host with a .disabled prefix +# --disable-https - Whether to render the app's HTTPS virtual host with a .disabled prefix +# --http-port - HTTP port number +# --https-port - HTTPS port number +# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# --additional-configuration - Additional vhost configuration (no default) +# --additional-http-configuration - Additional HTTP vhost configuration (no default) +# --additional-https-configuration - Additional HTTPS vhost configuration (no default) +# --before-vhost-configuration - Configuration to add before the directive (no default) +# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --document-root - Path to document root directory +# --extra-directory-configuration - Extra configuration for the document root directory +# --proxy-address - Address where to proxy requests +# --proxy-configuration - Extra configuration for the proxy +# --proxy-http-configuration - Extra configuration for the proxy HTTP vhost +# --proxy-https-configuration - Extra configuration for the proxy HTTPS vhost +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_apache_app_configuration_exists() { + local -r app="${1:?missing app}" + # Default options + local type="" + local -a hosts=("127.0.0.1" "_default_") + local server_name="www.example.com" # Default ServerName in httpd.conf + local -a server_aliases=("*") + local allow_remote_connections="yes" + local disable="no" + local disable_http="no" + local disable_https="no" + local move_htaccess="yes" + # Template variables defaults + export additional_configuration="" + export additional_http_configuration="" + export additional_https_configuration="" + export before_vhost_configuration="" + export allow_override="All" + export document_root="${BITNAMI_ROOT_DIR}/${app}" + export extra_directory_configuration="" + export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" + export http_port="$default_http_port" + export https_port="$default_https_port" + export proxy_address="" + export proxy_configuration="" + export proxy_http_configuration="" + export proxy_https_configuration="" + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --hosts \ + | --server-aliases) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + read -r -a "${var_name?}" <<< "$1" + ;; + --disable \ + | --disable-http \ + | --disable-https \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + export "${var_name}=yes" + ;; + --type \ + | --server-name \ + | --allow-remote-connections \ + | --http-port \ + | --https-port \ + | --move-htaccess \ + | --additional-configuration \ + | --additional-http-configuration \ + | --additional-https-configuration \ + | --before-vhost-configuration \ + | --allow-override \ + | --document-root \ + | --extra-directory-configuration \ + | --proxy-address \ + | --proxy-configuration \ + | --proxy-http-configuration \ + | --proxy-https-configuration \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + export "${var_name}=${1}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Construct listen ports configuration (only to add when using non-standard ports) + export http_listen_configuration="" + export https_listen_configuration="" + [[ "$http_port" != "$default_http_port" ]] && http_listen_configuration="Listen ${http_port}" + [[ "$https_port" != "$default_https_port" ]] && https_listen_configuration="Listen ${https_port}" + # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" + export http_listen_addresses="" + export https_listen_addresses="" + for host in "${hosts[@]}"; do + http_listen="${host}:${http_port}" + https_listen="${host}:${https_port}" + [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" + [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" + done + # Construct ServerName/ServerAlias block + export server_name_configuration="" + if ! is_empty_value "${server_name:-}"; then + server_name_configuration="ServerName ${server_name}" + fi + if [[ "${#server_aliases[@]}" -gt 0 ]]; then + server_name_configuration+=$'\n'"ServerAlias ${server_aliases[*]}" + fi + # App .htaccess support (only when type is not defined) + export htaccess_include + [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" + if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then + allow_override="None" + htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" + else + # allow_override is already set to the expected value + htaccess_include="" + fi + # ACL configuration + export acl_configuration + if is_boolean_yes "$allow_remote_connections"; then + acl_configuration="Require all granted" + else + acl_configuration="$(cat < "$http_vhost" + elif [[ ! -f "$http_vhost" ]]; then + error "Could not create virtual host for ${app} at '${http_vhost}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + if is_file_writable "$https_vhost"; then + # Create file with root group write privileges, so it can be modified in non-root containers + [[ ! -f "$https_vhost" ]] && touch "$https_vhost" && chmod g+rw "$https_vhost" + render-template "${template_dir}/${template_name}-https-vhost.conf.tpl" | sed '/^\s*$/d' > "$https_vhost" + elif [[ ! -f "$https_vhost" ]]; then + error "Could not create virtual host for ${app} at '${https_vhost}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi +} + +######################## +# Ensure an Apache application configuration does not exist anymore (in virtual hosts format) +# Globals: +# * +# Arguments: +# $1 - App name +# Returns: +# true if the configuration was disabled, false otherwise +######################## +ensure_apache_app_configuration_not_exists() { + local -r app="${1:?missing app}" + local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" + local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" + local -r disable_suffix=".disabled" + # Note that 'rm -f' will not fail if the files don't exist + # However if we lack permissions to remove the file, it will result in a non-zero exit code, as expected by this function + rm -f "$http_vhost" "$https_vhost" "${http_vhost}${disable_suffix}" "${https_vhost}${disable_suffix}" +} + +######################## +# Ensure Apache loads the configuration for an application in a URL prefix +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# --prefix - URL prefix from where it will be accessible (i.e. /myapp) +# --additional-configuration - Additional vhost configuration (no default) +# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --document-root - Path to document root directory +# --extra-directory-configuration - Extra configuration for the document root directory +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_apache_prefix_configuration_exists() { + local -r app="${1:?missing app}" + # Default options + local type="" + local allow_remote_connections="yes" + local move_htaccess="yes" + local prefix="/${app}" + # Template variables defaults + export additional_configuration="" + export allow_override="All" + export document_root="${BITNAMI_ROOT_DIR}/${app}" + export extra_directory_configuration="" + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --type \ + | --allow-remote-connections \ + | --move-htaccess \ + | --prefix \ + | --additional-configuration \ + | --allow-override \ + | --document-root \ + | --extra-directory-configuration \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "${var_name}=${1}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # App .htaccess support (only when type is not defined) + export htaccess_include + [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" + if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then + allow_override="None" + htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" + else + # allow_override is already set to the expected value + htaccess_include="" + fi + # ACL configuration + export acl_configuration + if is_boolean_yes "$allow_remote_connections"; then + acl_configuration="Require all granted" + else + acl_configuration="$(cat < "$prefix_file" + ensure_apache_configuration_exists "Include \"$prefix_file\"" + elif [[ ! -f "$prefix_file" ]]; then + error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} web server configuration file '${prefix_file}' is not writable. Configurations based on environment variables will not be applied for this file." + fi +} + +######################## +# Ensure Apache application configuration is updated with the runtime configuration (i.e. ports) +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --enable-http - Enable HTTP app configuration (if not enabled already) +# --enable-https - Enable HTTPS app configuration (if not enabled already) +# --disable-http - Disable HTTP app configuration (if not disabled already) +# --disable-https - Disable HTTPS app configuration (if not disabled already) +# --http-port - HTTP port number +# --https-port - HTTPS port number +# Returns: +# true if the configuration was updated, false otherwise +######################## +apache_update_app_configuration() { + local -r app="${1:?missing app}" + # Default options + local -a hosts=("127.0.0.1" "_default_") + local server_name="www.example.com" # Default ServerName in httpd.conf + local -a server_aliases=() + local enable_http="no" + local enable_https="no" + local disable_http="no" + local disable_https="no" + export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" + export http_port="$default_http_port" + export https_port="$default_https_port" + local var_name + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --hosts \ + | --server-aliases) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + read -r -a "${var_name?}" <<< "$1" + ;; + # Common flags + --enable-http \ + | --enable-https \ + | --disable-http \ + | --disable-https \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + declare "${var_name}=yes" + ;; + --server-name \ + | --http-port \ + | --https-port \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "${var_name}=${1}" + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" + export http_listen_addresses="" + export https_listen_addresses="" + for host in "${hosts[@]}"; do + http_listen="${host}:${http_port}" + https_listen="${host}:${https_port}" + [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" + [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" + done + # Update configuration + local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" + local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" + local -r disable_suffix=".disabled" + # Helper function to avoid duplicating code + update_common_vhost_config() { + local -r vhost_file="${1:?missing virtual host}" + # Update ServerName + if ! is_empty_value "${server_name:-}"; then + replace_in_file "$vhost_file" "^(\s*ServerName\s+).*" "\1${server_name}" + fi + # Update ServerAlias + if [[ "${#server_aliases[@]}" -gt 0 ]]; then + replace_in_file "$vhost_file" "^(\s*ServerAlias\s+).*" "\1${server_aliases[*]}" + fi + } + # Disable and enable configuration files + rename_conf_file() { + local -r origin="$1" + local -r destination="$2" + if is_file_writable "$origin" && is_file_writable "$destination"; then + warn "Could not rename virtual host file '${origin}' to '${destination}' due to lack of permissions." + else + mv "$origin" "$destination" + fi + } + is_boolean_yes "$disable_http" && [[ -e "$http_vhost" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" + is_boolean_yes "$disable_https" && [[ -e "$https_vhost" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" + is_boolean_yes "$enable_http" && [[ -e "${http_vhost}${disable_suffix}" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" + is_boolean_yes "$enable_https" && [[ -e "${https_vhost}${disable_suffix}" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" + # Update only configuration files without the '.disabled' suffix + if [[ -e "$http_vhost" ]]; then + if is_file_writable "$http_vhost"; then + update_common_vhost_config "$http_vhost" + # Update vhost-specific config (listen port and addresses) + replace_in_file "$http_vhost" "^Listen .*" "Listen ${http_port}" + replace_in_file "$http_vhost" "^$" "" + else + warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + fi + if [[ -e "$https_vhost" ]]; then + if is_file_writable "$https_vhost"; then + update_common_vhost_config "$https_vhost" + # Update vhost-specific config (listen port and addresses) + replace_in_file "$https_vhost" "^Listen .*" "Listen ${https_port}" + replace_in_file "$https_vhost" "^$" "" + else + warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + fi +} + +######################## +# Create a password file for basic authentication and restrict its permissions +# Globals: +# * +# Arguments: +# $1 - file +# $2 - username +# $3 - password +# Returns: +# true if the configuration was updated, false otherwise +######################## +apache_create_password_file() { + local -r file="${1:?missing file}" + local -r username="${2:?missing username}" + local -r password="${3:?missing password}" + + "${APACHE_BIN_DIR}/htpasswd" -bc "$file" "$username" "$password" + am_i_root && configure_permissions_ownership "$file" --file-mode "600" --user "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" +} diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/7/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh new file mode 100644 index 0000000..b0e0b4c --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh @@ -0,0 +1,1048 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami MySQL Client library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh + +######################## +# Validate settings in MYSQL_CLIENT_* environment variables +# Globals: +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_validate() { + info "Validating settings in MYSQL_CLIENT_* env vars" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + empty_password_enabled_warn() { + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + } + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + backslash_password_error() { + print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" + } + + check_yes_no_value() { + if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then + print_validation_error "The allowed values for ${1} are: yes no" + fi + } + + check_multi_value() { + if [[ " ${2} " != *" ${!1} "* ]]; then + print_validation_error "The allowed values for ${1} are: ${2}" + fi + } + + # Only validate environment variables if any action needs to be performed + check_yes_no_value "MYSQL_CLIENT_ENABLE_SSL_WRAPPER" + check_multi_value "MYSQL_CLIENT_FLAVOR" "mariadb mysql" + + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -z "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" + fi + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && [[ -z "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" + fi + fi + if [[ "${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" + fi + if [[ "${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" + fi + fi + return "$error_code" +} + +######################## +# Perform actions to a database +# Globals: +# DB_* +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_initialize() { + # Wrap binary to force the usage of SSL + if is_boolean_yes "$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"; then + mysql_client_wrap_binary_for_ssl + fi + # Wait for the database to be accessible if any action needs to be performed + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Trying to connect to the database server" + check_mysql_connection() { + echo "SELECT 1" | mysql_execute "mysql" "$MYSQL_CLIENT_DATABASE_ROOT_USER" "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" "-h" "$MYSQL_CLIENT_DATABASE_HOST" "-P" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER" + } + if ! retry_while "check_mysql_connection"; then + error "Could not connect to the database server" + return 1 + fi + fi + # Ensure a database user exists in the server + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]]; then + info "Creating database user ${MYSQL_CLIENT_CREATE_DATABASE_USER}" + local -a args=("$MYSQL_CLIENT_CREATE_DATABASE_USER" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD") + [[ -n "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN") + mysql_ensure_optional_user_exists "${args[@]}" + fi + # Ensure a database exists in the server (and that the user has write privileges, if specified) + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Creating database ${MYSQL_CLIENT_CREATE_DATABASE_NAME}" + local -a createdb_args=("$MYSQL_CLIENT_CREATE_DATABASE_NAME" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" ]] && createdb_args+=("--privileges" "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES") + mysql_ensure_optional_database_exists "${createdb_args[@]}" + fi +} + +######################## +# Wrap binary to force the usage of SSL +# Globals: +# DB_* +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_wrap_binary_for_ssl() { + local wrapper_file="${DB_BIN_DIR}/mysql" + # In MySQL Client 10.6, mysql is a link to the mariadb binary + if [[ -f "${DB_BIN_DIR}/mariadb" ]]; then + wrapper_file="${DB_BIN_DIR}/mariadb" + fi + local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql" + local -a ssl_opts=() + read -r -a ssl_opts <<<"$(mysql_client_extra_opts)" + + mv "$wrapper_file" "$wrapped_binary_file" + cat >"$wrapper_file" <> "$custom_conf_file" + cat "$old_custom_conf_file" >> "$custom_conf_file" + fi + if am_i_root; then + [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" + rm -rf "$DB_VOLUME_DIR/conf" + else + warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" + fi +} + +######################## +# Ensure a db user exists with the given password for the '%' host +# Globals: +# DB_* +# Flags: +# -p|--password - database password +# -u|--user - database user +# --auth-plugin - authentication plugin +# --use-ldap - authenticate user via LDAP +# --host - database host +# --port - database host +# Arguments: +# $1 - database user +# Returns: +# None +######################### +mysql_ensure_user_exists() { + local -r user="${1:?user is required}" + local password="" + local auth_plugin="" + local use_ldap="no" + local hosts + local auth_string="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -p|--password) + shift + password="${1:?missing database password}" + ;; + --auth-plugin) + shift + auth_plugin="${1:?missing authentication plugin}" + ;; + --use-ldap) + use_ldap="yes" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if is_boolean_yes "$use_ldap"; then + auth_string="identified via pam using '$DB_FLAVOR'" + elif [[ -n "$password" ]]; then + if [[ -n "$auth_plugin" ]]; then + auth_string="identified with $auth_plugin by '$password'" + else + auth_string="identified by '$password'" + fi + fi + debug "creating database user \'$user\'" + + local -a mysql_execute_cmd=("mysql_execute") + local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") + if [[ -n "$db_host" && -n "$db_port" ]]; then + mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") + fi + + local mysql_create_user_cmd + [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ + # Views have a definer user, in this case set to 'root', which needs to exist for the view to work + # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html + # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed + if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then + alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 + return 1 + ;; + esac + shift + done + + local -a mysql_execute_cmd=("mysql_execute") + [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + + local -a create_database_args=() + [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") + [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") + + debug "Creating database $database" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$user") + [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") + [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") + if is_boolean_yes "$use_ldap"; then + flags+=("--use-ldap") + elif [[ -n "$password" ]]; then + flags+=("-p" "$password") + [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") + fi + mysql_ensure_user_exists "${flags[@]}" +} + +######################## +# Optionally create the given database, and then optionally give a user +# full privileges on the database. +# Flags: +# -u|--user - database user +# --character-set - character set +# --collation - collation +# --host - database host +# --port - database port +# Arguments: +# $1 - database name +# Returns: +# None +######################### +mysql_ensure_optional_database_exists() { + local -r database="${1:?database is missing}" + local character_set="" + local collate="" + local user="" + local privileges="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + --character-set) + shift + character_set="${1:?missing character set}" + ;; + --collate) + shift + collate="${1:?missing collate}" + ;; + -u|--user) + shift + user="${1:?missing database user}" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + --privileges) + shift + privileges="${1:?missing privileges}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$database") + [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") + [[ -n "$collate" ]] && flags+=("--collate" "$collate") + [[ -n "$db_host" ]] && flags+=("--host" "$db_host") + [[ -n "$db_port" ]] && flags+=("--port" "$db_port") + mysql_ensure_database_exists "${flags[@]}" + + if [[ -n "$user" ]]; then + mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" + fi +} + +######################## +# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") +# Globals: +# DB_* +# Arguments: +# $1 - MySQL variable name +# $2 - Value to assign to the MySQL variable +# $3 - Section in the MySQL configuration file the key is located (default: mysqld) +# $4 - Configuration file (default: "$BD_CONF_FILE") +# Returns: +# None +######################### +mysql_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + read -r -a sections <<<"${3:-mysqld}" + local -r ignore_inline_comments="${4:-no}" + local -r file="${5:-"$DB_CONF_FILE"}" + info "Setting ${key} option" + debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" + # Check if the configuration exists in the file + for section in "${sections[@]}"; do + if is_boolean_yes "$ignore_inline_comments"; then + ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" + else + ini-file set --section "$section" --key "$key" --value "$value" "$file" + fi + done +} + +######################## +# Update MySQL/MariaDB configuration file with user custom inputs +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_update_custom_config() { + # Persisted configuration files from old versions + ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration + + # User injected custom configuration + if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then + debug "Injecting custom configuration from my_custom.conf" + cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" + fi + + ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" + ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" + ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" + ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" + ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" + ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" + ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" + ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" + ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Find the path to the libjemalloc library file +# Globals: +# None +# Arguments: +# None +# Returns: +# Path to a libjemalloc shared object file +######################### +find_jemalloc_lib() { + local -a locations=( "/usr/lib" "/usr/lib64" ) + local -r pattern='libjemalloc.so.[0-9]' + local path + for dir in "${locations[@]}"; do + # Find the first element matching the pattern and quit + [[ ! -d "$dir" ]] && continue + path="$(find "$dir" -name "$pattern" -print -quit)" + [[ -n "$path" ]] && break + done + echo "${path:-}" +} + +######################## +# Execute a reliable health check against the current mysql instance +# Globals: +# DB_ROOT_USER, DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD +# Arguments: +# None +# Returns: +# mysqladmin output +######################### +mysql_healthcheck() { + local args=("-u${DB_ROOT_USER}" "-h0.0.0.0") + local root_password + + root_password="$(get_master_env_var_value ROOT_PASSWORD)" + if [[ -n "$root_password" ]]; then + args+=("-p${root_password}") + fi + + mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status +} + +######################## +# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# mysql client flavor +######################### +mysql_client_flavor() { + if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then + echo "mariadb" + else + echo "mysql" + fi +} + +######################## +# Prints extra options for MySQL client calls (i.e. SSL options) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# List of options to pass to "mysql" CLI +######################### +mysql_client_extra_opts() { + # Helper to get the proper value for the MySQL client environment variable + mysql_client_env_value() { + local env_name="MYSQL_CLIENT_${1:?missing name}" + if [[ -n "${!env_name:-}" ]]; then + echo "${!env_name:-}" + else + env_name="DB_CLIENT_${1}" + echo "${!env_name:-}" + fi + } + local -a opts=() + local key value + if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=REQUIRED") + else + opts+=("--ssl=TRUE") + fi + # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined + for key in ca key cert; do + value="$(mysql_client_env_value "SSL_${key^^}_FILE")" + [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") + done + else + # Skip SSL validation + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=DISABLED") + else + # SSL connections are enabled by default in MariaDB >=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi + fi + echo "${opts[@]:-}" +} diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/libphp.sh b/7/debian-12/rootfs/opt/bitnami/scripts/libphp.sh new file mode 100644 index 0000000..838cd2b --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/libphp.sh @@ -0,0 +1,265 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami PHP library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libwebserver.sh + +######################## +# Add or modify an entry in the main PHP configuration file (php.ini) +# Globals: +# PHP_CONF_FILE +# Arguments: +# $1 - Key +# $2 - Value +# $3 - File to modify (default: $PHP_CONF_FILE) +# Returns: +# None +######################### +php_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + local -r file="${3:-"$PHP_CONF_FILE"}" + local pattern="^[; ]*${key}\s*=.*$" + if [[ "$key" = "extension" || "$key" = "zend_extension" ]]; then + # The "extension" property works a bit different for PHP, as there is one per module to be included, meaning it is additive unlike other configurations + # Because of that, we first check if the extension was defined in the file to replace the proper entry + pattern="^[; ]*${key}\s*=\s*[\"]?${value}(\.so)?[\"]?\s*$" + fi + local -r entry="${key} = ${value}" + if is_file_writable "$file"; then + # Not using the ini-file tool since it does not play well with php.ini + if grep -q -E "$pattern" "$file"; then + replace_in_file "$file" "$pattern" "$entry" + else + cat >> "$file" <<< "$entry" + fi + else + warn "The PHP configuration file '${file}' is not writable. The '${key}' option will not be configured." + fi +} + +######################## +# Ensure PHP is initialized +# Globals: +# PHP_* +# Arguments: +# None +# Returns: +# None +######################### +php_initialize() { + # Configure PHP options based on the runtime environment + info "Configuring PHP options" + if ! is_dir_empty "$PHP_DEFAULT_CONF_DIR"; then + # Copy default configuration to php configuration directory + cp -nr "$PHP_DEFAULT_CONF_DIR"/. "$PHP_CONF_DIR" + fi + php_set_runtime_config "$PHP_CONF_FILE" + + + # PHP-FPM configuration + ! is_empty_value "$PHP_FPM_LISTEN_ADDRESS" && info "Setting PHP-FPM listen option" && php_conf_set "listen" "$PHP_FPM_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Set PHP runtime options, based on user-provided environment variables +# Globals: +# PHP_* +# Arguments: +# None +# Returns: +# None +######################### +php_set_runtime_config() { + local -r conf_file="${1:?missing conf file}" + + ! is_empty_value "$PHP_DATE_TIMEZONE" && info "Setting PHP date.timezone option" && php_conf_set date.timezone "$PHP_DATE_TIMEZONE" "$conf_file" + ! is_empty_value "$PHP_ENABLE_OPCACHE" && info "Setting PHP opcache.enable option" && php_conf_set opcache.enable "$PHP_ENABLE_OPCACHE" "$conf_file" + ! is_empty_value "$PHP_EXPOSE_PHP" && info "Setting PHP expose_php option" && php_conf_set expose_php "$PHP_EXPOSE_PHP" "$conf_file" + ! is_empty_value "$PHP_MAX_EXECUTION_TIME" && info "Setting PHP max_execution_time option" && php_conf_set max_execution_time "$PHP_MAX_EXECUTION_TIME" "$conf_file" + ! is_empty_value "$PHP_MAX_INPUT_TIME" && info "Setting PHP max_input_time option" && php_conf_set max_input_time "$PHP_MAX_INPUT_TIME" "$conf_file" + ! is_empty_value "$PHP_MAX_INPUT_VARS" && info "Setting PHP max_input_vars option" && php_conf_set max_input_vars "$PHP_MAX_INPUT_VARS" "$conf_file" + ! is_empty_value "$PHP_MEMORY_LIMIT" && info "Setting PHP memory_limit option" && php_conf_set memory_limit "$PHP_MEMORY_LIMIT" "$conf_file" + ! is_empty_value "$PHP_POST_MAX_SIZE" && info "Setting PHP post_max_size option" && php_conf_set post_max_size "$PHP_POST_MAX_SIZE" "$conf_file" + ! is_empty_value "$PHP_UPLOAD_MAX_FILESIZE" && info "Setting PHP upload_max_filesize option" && php_conf_set upload_max_filesize "$PHP_UPLOAD_MAX_FILESIZE" "$conf_file" + ! is_empty_value "$PHP_OUTPUT_BUFFERING" && info "Setting PHP output_buffering option" && php_conf_set output_buffering "$PHP_OUTPUT_BUFFERING" "$conf_file" + + true +} + +######################## +# Convert a yes/no value to a PHP boolean +# Globals: +# None +# Arguments: +# $1 - yes/no value +# Returns: +# None +######################### +php_convert_to_boolean() { + local -r value="${1:?missing value}" + is_boolean_yes "$value" && echo "true" || echo "false" +} + +######################## +# Execute/run PHP code and print to stdout +# Globals: +# None +# Stdin: +# Code to execute +# Arguments: +# $1..$n - Input arguments to script +# Returns: +# None +######################### +php_execute_print_output() { + local php_cmd + # Obtain the command specified via stdin + php_cmd="$( "$SUITECRM_SILENT_INSTALL_CONF_FILE" + ) + web_server_start + suitecrm_7_pass_wizard + # Configure SMTP via application wizard + if ! is_empty_value "$SUITECRM_SMTP_HOST"; then + info "Configuring SMTP" + suitecrm_pass_smtp_wizard + fi + web_server_stop + # Delete configuration file for silent install as it's not needed anymore + rm "$SUITECRM_SILENT_INSTALL_CONF_FILE" + else + suitecrm_pass_wizard + # Configure SMTP via application wizard + if ! is_empty_value "$SUITECRM_SMTP_HOST"; then + web_server_start + info "Configuring SMTP" + suitecrm_pass_smtp_wizard + web_server_stop + fi + fi + + else + info "An already initialized SuiteCRM database was provided, configuration will be skipped" + # A very basic 'config.php' will be generated with enough information for the application to be able to connect to the database + # Afterwards we will make use of the application's 'Rebuild Config File' functionality to create a complete configuration file + # Then we will be able to use the application's scripts to generate cache files, '.htaccess' and other required files + info "Generating SuiteCRM configuration file" + ( + export db_host db_port db_name db_user db_pass + render-template "${template_dir}/config_db.php.tpl" > "$SUITECRM_CONF_FILE" + # Ensure the configuration file is writable by the web server + # Negate the condition to always return true and avoid causing exit code + ! am_i_root || configure_permissions_ownership "$SUITECRM_CONF_FILE" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" + ) + suitecrm_rebuild_files + fi + + info "Persisting SuiteCRM installation" + persist_app "$app_name" "$SUITECRM_DATA_TO_PERSIST" + else + info "Restoring persisted SuiteCRM installation" + restore_persisted_app "$app_name" "$SUITECRM_DATA_TO_PERSIST" + info "Trying to connect to the database server" + db_host="$(suitecrm_conf_get "dbconfig" "db_host_name")" + db_port="$(suitecrm_conf_get "dbconfig" "db_port")" + db_name="$(suitecrm_conf_get "dbconfig" "db_name")" + db_user="$(suitecrm_conf_get "dbconfig" "db_user_name")" + db_pass="$(suitecrm_conf_get "dbconfig" "db_password")" + suitecrm_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" + fi + + # Ensure SuiteCRM cron jobs are created when running setup with a root user + # https://docs.suitecrm.com/blog/scheduler-jobs/ + local -a cron_cmd=(cd "${SUITECRM_BASE_DIR};" "${PHP_BIN_DIR}/php" "-f" "cron.php") + if am_i_root; then + generate_cron_conf "suitecrm" "${cron_cmd[*]} > /dev/null 2>&1" --run-as "$WEB_SERVER_DAEMON_USER" --schedule "*/1 * * * *" + else + warn "Skipping cron configuration for SuiteCRM because of running as a non-root user" + fi + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Get an entry from the SuiteCRM configuration file ('config.php') +# Globals: +# SUITECRM_* +# Arguments: +# $1 - PHP variable name +# Returns: +# None +######################### +suitecrm_conf_get() { + local key="${1:?key missing}" + # Construct a PHP array path for the configuration, so each key is passed as a separate argument + local path="\$sugar_config" + for key in "$@"; do + path="${path}['${key}']" + done + debug "Getting ${key} from SuiteCRM configuration" + php -r "require ('${SUITECRM_CONF_FILE}'); print_r($path);" +} + +######################## +# Set an entry into the SuiteCRM configuration file ('config.php') +# Globals: +# SUITECRM_* +# Arguments: +# $1 - PHP variable name +# Returns: +# None +######################### +suitecrm_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?missing value}" + debug "Setting ${key} to '${value}' in SuiteCRM configuration" + # Sanitize key (sed does not support fixed string substitutions) + local sanitized_pattern + sanitized_pattern="$(sed 's/[]\[^$.*/]/\\&/g' <<< "$key")" + # Check if the configuration exists in the file + if grep -q -E "$sanitized_pattern" "$SUITECRM_CONF_FILE"; then + # It exists, so replace the line + replace_in_file "$SUITECRM_CONF_FILE" "('${sanitized_pattern}' => ').*(',)" "\1${value}\2" + else + # The SuiteCRM configuration file includes all supported keys, but because of its format, + # we cannot append contents to the end. We can assume thi + warn "Could not set the SuiteCRM '${key}' configuration. Check that the file has not been modified externally." + fi +} + +######################## +# Wait until the database is accessible with the currently-known credentials +# Globals: +# * +# Arguments: +# $1 - database host +# $2 - database port +# $3 - database name +# $4 - database username +# $5 - database user password (optional) +# Returns: +# true if the database connection succeeded, false otherwise +######################### +suitecrm_wait_for_db_connection() { + local -r db_host="${1:?missing database host}" + local -r db_port="${2:?missing database port}" + local -r db_name="${3:?missing database name}" + local -r db_user="${4:?missing database user}" + local -r db_pass="${5:-}" + check_mysql_connection() { + echo "SELECT 1" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" + } + if ! retry_while "check_mysql_connection"; then + error "Could not connect to the database" + return 1 + fi +} + +######################## +# Pass SuiteCRM SMTP wizard +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the wizard succeeded, false otherwise +######################### +suitecrm_pass_smtp_wizard() { + local -r port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + local wizard_url curl_output + local -a curl_opts curl_data_opts + local url_protocol=http + is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https + local site_url="${url_protocol}://127.0.0.1:${port}/index.php" + cookie_file="/tmp/cookie$(generate_random_string -t alphanumeric -c 8)" + curl_opts=( + "--location" + "--silent" + "--cookie-jar" "$cookie_file" + "--cookie" "$cookie_file" + # Used to avoid XSRF warning + "--referer" "http://localhost" + ) + # Step 1: Login to SuiteCRM and check that SMTP is not configured yet + wizard_url="${site_url}?action=Login&module=Users" + curl_data_opts=( + "--data-urlencode" "username_password=${SUITECRM_PASSWORD}" + "--data-urlencode" "user_name=${SUITECRM_USERNAME}" + "--data-urlencode" "return_action=Login" + "--data-urlencode" "module=Users" + "--data-urlencode" "action=Authenticate" + ) + curl_output="$(curl "${curl_opts[@]}" "${curl_data_opts[@]}" "${wizard_url}")" + if [[ "$curl_output" != *"an SMTP server must be configured"* ]]; then + error "An error occurred while trying to login to configure SMTP" + return 1 + fi + + # Step 2: Configure SMTP and check the message to warn about SMTP has gone + wizard_url="${site_url}?module=EmailMan&action=config" + + # Check if SMTP should go over SSL + local smtp_protocol="" + [[ "$SUITECRM_SMTP_PROTOCOL" = "ssl" ]] && smtp_protocol="1" + [[ "$SUITECRM_SMTP_PROTOCOL" = "tls" ]] && smtp_protocol="2" + + # Check if SMTP user:pass is configured + local smtp_auth_req=0 + ! is_empty_value "$SUITECRM_SMTP_USER" && smtp_auth_req=1 + + curl_data_opts=( + "--data-urlencode" "mail_allowusersend=0" + "--data-urlencode" "mail_sendtype=SMTP" + "--data-urlencode" "mail_smtpauth_req=${smtp_auth_req}" + "--data-urlencode" "module=EmailMan" + "--data-urlencode" "mail_smtppass=${SUITECRM_SMTP_PASSWORD}" + "--data-urlencode" "mail_smtpport=${SUITECRM_SMTP_PORT_NUMBER}" + "--data-urlencode" "mail_smtpserver=${SUITECRM_SMTP_HOST}" + "--data-urlencode" "mail_smtptype=other" + "--data-urlencode" "mail_smtpuser=${SUITECRM_SMTP_USER}" + "--data-urlencode" "mail_smtpssl=${smtp_protocol}" + "--data-urlencode" "notify_fromaddress=${SUITECRM_SMTP_NOTIFY_ADDRESS}" + "--data-urlencode" "notify_fromname=${SUITECRM_SMTP_NOTIFY_NAME}" + "--data-urlencode" "action=Save" + ) + curl_output="$(curl "${curl_opts[@]}" "${curl_data_opts[@]}" "${wizard_url}")" + if [[ "$curl_output" == *"an SMTP server must be configured"* ]]; then + error "An error occurred configuring SMTP for SuiteCRM" + return 1 + fi +} + +######################## +# Pass SuiteCRM wizard +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the wizard succeeded, false otherwise +######################### +suitecrm_pass_wizard() { + local -a install_args + local url_protocol=http + info "Running setup wizard" + is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https + + install_args=( + "--site_host=${url_protocol}://${SUITECRM_HOST}" + "--site_username=${SUITECRM_USERNAME}" + "--site_password=${SUITECRM_PASSWORD}" + "--db_username=${SUITECRM_DATABASE_USER}" + "--db_password=${SUITECRM_DATABASE_PASSWORD}" + "--db_host=${SUITECRM_DATABASE_HOST}" + "--db_port=${SUITECRM_DATABASE_PORT_NUMBER}" + "--db_name=${SUITECRM_DATABASE_NAME}" + "--no-interaction" + ) + + suitecrm_execute suitecrm:app:install "${install_args[@]}" +} + +######################## +# Pass SuiteCRM 7 wizard +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the wizard succeeded, false otherwise +######################### +suitecrm_7_pass_wizard() { + local -r port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + local wizard_url curl_output + local -a curl_opts curl_data_opts + local url_protocol=http + info "Running setup wizard" + is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https + wizard_url="${url_protocol}://127.0.0.1:${port}/install.php?goto=SilentInstall&cli=true" + curl_opts=("--location" "--silent") + curl_data_opts=( + "--data-urlencode" "current_step=8" + "--data-urlencode" "goto=Next" + ) + local wizard_exit_code=0 + wizard_error() { + error "An error occurred while installing SuiteCRM: ${*}" + wizard_exit_code=1 + } + if ! debug_execute curl "${curl_opts[@]}" "${wizard_url}"; then + wizard_error "The wizard could not be accessed" + fi + if ! grep -q "Save user settings" "${SUITECRM_BASE_DIR}/install.log"; then + wizard_error "Installation failed" + fi + return "$wizard_exit_code" +} + +######################## +# Rebuild SuiteCRM's configuration file +# Globals: +# * +# Arguments: +# None +# Returns: +# true if succeded, false otherwise +######################### +suitecrm_rebuild_files() { + # The below script executes the code from "Repair > Rebuild Config File" to regenerate the configuration file + # We prefer to run a script rather than via cURL requests because it would require to login, and could cause + # issues with SUITECRM_SKIP_BOOTSTRAP + php_execute </dev/null 2>&1 & + if ! retry_while "is_php_fpm_running"; then + error "php-fpm did not start" + error_code=1 + else + info "php-fpm started" + fi +else + info "php-fpm is already running" +fi + +exit "$error_code" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/php/status.sh b/7/debian-12/rootfs/opt/bitnami/scripts/php/status.sh new file mode 100755 index 0000000..2ca4fb3 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/php/status.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/liblog.sh + +# Load PHP-FPM environment variables +. /opt/bitnami/scripts/php-env.sh + +if is_php_fpm_running; then + info "php-fpm is already running" +else + info "php-fpm is not running" +fi diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh b/7/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh new file mode 100755 index 0000000..74274a4 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load PHP-FPM environment variables +. /opt/bitnami/scripts/php-env.sh + +error_code=0 + +if is_php_fpm_running; then + BITNAMI_QUIET=1 php_fpm_stop + if ! retry_while "is_php_fpm_not_running"; then + error "php-fpm could not be stopped" + error_code=1 + else + info "php-fpm stopped" + fi +else + info "php-fpm is not running" +fi + +exit "$error_code" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh new file mode 100644 index 0000000..a4ba165 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh @@ -0,0 +1,120 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for suitecrm + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-suitecrm}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +suitecrm_env_vars=( + SUITECRM_DATA_TO_PERSIST + SUITECRM_SKIP_BOOTSTRAP + SUITECRM_USERNAME + SUITECRM_PASSWORD + SUITECRM_EMAIL + SUITECRM_HOST + SUITECRM_ENABLE_HTTPS + SUITECRM_EXTERNAL_HTTP_PORT_NUMBER + SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER + SUITECRM_VALIDATE_USER_IP + SUITECRM_SMTP_HOST + SUITECRM_SMTP_PORT_NUMBER + SUITECRM_SMTP_USER + SUITECRM_SMTP_PASSWORD + SUITECRM_SMTP_PROTOCOL + SUITECRM_SMTP_NOTIFY_ADDRESS + SUITECRM_SMTP_NOTIFY_NAME + SUITECRM_DATABASE_HOST + SUITECRM_DATABASE_PORT_NUMBER + SUITECRM_DATABASE_NAME + SUITECRM_DATABASE_USER + SUITECRM_DATABASE_PASSWORD + SMTP_HOST + SMTP_PORT + SUITECRM_SMTP_PORT + SMTP_USER + SMTP_PASSWORD + SMTP_PROTOCOL +) +for env_var in "${suitecrm_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset suitecrm_env_vars + +# Paths +export SUITECRM_BASE_DIR="${BITNAMI_ROOT_DIR}/suitecrm" +export SUITECRM_CONF_FILE="${SUITECRM_BASE_DIR}/public/legacy/config.php" +export SUITECRM_SILENT_INSTALL_CONF_FILE="${SUITECRM_BASE_DIR}/public/legacy/config_si.php" + +# SuiteCRM persistence configuration +export SUITECRM_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/suitecrm" +export SUITECRM_MOUNTED_CONF_FILE="${SUITECRM_VOLUME_DIR}/config_si.php" +export SUITECRM_DATA_TO_PERSIST="${SUITECRM_DATA_TO_PERSIST:-$SUITECRM_BASE_DIR}" + +# SuiteCRM configuration +export SUITECRM_SKIP_BOOTSTRAP="${SUITECRM_SKIP_BOOTSTRAP:-}" # only used during the first initialization + +# SuiteCRM credentials +export SUITECRM_USERNAME="${SUITECRM_USERNAME:-user}" # only used during the first initialization +export SUITECRM_PASSWORD="${SUITECRM_PASSWORD:-bitnami}" # only used during the first initialization +export SUITECRM_EMAIL="${SUITECRM_EMAIL:-user@example.com}" # only used during the first initialization +export SUITECRM_HOST="${SUITECRM_HOST:-localhost}" # only used during the first initialization +export SUITECRM_ENABLE_HTTPS="${SUITECRM_ENABLE_HTTPS:-no}" # only used during the first initialization +export SUITECRM_EXTERNAL_HTTP_PORT_NUMBER="${SUITECRM_EXTERNAL_HTTP_PORT_NUMBER:-80}" # only used during the first initialization +export SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER="${SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER:-443}" # only used during the first initialization +export SUITECRM_VALIDATE_USER_IP="${SUITECRM_VALIDATE_USER_IP:-true}" + +# SuiteCRM SMTP credentials +SUITECRM_SMTP_HOST="${SUITECRM_SMTP_HOST:-"${SMTP_HOST:-}"}" +export SUITECRM_SMTP_HOST="${SUITECRM_SMTP_HOST:-}" # only used during the first initialization +SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-"${SMTP_PORT:-}"}" +SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-"${SUITECRM_SMTP_PORT:-}"}" +export SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-}" # only used during the first initialization +SUITECRM_SMTP_USER="${SUITECRM_SMTP_USER:-"${SMTP_USER:-}"}" +export SUITECRM_SMTP_USER="${SUITECRM_SMTP_USER:-}" # only used during the first initialization +SUITECRM_SMTP_PASSWORD="${SUITECRM_SMTP_PASSWORD:-"${SMTP_PASSWORD:-}"}" +export SUITECRM_SMTP_PASSWORD="${SUITECRM_SMTP_PASSWORD:-}" # only used during the first initialization +SUITECRM_SMTP_PROTOCOL="${SUITECRM_SMTP_PROTOCOL:-"${SMTP_PROTOCOL:-}"}" +export SUITECRM_SMTP_PROTOCOL="${SUITECRM_SMTP_PROTOCOL:-}" # only used during the first initialization +export SUITECRM_SMTP_NOTIFY_ADDRESS="${SUITECRM_SMTP_NOTIFY_ADDRESS:-${SUITECRM_EMAIL}}" +export SUITECRM_SMTP_NOTIFY_NAME="${SUITECRM_SMTP_NOTIFY_NAME:-SuiteCRM}" + +# Database configuration +export SUITECRM_DEFAULT_DATABASE_HOST="mariadb" # only used at build time +export SUITECRM_DATABASE_HOST="${SUITECRM_DATABASE_HOST:-$SUITECRM_DEFAULT_DATABASE_HOST}" # only used during the first initialization +export SUITECRM_DATABASE_PORT_NUMBER="${SUITECRM_DATABASE_PORT_NUMBER:-3306}" # only used during the first initialization +export SUITECRM_DATABASE_NAME="${SUITECRM_DATABASE_NAME:-bitnami_suitecrm}" # only used during the first initialization +export SUITECRM_DATABASE_USER="${SUITECRM_DATABASE_USER:-bn_suitecrm}" # only used during the first initialization +export SUITECRM_DATABASE_PASSWORD="${SUITECRM_DATABASE_PASSWORD:-}" # only used during the first initialization + +# PHP configuration +export PHP_DEFAULT_MEMORY_LIMIT="256M" # only used at build time +export PHP_DEFAULT_POST_MAX_SIZE="60M" # only used at build time +export PHP_DEFAULT_UPLOAD_MAX_FILESIZE="60M" # only used at build time + +# Custom environment variables may be defined below diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl new file mode 100644 index 0000000..cf8eab3 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl @@ -0,0 +1,23 @@ +// This file is based on a config.php file from a completed install. You can obtain it by disabling the wizard and browsing to the application. +// This will be used for new installs using existing databases, where we will first use a very basic config file and then repair via the app to add missing fields. + + array ( + 'db_host_name' => '{{db_host}}', + 'db_host_instance' => '', + 'db_user_name' => '{{db_user}}', + 'db_password' => '{{db_pass}}', + 'db_name' => '{{db_name}}', + 'db_type' => 'mysql', + 'db_port' => '{{db_port}}', + 'db_manager' => 'MysqliManager', + ), + 'dbconfigoption' => + array ( + 'persistent' => true, + 'autofree' => false, + 'debug' => 0, + 'ssl' => false, + ), +); diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl new file mode 100644 index 0000000..6bc6a35 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl @@ -0,0 +1,39 @@ +// This file is based on https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_9.3/Architecture/Configurator/Silent_Installer_Settings/#config_siphp + + '{{url_protocol}}://{{SUITECRM_HOST}}', + 'setup_system_name' => 'Bitnami SuiteCRM', + 'setup_db_host_name' => '{{SUITECRM_DATABASE_HOST}}', + 'setup_site_admin_user_name' => '{{SUITECRM_USERNAME}}', + 'setup_site_admin_email' => ' {{SUITECRM_EMAIL}}', + 'setup_site_admin_password' => '{{SUITECRM_PASSWORD}}', + 'demoData' => false, + 'setup_db_type' => 'mysql', + 'setup_db_host_name' => '{{SUITECRM_DATABASE_HOST}}', + 'setup_db_database_name' => '{{SUITECRM_DATABASE_NAME}}', + 'setup_db_port_num' => '{{SUITECRM_DATABASE_PORT_NUMBER}}', + 'setup_db_sugarsales_user' => '{{SUITECRM_DATABASE_USER}}', + 'setup_db_sugarsales_password' => '{{SUITECRM_DATABASE_PASSWORD}}', + 'setup_db_admin_user_name' => '{{SUITECRM_DATABASE_USER}}', + 'setup_db_admin_password' => '{{SUITECRM_DATABASE_PASSWORD}}', + 'setup_db_drop_tables' => false, + 'setup_db_create_database' => true, + 'default_currency_iso4217' => 'USD', + 'default_currency_name' => 'US Dollars', + 'default_currency_significant_digits' => '2', + 'default_currency_symbol' => '$', + 'default_date_format' => 'Y-m-d', + 'default_time_format' => 'H:i', + 'default_decimal_seperator' => '.', + 'default_export_charset' => 'ISO-8859-1', + 'default_language' => 'en_us', + 'default_locale_name_format' => 's f l', + 'default_number_grouping_seperator' => ',', + 'export_delimiter' => ',', + 'verify_client_ip' => {{SUITECRM_VALIDATE_USER_IP}}, + 'session_dir' => '/tmp', +); + +?> diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh new file mode 100755 index 0000000..7795e36 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libwebserver.sh + +print_welcome_page + +if [[ "$1" = "/opt/bitnami/scripts/suitecrm/run.sh" || "$1" = "/opt/bitnami/scripts/$(web_server_type)/run.sh" || "$1" = "/opt/bitnami/scripts/nginx-php-fpm/run.sh" ]]; then + info "** Starting SuiteCRM setup **" + /opt/bitnami/scripts/"$(web_server_type)"/setup.sh + /opt/bitnami/scripts/php/setup.sh + /opt/bitnami/scripts/mysql-client/setup.sh + /opt/bitnami/scripts/suitecrm/setup.sh + /post-init.sh + info "** SuiteCRM setup finished! **" +fi + +echo "" +exec "$@" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh new file mode 100755 index 0000000..a5a5c14 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load PHP environment for 'php_conf_set' (after 'suitecrm-env.sh' so that MODULE is not set to a wrong value) +. /opt/bitnami/scripts/php-env.sh + +# Load libraries +. /opt/bitnami/scripts/libsuitecrm.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Load web server environment and functions (after SuiteCRM environment file so MODULE is not set to a wrong value) +. "/opt/bitnami/scripts/$(web_server_type)-env.sh" + +# Ensure the SuiteCRM base directory exists and has proper permissions +info "Configuring file permissions for SuiteCRM" +ensure_user_exists "$WEB_SERVER_DAEMON_USER" --group "$WEB_SERVER_DAEMON_GROUP" +for dir in "$SUITECRM_BASE_DIR" "$SUITECRM_VOLUME_DIR" "${SUITECRM_BASE_DIR}/tmp"; do + ensure_dir_exists "$dir" + # Use daemon:daemon ownership for compatibility when running as a non-root user + configure_permissions_ownership "$dir" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" +done + +# Configure required PHP options for application to work properly, based on build-time defaults +info "Configuring default PHP options for SuiteCRM" +php_conf_set memory_limit "$PHP_DEFAULT_MEMORY_LIMIT" +php_conf_set upload_max_filesize "$PHP_DEFAULT_UPLOAD_MAX_FILESIZE" +php_conf_set post_max_size "$PHP_DEFAULT_POST_MAX_SIZE" +# Disabling opcache to be able to modify parameters using the system setting panel. Ref: T18279 +php_conf_set "opcache.enable" "Off" + +# Enable default web server configuration for SuiteCRM +info "Creating default web server configuration for SuiteCRM" +web_server_validate +# Not moving .htaccess because SuiteCRM generates some of them during installation +# Backward compatibility with SuiteCRM 7 +if [[ -d "${SUITECRM_BASE_DIR}/public" ]]; then + ensure_web_server_app_configuration_exists "suitecrm" --type php --apache-move-htaccess "no" --document-root "${BITNAMI_ROOT_DIR}/suitecrm/public" +else + ensure_web_server_app_configuration_exists "suitecrm" --type php --apache-move-htaccess "no" +fi diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh new file mode 100755 index 0000000..afdaaaf --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load libraries +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Catch SIGTERM signal and stop all child processes +_forwardTerm() { + warn "Caught signal SIGTERM, passing it to child processes..." + pgrep -P $$ | xargs kill -TERM 2>/dev/null + wait + exit $? +} +trap _forwardTerm TERM + +# Start cron +if am_i_root; then + info "** Starting cron **" + if ! cron_start; then + error "Failed to start cron. Check that it is installed and its configuration is correct." + exit 1 + fi +else + warn "Cron will not be started because of running as a non-root user" +fi + +# Start Apache +exec "/opt/bitnami/scripts/$(web_server_type)/run.sh" diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh new file mode 100755 index 0000000..299461e --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load MySQL Client environment for 'mysql_remote_execute' (after 'suitecrm-env.sh' so that MODULE is not set to a wrong value) +if [[ -f /opt/bitnami/scripts/mysql-client-env.sh ]]; then + . /opt/bitnami/scripts/mysql-client-env.sh +elif [[ -f /opt/bitnami/scripts/mysql-env.sh ]]; then + . /opt/bitnami/scripts/mysql-env.sh +elif [[ -f /opt/bitnami/scripts/mariadb-env.sh ]]; then + . /opt/bitnami/scripts/mariadb-env.sh +fi + +# Load PHP environment for cron configuration (after 'moodle-env.sh' so that MODULE is not set to a wrong value) +. /opt/bitnami/scripts/php-env.sh + +# Load libraries +. /opt/bitnami/scripts/libsuitecrm.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Load web server environment and functions (after SuiteCRM environment file so MODULE is not set to a wrong value) +. "/opt/bitnami/scripts/$(web_server_type)-env.sh" + +# Ensure SuiteCRM environment variables are valid +suitecrm_validate + +# Update web server configuration with runtime environment (needs to happen before the initialization) +web_server_update_app_configuration "suitecrm" + +# Ensure SuiteCRM is initialized +suitecrm_initialize diff --git a/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh new file mode 100755 index 0000000..3069388 --- /dev/null +++ b/7/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load libraries +. /opt/bitnami/scripts/libsuitecrm.sh +. /opt/bitnami/scripts/libfile.sh + +SUITECRM_SERVER_HOST="${1:?missing host}" +if is_boolean_yes "$SUITECRM_ENABLE_HTTPS"; then + SUITECRM_SERVER_URL="https://${SUITECRM_SERVER_HOST}" + [[ "$SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER" != "443" ]] && SUITECRM_SERVER_URL+=":${SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER}" +else + SUITECRM_SERVER_URL="http://${SUITECRM_SERVER_HOST}" + [[ "$SUITECRM_EXTERNAL_HTTP_PORT_NUMBER" != "80" ]] && SUITECRM_SERVER_URL+=":${SUITECRM_EXTERNAL_HTTP_PORT_NUMBER}" +fi +suitecrm_conf_set "site_url" "$SUITECRM_SERVER_URL" +suitecrm_conf_set "host_name" "$SUITECRM_SERVER_HOST" diff --git a/7/debian-12/rootfs/post-init.d/php.sh b/7/debian-12/rootfs/post-init.d/php.sh new file mode 100755 index 0000000..6be2585 --- /dev/null +++ b/7/debian-12/rootfs/post-init.d/php.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom PHP init scripts + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ "$custom_init_script" != *".php" ]] && continue + info "Executing ${custom_init_script} with PHP interpreter" + php "$custom_init_script" || failure=1 + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/7/debian-12/rootfs/post-init.d/shell.sh b/7/debian-12/rootfs/post-init.d/shell.sh new file mode 100755 index 0000000..75a202d --- /dev/null +++ b/7/debian-12/rootfs/post-init.d/shell.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom Bash init scripts + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ "$custom_init_script" != *".sh" ]] && continue + if [[ -x "$custom_init_script" ]]; then + info "Executing ${custom_init_script}" + "$custom_init_script" || failure="1" + else + info "Sourcing ${custom_init_script} as it is not executable by the current user, any error may cause initialization to fail" + . "$custom_init_script" + fi + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/7/debian-12/rootfs/post-init.d/sql-mysql.sh b/7/debian-12/rootfs/post-init.d/sql-mysql.sh new file mode 100755 index 0000000..dc95fc8 --- /dev/null +++ b/7/debian-12/rootfs/post-init.d/sql-mysql.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom MySQL (.sql or .sql.gz) init scripts + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +mysql_execute() { + local -r sql_file="${1:?missing file}" + local failure=0 + mysql_cmd=("mysql" "-h" "$MARIADB_HOST" "-P" "$MARIADB_PORT_NUMBER" "-u" "$MARIADB_ROOT_USER") + if [[ "${ALLOW_EMPTY_PASSWORD:-no}" != "yes" ]]; then + mysql_cmd+=("-p${MARIADB_ROOT_PASSWORD}") + fi + if [[ "$sql_file" == *".sql" ]]; then + "${mysql_cmd[@]}" < "$sql_file" || failure=$? + elif [[ "$sql_file" == *".sql.gz" ]]; then + gunzip -c "$sql_file" | "${mysql_cmd[@]}" || failure=$? + fi + return "$failure" +} + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ ! "$custom_init_script" =~ ^.*(\.sql|\.sql\.gz)$ ]] && continue + info "Executing ${custom_init_script}" + mysql_execute "$custom_init_script" || failure=1 + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/7/debian-12/rootfs/post-init.sh b/7/debian-12/rootfs/post-init.sh new file mode 100755 index 0000000..5f80935 --- /dev/null +++ b/7/debian-12/rootfs/post-init.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Only execute init scripts once +if [[ ! -f "/bitnami/suitecrm/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then + read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)" + if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/suitecrm/.user_scripts_initialized" ]]; then + mkdir -p "/bitnami/suitecrm" + for init_script in "${init_scripts[@]}"; do + for init_script_type_handler in /post-init.d/*.sh; do + "$init_script_type_handler" "$init_script" + done + done + fi + + touch "/bitnami/suitecrm/.user_scripts_initialized" +fi diff --git a/7/debian-12/tags-info.yaml b/7/debian-12/tags-info.yaml new file mode 100644 index 0000000..2b5c183 --- /dev/null +++ b/7/debian-12/tags-info.yaml @@ -0,0 +1,4 @@ +rolling-tags: +- "7" +- 7-debian-12 +- 7.14.5 diff --git a/8/debian-12/Dockerfile b/8/debian-12/Dockerfile new file mode 100644 index 0000000..84ca728 --- /dev/null +++ b/8/debian-12/Dockerfile @@ -0,0 +1,66 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2024-08-24T06:14:51Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/suitecrm/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="8.6.2-debian-12-r1" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/suitecrm" \ + org.opencontainers.image.title="suitecrm" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="8.6.2" + +ENV OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages acl ca-certificates cron curl libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "render-template-1.0.7-3-linux-${OS_ARCH}-debian-12" \ + "php-8.1.29-9-linux-${OS_ARCH}-debian-12" \ + "apache-2.4.62-0-linux-${OS_ARCH}-debian-12" \ + "mysql-client-11.4.3-0-linux-${OS_ARCH}-debian-12" \ + "libphp-8.1.29-4-linux-${OS_ARCH}-debian-12" \ + "suitecrm-8.6.2-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +RUN sed -i -e '/pam_loginuid.so/ s/^#*/#/' /etc/pam.d/cron + +COPY rootfs / +RUN /opt/bitnami/scripts/mysql-client/postunpack.sh +RUN /opt/bitnami/scripts/apache/postunpack.sh +RUN /opt/bitnami/scripts/php/postunpack.sh +RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh +RUN /opt/bitnami/scripts/suitecrm/postunpack.sh +ENV APACHE_HTTPS_PORT_NUMBER="" \ + APACHE_HTTP_PORT_NUMBER="" \ + APP_VERSION="8.6.2" \ + BITNAMI_APP_NAME="suitecrm" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/apache/bin:/opt/bitnami/mysql/bin:$PATH" + +EXPOSE 8080 8443 + +ENTRYPOINT [ "/opt/bitnami/scripts/suitecrm/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/suitecrm/run.sh" ] diff --git a/8/debian-12/docker-compose.yml b/8/debian-12/docker-compose.yml new file mode 100644 index 0000000..37e423f --- /dev/null +++ b/8/debian-12/docker-compose.yml @@ -0,0 +1,37 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +version: '2' +services: + mariadb: + image: docker.io/bitnami/mariadb:11.4 + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - MARIADB_USER=bn_suitecrm + - MARIADB_DATABASE=bitnami_suitecrm + - MARIADB_PASSWORD=bitnami123 + volumes: + - 'mariadb_data:/bitnami/mariadb' + suitecrm: + image: docker.io/bitnami/suitecrm:8 + ports: + - '80:8080' + - '443:8443' + environment: + - SUITECRM_DATABASE_HOST=mariadb + - SUITECRM_DATABASE_PORT_NUMBER=3306 + - SUITECRM_DATABASE_USER=bn_suitecrm + - SUITECRM_DATABASE_NAME=bitnami_suitecrm + - SUITECRM_DATABASE_PASSWORD=bitnami123 + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + volumes: + - 'suitecrm_data:/bitnami/suitecrm' + depends_on: + - mariadb +volumes: + mariadb_data: + driver: local + suitecrm_data: + driver: local diff --git a/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000..0918f32 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,38 @@ +{ + "apache": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "2.4.62-0" + }, + "libphp": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.1.29-4" + }, + "mysql-client": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.4.3-0" + }, + "php": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.1.29-9" + }, + "render-template": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.7-3" + }, + "suitecrm": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.6.2-0" + } +} \ No newline at end of file diff --git a/8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt new file mode 100644 index 0000000..76956b3 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt @@ -0,0 +1,2 @@ +Bitnami containers ship with software bundles. You can find the licenses under: +/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000..d239f98 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" + info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "" +} + diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh new file mode 100644 index 0000000..1c69e0e --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh @@ -0,0 +1,141 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing files + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libos.sh + +# Functions + +######################## +# Replace a regex-matching string in a file +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - substitute regex +# $4 - use POSIX regex. Default: true +# Returns: +# None +######################### +replace_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + local posix_regex=${4:-true} + + local result + + # We should avoid using 'sed in-place' substitutions + # 1) They are not compatible with files mounted from ConfigMap(s) + # 2) We found incompatibility issues with Debian10 and "in-place" substitutions + local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues + if [[ $posix_regex = true ]]; then + result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" + else + result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" + fi + echo "$result" > "$filename" +} + +######################## +# Replace a regex-matching multiline string in a file +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - substitute regex +# Returns: +# None +######################### +replace_in_file_multiline() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + + local result + local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues + result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" + echo "$result" > "$filename" +} + +######################## +# Remove a line in a file based on a regex +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - use POSIX regex. Default: true +# Returns: +# None +######################### +remove_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local posix_regex=${3:-true} + local result + + # We should avoid using 'sed in-place' substitutions + # 1) They are not compatible with files mounted from ConfigMap(s) + # 2) We found incompatibility issues with Debian10 and "in-place" substitutions + if [[ $posix_regex = true ]]; then + result="$(sed -E "/$match_regex/d" "$filename")" + else + result="$(sed "/$match_regex/d" "$filename")" + fi + echo "$result" > "$filename" +} + +######################## +# Appends text after the last line matching a pattern +# Arguments: +# $1 - file +# $2 - match regex +# $3 - contents to add +# Returns: +# None +######################### +append_file_after_last_match() { + local file="${1:?missing file}" + local match_regex="${2:?missing pattern}" + local value="${3:?missing value}" + + # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again + result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" + echo "$result" > "$file" +} + +######################## +# Wait until certain entry is present in a log file +# Arguments: +# $1 - entry to look for +# $2 - log file +# $3 - max retries. Default: 12 +# $4 - sleep between retries (in seconds). Default: 5 +# Returns: +# Boolean +######################### +wait_for_log_entry() { + local -r entry="${1:-missing entry}" + local -r log_file="${2:-missing log file}" + local -r retries="${3:-12}" + local -r interval_time="${4:-5}" + local attempt=0 + + check_log_file_for_entry() { + if ! grep -qE "$entry" "$log_file"; then + debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" + return 1 + fi + } + debug "Checking that ${log_file} log file contains entry \"${entry}\"" + if retry_while check_log_file_for_entry "$retries" "$interval_time"; then + debug "Found entry \"${entry}\" in ${log_file}" + true + else + error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" + debug_execute cat "$log_file" + return 1 + fi +} diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh new file mode 100644 index 0000000..970d624 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh @@ -0,0 +1,193 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for file system actions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Ensure a file/directory is owned (user and group) but the given user +# Arguments: +# $1 - filepath +# $2 - owner +# Returns: +# None +######################### +owned_by() { + local path="${1:?path is missing}" + local owner="${2:?owner is missing}" + local group="${3:-}" + + if [[ -n $group ]]; then + chown "$owner":"$group" "$path" + else + chown "$owner":"$owner" "$path" + fi +} + +######################## +# Ensure a directory exists and, optionally, is owned by the given user +# Arguments: +# $1 - directory +# $2 - owner +# Returns: +# None +######################### +ensure_dir_exists() { + local dir="${1:?directory is missing}" + local owner_user="${2:-}" + local owner_group="${3:-}" + + [ -d "${dir}" ] || mkdir -p "${dir}" + if [[ -n $owner_user ]]; then + owned_by "$dir" "$owner_user" "$owner_group" + fi +} + +######################## +# Checks whether a directory is empty or not +# arguments: +# $1 - directory +# returns: +# boolean +######################### +is_dir_empty() { + local -r path="${1:?missing directory}" + # Calculate real path in order to avoid issues with symlinks + local -r dir="$(realpath "$path")" + if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then + true + else + false + fi +} + +######################## +# Checks whether a mounted directory is empty or not +# arguments: +# $1 - directory +# returns: +# boolean +######################### +is_mounted_dir_empty() { + local dir="${1:?missing directory}" + + if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then + true + else + false + fi +} + +######################## +# Checks whether a file can be written to or not +# arguments: +# $1 - file +# returns: +# boolean +######################### +is_file_writable() { + local file="${1:?missing file}" + local dir + dir="$(dirname "$file")" + + if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then + true + else + false + fi +} + +######################## +# Relativize a path +# arguments: +# $1 - path +# $2 - base +# returns: +# None +######################### +relativize() { + local -r path="${1:?missing path}" + local -r base="${2:?missing base}" + pushd "$base" >/dev/null || exit + realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' + popd >/dev/null || exit +} + +######################## +# Configure permisions and ownership recursively +# Globals: +# None +# Arguments: +# $1 - paths (as a string). +# Flags: +# -f|--file-mode - mode for directories. +# -d|--dir-mode - mode for files. +# -u|--user - user +# -g|--group - group +# Returns: +# None +######################### +configure_permissions_ownership() { + local -r paths="${1:?paths is missing}" + local dir_mode="" + local file_mode="" + local user="" + local group="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -f | --file-mode) + shift + file_mode="${1:?missing mode for files}" + ;; + -d | --dir-mode) + shift + dir_mode="${1:?missing mode for directories}" + ;; + -u | --user) + shift + user="${1:?missing user}" + ;; + -g | --group) + shift + group="${1:?missing group}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + read -r -a filepaths <<<"$paths" + for p in "${filepaths[@]}"; do + if [[ -e "$p" ]]; then + find -L "$p" -printf "" + if [[ -n $dir_mode ]]; then + find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" + fi + if [[ -n $file_mode ]]; then + find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" + fi + if [[ -n $user ]] && [[ -n $group ]]; then + find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" + elif [[ -n $user ]] && [[ -z $group ]]; then + find -L "$p" -print0 | xargs -r -0 chown "${user}" + elif [[ -z $user ]] && [[ -n $group ]]; then + find -L "$p" -print0 | xargs -r -0 chgrp "${group}" + fi + else + stderr_print "$p does not exist" + fi + done +} diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh new file mode 100644 index 0000000..f3a5fe7 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library to use for scripts expected to be used as Kubernetes lifecycle hooks + +# shellcheck disable=SC1091 + +# Load generic libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh + +# Override functions that log to stdout/stderr of the current process, so they print to process 1 +for function_to_override in stderr_print debug_execute; do + # Output is sent to output of process 1 and thus end up in the container log + # The hook output in general isn't saved + eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" +done diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh new file mode 100644 index 0000000..450f05b --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for logging functions + +# Constants +RESET='\033[0m' +RED='\033[38;5;1m' +GREEN='\033[38;5;2m' +YELLOW='\033[38;5;3m' +MAGENTA='\033[38;5;5m' +CYAN='\033[38;5;6m' + +# Functions + +######################## +# Print to STDERR +# Arguments: +# Message to print +# Returns: +# None +######################### +stderr_print() { + # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it + local bool="${BITNAMI_QUIET:-false}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + printf "%b\\n" "${*}" >&2 + fi +} + +######################## +# Log message +# Arguments: +# Message to log +# Returns: +# None +######################### +log() { + stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" +} +######################## +# Log an 'info' message +# Arguments: +# Message to log +# Returns: +# None +######################### +info() { + log "${GREEN}INFO ${RESET} ==> ${*}" +} +######################## +# Log message +# Arguments: +# Message to log +# Returns: +# None +######################### +warn() { + log "${YELLOW}WARN ${RESET} ==> ${*}" +} +######################## +# Log an 'error' message +# Arguments: +# Message to log +# Returns: +# None +######################### +error() { + log "${RED}ERROR${RESET} ==> ${*}" +} +######################## +# Log a 'debug' message +# Globals: +# BITNAMI_DEBUG +# Arguments: +# None +# Returns: +# None +######################### +debug() { + # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it + local bool="${BITNAMI_DEBUG:-false}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + log "${MAGENTA}DEBUG${RESET} ==> ${*}" + fi +} + +######################## +# Indent a string +# Arguments: +# $1 - string +# $2 - number of indentation characters (default: 4) +# $3 - indentation character (default: " ") +# Returns: +# None +######################### +indent() { + local string="${1:-}" + local num="${2:?missing num}" + local char="${3:-" "}" + # Build the indentation unit string + local indent_unit="" + for ((i = 0; i < num; i++)); do + indent_unit="${indent_unit}${char}" + done + # shellcheck disable=SC2001 + # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions + echo "$string" | sed "s/^/${indent_unit}/" +} diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh new file mode 100644 index 0000000..004e426 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -0,0 +1,171 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for network functions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh + +# Functions + +######################## +# Resolve IP address for a host/domain (i.e. DNS lookup) +# Arguments: +# $1 - Hostname to resolve +# $2 - IP address version (v4, v6), leave empty for resolving to any version +# Returns: +# IP +######################### +dns_lookup() { + local host="${1:?host is missing}" + local ip_version="${2:-}" + getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 +} + +######################### +# Wait for a hostname and return the IP +# Arguments: +# $1 - hostname +# $2 - number of retries +# $3 - seconds to wait between retries +# Returns: +# - IP address that corresponds to the hostname +######################### +wait_for_dns_lookup() { + local hostname="${1:?hostname is missing}" + local retries="${2:-5}" + local seconds="${3:-1}" + check_host() { + if [[ $(dns_lookup "$hostname") == "" ]]; then + false + else + true + fi + } + # Wait for the host to be ready + retry_while "check_host ${hostname}" "$retries" "$seconds" + dns_lookup "$hostname" +} + +######################## +# Get machine's IP +# Arguments: +# None +# Returns: +# Machine IP +######################### +get_machine_ip() { + local -a ip_addresses + local hostname + hostname="$(hostname)" + read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" + if [[ "${#ip_addresses[@]}" -gt 1 ]]; then + warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" + elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then + error "Could not find any IP address associated to hostname ${hostname}" + exit 1 + fi + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi +} + +######################## +# Check if the provided argument is a resolved hostname +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_hostname_resolved() { + local -r host="${1:?missing value}" + if [[ -n "$(dns_lookup "$host")" ]]; then + true + else + false + fi +} + +######################## +# Parse URL +# Globals: +# None +# Arguments: +# $1 - uri - String +# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String +# Returns: +# String +parse_uri() { + local uri="${1:?uri is missing}" + local component="${2:?component is missing}" + + # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with + # additional sub-expressions to split authority into userinfo, host and port + # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) + local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' + # || | ||| | | | | | | | | | + # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment + # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... + # | 4 authority + # 3 //... + local index=0 + case "$component" in + scheme) + index=2 + ;; + authority) + index=4 + ;; + userinfo) + index=6 + ;; + host) + index=7 + ;; + port) + index=9 + ;; + path) + index=10 + ;; + query) + index=13 + ;; + fragment) + index=14 + ;; + *) + stderr_print "unrecognized component $component" + return 1 + ;; + esac + [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" +} + +######################## +# Wait for a HTTP connection to succeed +# Globals: +# * +# Arguments: +# $1 - URL to wait for +# $2 - Maximum amount of retries (optional) +# $3 - Time between retries (optional) +# Returns: +# true if the HTTP connection succeeded, false otherwise +######################### +wait_for_http_connection() { + local url="${1:?missing url}" + local retries="${2:-}" + local sleep_time="${3:-}" + if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then + error "Could not connect to ${url}" + return 1 + fi +} diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh new file mode 100644 index 0000000..9d908c4 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh @@ -0,0 +1,657 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for operating system actions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libvalidations.sh + +# Functions + +######################## +# Check if an user exists in the system +# Arguments: +# $1 - user +# Returns: +# Boolean +######################### +user_exists() { + local user="${1:?user is missing}" + id "$user" >/dev/null 2>&1 +} + +######################## +# Check if a group exists in the system +# Arguments: +# $1 - group +# Returns: +# Boolean +######################### +group_exists() { + local group="${1:?group is missing}" + getent group "$group" >/dev/null 2>&1 +} + +######################## +# Create a group in the system if it does not exist already +# Arguments: +# $1 - group +# Flags: +# -i|--gid - the ID for the new group +# -s|--system - Whether to create new user as system user (uid <= 999) +# Returns: +# None +######################### +ensure_group_exists() { + local group="${1:?group is missing}" + local gid="" + local is_system_user=false + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -i | --gid) + shift + gid="${1:?missing gid}" + ;; + -s | --system) + is_system_user=true + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + if ! group_exists "$group"; then + local -a args=("$group") + if [[ -n "$gid" ]]; then + if group_exists "$gid"; then + error "The GID $gid is already in use." >&2 + return 1 + fi + args+=("--gid" "$gid") + fi + $is_system_user && args+=("--system") + groupadd "${args[@]}" >/dev/null 2>&1 + fi +} + +######################## +# Create an user in the system if it does not exist already +# Arguments: +# $1 - user +# Flags: +# -i|--uid - the ID for the new user +# -g|--group - the group the new user should belong to +# -a|--append-groups - comma-separated list of supplemental groups to append to the new user +# -h|--home - the home directory for the new user +# -s|--system - whether to create new user as system user (uid <= 999) +# Returns: +# None +######################### +ensure_user_exists() { + local user="${1:?user is missing}" + local uid="" + local group="" + local append_groups="" + local home="" + local is_system_user=false + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -i | --uid) + shift + uid="${1:?missing uid}" + ;; + -g | --group) + shift + group="${1:?missing group}" + ;; + -a | --append-groups) + shift + append_groups="${1:?missing append_groups}" + ;; + -h | --home) + shift + home="${1:?missing home directory}" + ;; + -s | --system) + is_system_user=true + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + if ! user_exists "$user"; then + local -a user_args=("-N" "$user") + if [[ -n "$uid" ]]; then + if user_exists "$uid"; then + error "The UID $uid is already in use." + return 1 + fi + user_args+=("--uid" "$uid") + else + $is_system_user && user_args+=("--system") + fi + useradd "${user_args[@]}" >/dev/null 2>&1 + fi + + if [[ -n "$group" ]]; then + local -a group_args=("$group") + $is_system_user && group_args+=("--system") + ensure_group_exists "${group_args[@]}" + usermod -g "$group" "$user" >/dev/null 2>&1 + fi + + if [[ -n "$append_groups" ]]; then + local -a groups + read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" + for group in "${groups[@]}"; do + ensure_group_exists "$group" + usermod -aG "$group" "$user" >/dev/null 2>&1 + done + fi + + if [[ -n "$home" ]]; then + mkdir -p "$home" + usermod -d "$home" "$user" >/dev/null 2>&1 + configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" + fi +} + +######################## +# Check if the script is currently running as root +# Arguments: +# $1 - user +# $2 - group +# Returns: +# Boolean +######################### +am_i_root() { + if [[ "$(id -u)" = "0" ]]; then + true + else + false + fi +} + +######################## +# Print OS metadata +# Arguments: +# $1 - Flag name +# Flags: +# --id - Distro ID +# --version - Distro version +# --branch - Distro branch +# --codename - Distro codename +# --name - Distro name +# --pretty-name - Distro pretty name +# Returns: +# String +######################### +get_os_metadata() { + local -r flag_name="${1:?missing flag}" + # Helper function + get_os_release_metadata() { + local -r env_name="${1:?missing environment variable name}" + ( + . /etc/os-release + echo "${!env_name}" + ) + } + case "$flag_name" in + --id) + get_os_release_metadata ID + ;; + --version) + get_os_release_metadata VERSION_ID + ;; + --branch) + get_os_release_metadata VERSION_ID | sed 's/\..*//' + ;; + --codename) + get_os_release_metadata VERSION_CODENAME + ;; + --name) + get_os_release_metadata NAME + ;; + --pretty-name) + get_os_release_metadata PRETTY_NAME + ;; + *) + error "Unknown flag ${flag_name}" + return 1 + ;; + esac +} + +######################## +# Get total memory available +# Arguments: +# None +# Returns: +# Memory in bytes +######################### +get_total_memory() { + echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) +} + +######################## +# Get machine size depending on specified memory +# Globals: +# None +# Arguments: +# None +# Flags: +# --memory - memory size (optional) +# Returns: +# Detected instance size +######################### +get_machine_size() { + local memory="" + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + --memory) + shift + memory="${1:?missing memory}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if [[ -z "$memory" ]]; then + debug "Memory was not specified, detecting available memory automatically" + memory="$(get_total_memory)" + fi + sanitized_memory=$(convert_to_mb "$memory") + if [[ "$sanitized_memory" -gt 26000 ]]; then + echo 2xlarge + elif [[ "$sanitized_memory" -gt 13000 ]]; then + echo xlarge + elif [[ "$sanitized_memory" -gt 6000 ]]; then + echo large + elif [[ "$sanitized_memory" -gt 3000 ]]; then + echo medium + elif [[ "$sanitized_memory" -gt 1500 ]]; then + echo small + else + echo micro + fi +} + +######################## +# Get machine size depending on specified memory +# Globals: +# None +# Arguments: +# $1 - memory size (optional) +# Returns: +# Detected instance size +######################### +get_supported_machine_sizes() { + echo micro small medium large xlarge 2xlarge +} + +######################## +# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) +# Globals: +# None +# Arguments: +# $1 - memory size +# Returns: +# Result of the conversion +######################### +convert_to_mb() { + local amount="${1:-}" + if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then + size="${BASH_REMATCH[1]}" + unit="${BASH_REMATCH[2]}" + if [[ "$unit" = "g" || "$unit" = "G" ]]; then + amount="$((size * 1024))" + else + amount="$size" + fi + fi + echo "$amount" +} + +######################### +# Redirects output to /dev/null if debug mode is disabled +# Globals: +# BITNAMI_DEBUG +# Arguments: +# $@ - Command to execute +# Returns: +# None +######################### +debug_execute() { + if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then + "$@" + else + "$@" >/dev/null 2>&1 + fi +} + +######################## +# Retries a command a given number of times +# Arguments: +# $1 - cmd (as a string) +# $2 - max retries. Default: 12 +# $3 - sleep between retries (in seconds). Default: 5 +# Returns: +# Boolean +######################### +retry_while() { + local cmd="${1:?cmd is missing}" + local retries="${2:-12}" + local sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<<"$cmd" + for ((i = 1; i <= retries; i += 1)); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value +} + +######################## +# Generate a random string +# Arguments: +# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii +# -c|--count - Number of characters, defaults to 32 +# Arguments: +# None +# Returns: +# None +# Returns: +# String +######################### +generate_random_string() { + local type="ascii" + local count="32" + local filter + local result + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + -t | --type) + shift + type="$1" + ;; + -c | --count) + shift + count="$1" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Validate type + case "$type" in + ascii) + filter="[:print:]" + ;; + numeric) + filter="0-9" + ;; + alphanumeric) + filter="a-zA-Z0-9" + ;; + alphanumeric+special|special+alphanumeric) + # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters + # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex + filter='a-zA-Z0-9:@.,/+!=' + ;; + *) + echo "Invalid type ${type}" >&2 + return 1 + ;; + esac + # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size + # Note there is a very small chance of strings starting with EOL character + # Therefore, the higher amount of lines read, this will happen less frequently + result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" + echo "$result" +} + +######################## +# Create md5 hash from a string +# Arguments: +# $1 - string +# Returns: +# md5 hash - string +######################### +generate_md5_hash() { + local -r str="${1:?missing input string}" + echo -n "$str" | md5sum | awk '{print $1}' +} + +######################## +# Create sha1 hash from a string +# Arguments: +# $1 - string +# $2 - algorithm - 1 (default), 224, 256, 384, 512 +# Returns: +# sha1 hash - string +######################### +generate_sha_hash() { + local -r str="${1:?missing input string}" + local -r algorithm="${2:-1}" + echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' +} + +######################## +# Converts a string to its hexadecimal representation +# Arguments: +# $1 - string +# Returns: +# hexadecimal representation of the string +######################### +convert_to_hex() { + local -r str=${1:?missing input string} + local -i iterator + local char + for ((iterator = 0; iterator < ${#str}; iterator++)); do + char=${str:iterator:1} + printf '%x' "'${char}" + done +} + +######################## +# Get boot time +# Globals: +# None +# Arguments: +# None +# Returns: +# Boot time metadata +######################### +get_boot_time() { + stat /proc --format=%Y +} + +######################## +# Get machine ID +# Globals: +# None +# Arguments: +# None +# Returns: +# Machine ID +######################### +get_machine_id() { + local machine_id + if [[ -f /etc/machine-id ]]; then + machine_id="$(cat /etc/machine-id)" + fi + if [[ -z "$machine_id" ]]; then + # Fallback to the boot-time, which will at least ensure a unique ID in the current session + machine_id="$(get_boot_time)" + fi + echo "$machine_id" +} + +######################## +# Get the root partition's disk device ID (e.g. /dev/sda1) +# Globals: +# None +# Arguments: +# None +# Returns: +# Root partition disk ID +######################### +get_disk_device_id() { + local device_id="" + if grep -q ^/dev /proc/mounts; then + device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" + fi + # If it could not be autodetected, fallback to /dev/sda1 as a default + if [[ -z "$device_id" || ! -b "$device_id" ]]; then + device_id="/dev/sda1" + fi + echo "$device_id" +} + +######################## +# Get the root disk device ID (e.g. /dev/sda) +# Globals: +# None +# Arguments: +# None +# Returns: +# Root disk ID +######################### +get_root_disk_device_id() { + get_disk_device_id | sed -E 's/p?[0-9]+$//' +} + +######################## +# Get the root disk size in bytes +# Globals: +# None +# Arguments: +# None +# Returns: +# Root disk size in bytes +######################### +get_root_disk_size() { + fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true +} + +######################## +# Run command as a specific user and group (optional) +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Returns: +# Exit code of the specified command +######################### +run_as_user() { + run_chroot "$@" +} + +######################## +# Execute command as a specific user and group (optional), +# replacing the current process image +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Returns: +# Exit code of the specified command +######################### +exec_as_user() { + run_chroot --replace-process "$@" +} + +######################## +# Run a command using chroot +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Flags: +# -r | --replace-process - Replace the current process image (optional) +# Returns: +# Exit code of the specified command +######################### +run_chroot() { + local userspec + local user + local homedir + local replace=false + local -r cwd="$(pwd)" + + # Parse and validate flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -r | --replace-process) + replace=true + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + # Parse and validate arguments + if [[ "$#" -lt 2 ]]; then + echo "expected at least 2 arguments" + return 1 + else + userspec=$1 + shift + + # userspec can optionally include the group, so we parse the user + user=$(echo "$userspec" | cut -d':' -f1) + fi + + if ! am_i_root; then + error "Could not switch to '${userspec}': Operation not permitted" + return 1 + fi + + # Get the HOME directory for the user to switch, as chroot does + # not properly update this env and some scripts rely on it + homedir=$(eval echo "~${user}") + if [[ ! -d $homedir ]]; then + homedir="${HOME:-/}" + fi + + # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion + if [[ "$replace" = true ]]; then + exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" + else + chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" + fi +} diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh new file mode 100644 index 0000000..18445e7 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh @@ -0,0 +1,124 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami persistence library +# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libversion.sh + +# Functions + +######################## +# Persist an application directory +# Globals: +# BITNAMI_ROOT_DIR +# BITNAMI_VOLUME_DIR +# Arguments: +# $1 - App folder name +# $2 - List of app files to persist +# Returns: +# true if all steps succeeded, false otherwise +######################### +persist_app() { + local -r app="${1:?missing app}" + local -a files_to_restore + read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" + local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + # Persist the individual files + if [[ "${#files_to_persist[@]}" -le 0 ]]; then + warn "No files are configured to be persisted" + return + fi + pushd "$install_dir" >/dev/null || exit + local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder + local -r tmp_file="/tmp/perms.acl" + for file_to_persist in "${files_to_persist[@]}"; do + if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then + error "Cannot persist '${file_to_persist}' because it does not exist" + return 1 + fi + file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" + file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" + file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" + # Get original permissions for existing files, which will be applied later + # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume + getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" + # Copy directories to the volume + ensure_dir_exists "$file_to_persist_destination_folder" + cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" + # Restore permissions + pushd "$persist_dir" >/dev/null || exit + if am_i_root; then + setfacl --restore="$tmp_file" + else + # When running as non-root, don't change ownership + setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") + fi + popd >/dev/null || exit + done + popd >/dev/null || exit + rm -f "$tmp_file" + # Install the persisted files into the installation directory, via symlinks + restore_persisted_app "$@" +} + +######################## +# Restore a persisted application directory +# Globals: +# BITNAMI_ROOT_DIR +# BITNAMI_VOLUME_DIR +# FORCE_MAJOR_UPGRADE +# Arguments: +# $1 - App folder name +# $2 - List of app files to restore +# Returns: +# true if all steps succeeded, false otherwise +######################### +restore_persisted_app() { + local -r app="${1:?missing app}" + local -a files_to_restore + read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" + local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + # Restore the individual persisted files + if [[ "${#files_to_restore[@]}" -le 0 ]]; then + warn "No persisted files are configured to be restored" + return + fi + local file_to_restore_relative file_to_restore_origin file_to_restore_destination + for file_to_restore in "${files_to_restore[@]}"; do + file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" + # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed + file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" + file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" + rm -rf "$file_to_restore_origin" + ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" + done +} + +######################## +# Check if an application directory was already persisted +# Globals: +# BITNAMI_VOLUME_DIR +# Arguments: +# $1 - App folder name +# Returns: +# true if all steps succeeded, false otherwise +######################### +is_app_initialized() { + local -r app="${1:?missing app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + if ! is_mounted_dir_empty "$persist_dir"; then + true + else + false + fi +} diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh new file mode 100644 index 0000000..1f9b330 --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh @@ -0,0 +1,496 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing services + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Read the provided pid file and returns a PID +# Arguments: +# $1 - Pid file +# Returns: +# PID +######################### +get_pid_from_file() { + local pid_file="${1:?pid file is missing}" + + if [[ -f "$pid_file" ]]; then + if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then + echo "$(< "$pid_file")" + fi + fi +} + +######################## +# Check if a provided PID corresponds to a running service +# Arguments: +# $1 - PID +# Returns: +# Boolean +######################### +is_service_running() { + local pid="${1:?pid is missing}" + + kill -0 "$pid" 2>/dev/null +} + +######################## +# Stop a service by sending a termination signal to its pid +# Arguments: +# $1 - Pid file +# $2 - Signal number (optional) +# Returns: +# None +######################### +stop_service_using_pid() { + local pid_file="${1:?pid file is missing}" + local signal="${2:-}" + local pid + + pid="$(get_pid_from_file "$pid_file")" + [[ -z "$pid" ]] || ! is_service_running "$pid" && return + + if [[ -n "$signal" ]]; then + kill "-${signal}" "$pid" + else + kill "$pid" + fi + + local counter=10 + while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do + sleep 1 + counter=$((counter - 1)) + done +} + +######################## +# Start cron daemon +# Arguments: +# None +# Returns: +# true if started correctly, false otherwise +######################### +cron_start() { + if [[ -x "/usr/sbin/cron" ]]; then + /usr/sbin/cron + elif [[ -x "/usr/sbin/crond" ]]; then + /usr/sbin/crond + else + false + fi +} + +######################## +# Generate a cron configuration file for a given service +# Arguments: +# $1 - Service name +# $2 - Command +# Flags: +# --run-as - User to run as (default: root) +# --schedule - Cron schedule configuration (default: * * * * *) +# Returns: +# None +######################### +generate_cron_conf() { + local service_name="${1:?service name is missing}" + local cmd="${2:?command is missing}" + local run_as="root" + local schedule="* * * * *" + local clean="true" + + # Parse optional CLI flags + shift 2 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --run-as) + shift + run_as="$1" + ;; + --schedule) + shift + schedule="$1" + ;; + --no-clean) + clean="false" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + mkdir -p /etc/cron.d + if "$clean"; then + cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" + fi +} + +######################## +# Remove a cron configuration file for a given service +# Arguments: +# $1 - Service name +# Returns: +# None +######################### +remove_cron_conf() { + local service_name="${1:?service name is missing}" + local cron_conf_dir="/etc/monit/conf.d" + rm -f "${cron_conf_dir}/${service_name}" +} + +######################## +# Generate a monit configuration file for a given service +# Arguments: +# $1 - Service name +# $2 - Pid file +# $3 - Start command +# $4 - Stop command +# Flags: +# --disable - Whether to disable the monit configuration +# Returns: +# None +######################### +generate_monit_conf() { + local service_name="${1:?service name is missing}" + local pid_file="${2:?pid file is missing}" + local start_command="${3:?start command is missing}" + local stop_command="${4:?stop command is missing}" + local monit_conf_dir="/etc/monit/conf.d" + local disabled="no" + + # Parse optional CLI flags + shift 4 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --disable) + disabled="yes" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + is_boolean_yes "$disabled" && conf_suffix=".disabled" + mkdir -p "$monit_conf_dir" + cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 + return 1 + ;; + esac + shift + done + + mkdir -p "$logrotate_conf_dir" + cat < "${logrotate_conf_dir}/${service_name}" +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +${log_path} { + ${period} + rotate ${rotations} + dateext + compress + copytruncate + missingok +$(indent "$extra" 2) +} +EOF +} + +######################## +# Remove a logrotate configuration file +# Arguments: +# $1 - Service name +# Returns: +# None +######################### +remove_logrotate_conf() { + local service_name="${1:?service name is missing}" + local logrotate_conf_dir="/etc/logrotate.d" + rm -f "${logrotate_conf_dir}/${service_name}" +} + +######################## +# Generate a Systemd configuration file +# Arguments: +# $1 - Service name +# Flags: +# --custom-service-content - Custom content to add to the [service] block +# --environment - Environment variable to define (multiple --environment options may be passed) +# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) +# --exec-start - Start command (required) +# --exec-start-pre - Pre-start command (optional) +# --exec-start-post - Post-start command (optional) +# --exec-stop - Stop command (optional) +# --exec-reload - Reload command (optional) +# --group - System group to start the service with +# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) +# --restart - When to restart the Systemd service after being stopped (defaults to always) +# --pid-file - Service PID file +# --standard-output - File where to print stdout output +# --standard-error - File where to print stderr output +# --success-exit-status - Exit code that indicates a successful shutdown +# --type - Systemd unit type (defaults to forking) +# --user - System user to start the service with +# --working-directory - Working directory at which to start the service +# Returns: +# None +######################### +generate_systemd_conf() { + local -r service_name="${1:?service name is missing}" + local -r systemd_units_dir="/etc/systemd/system" + local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" + # Default values + local name="$service_name" + local type="forking" + local user="" + local group="" + local environment="" + local environment_file="" + local exec_start="" + local exec_start_pre="" + local exec_start_post="" + local exec_stop="" + local exec_reload="" + local restart="always" + local pid_file="" + local standard_output="journal" + local standard_error="" + local limits_content="" + local success_exit_status="" + local custom_service_content="" + local working_directory="" + # Parse CLI flags + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --name \ + | --type \ + | --user \ + | --group \ + | --exec-start \ + | --exec-stop \ + | --exec-reload \ + | --restart \ + | --pid-file \ + | --standard-output \ + | --standard-error \ + | --success-exit-status \ + | --custom-service-content \ + | --working-directory \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "$var_name"="${1:?"${var_name} value is missing"}" + ;; + --limit-*) + [[ -n "$limits_content" ]] && limits_content+=$'\n' + var_name="${1//--limit-}" + shift + limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" + ;; + --exec-start-pre) + shift + [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' + exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" + ;; + --exec-start-post) + shift + [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' + exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" + ;; + --environment) + shift + # It is possible to add multiple environment lines + [[ -n "$environment" ]] && environment+=$'\n' + environment+="Environment=${1:?"--environment value is missing"}" + ;; + --environment-file) + shift + # It is possible to add multiple environment-file lines + [[ -n "$environment_file" ]] && environment_file+=$'\n' + environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + # Validate inputs + local error="no" + if [[ -z "$exec_start" ]]; then + error "The --exec-start option is required" + error="yes" + fi + if [[ "$error" != "no" ]]; then + return 1 + fi + # Generate the Systemd unit + cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" + fi + if [[ -n "$exec_start_pre" ]]; then + # This variable may contain multiple ExecStartPre= directives + cat >> "$service_file" <<< "$exec_start_pre" + fi + if [[ -n "$exec_start" ]]; then + cat >> "$service_file" <<< "ExecStart=${exec_start}" + fi + if [[ -n "$exec_start_post" ]]; then + # This variable may contain multiple ExecStartPost= directives + cat >> "$service_file" <<< "$exec_start_post" + fi + # Optional stop and reload commands + if [[ -n "$exec_stop" ]]; then + cat >> "$service_file" <<< "ExecStop=${exec_stop}" + fi + if [[ -n "$exec_reload" ]]; then + cat >> "$service_file" <<< "ExecReload=${exec_reload}" + fi + # User and group + if [[ -n "$user" ]]; then + cat >> "$service_file" <<< "User=${user}" + fi + if [[ -n "$group" ]]; then + cat >> "$service_file" <<< "Group=${group}" + fi + # PID file allows to determine if the main process is running properly (for Restart=always) + if [[ -n "$pid_file" ]]; then + cat >> "$service_file" <<< "PIDFile=${pid_file}" + fi + if [[ -n "$restart" ]]; then + cat >> "$service_file" <<< "Restart=${restart}" + fi + # Environment flags + if [[ -n "$environment" ]]; then + # This variable may contain multiple Environment= directives + cat >> "$service_file" <<< "$environment" + fi + if [[ -n "$environment_file" ]]; then + # This variable may contain multiple EnvironmentFile= directives + cat >> "$service_file" <<< "$environment_file" + fi + # Logging + if [[ -n "$standard_output" ]]; then + cat >> "$service_file" <<< "StandardOutput=${standard_output}" + fi + if [[ -n "$standard_error" ]]; then + cat >> "$service_file" <<< "StandardError=${standard_error}" + fi + if [[ -n "$custom_service_content" ]]; then + # This variable may contain multiple miscellaneous directives + cat >> "$service_file" <<< "$custom_service_content" + fi + if [[ -n "$success_exit_status" ]]; then + cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean or is the string 'yes/true' +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_boolean_yes() { + local -r bool="${1:-}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean yes/no value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_yes_no_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(yes|no)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean true/false value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_true_false_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(true|false)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean 1/0 value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_1_0_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^[10]$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is an empty string or not defined +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_empty_value() { + local -r val="${1:-}" + if [[ -z "$val" ]]; then + true + else + false + fi +} + +######################## +# Validate if the provided argument is a valid port +# Arguments: +# $1 - Port to validate +# Returns: +# Boolean and error message +######################### +validate_port() { + local value + local unprivileged=0 + + # Parse flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -unprivileged) + unprivileged=1 + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [[ "$#" -gt 1 ]]; then + echo "too many arguments provided" + return 2 + elif [[ "$#" -eq 0 ]]; then + stderr_print "missing port argument" + return 1 + else + value=$1 + fi + + if [[ -z "$value" ]]; then + echo "the value is empty" + return 1 + else + if ! is_int "$value"; then + echo "value is not an integer" + return 2 + elif [[ "$value" -lt 0 ]]; then + echo "negative value provided" + return 2 + elif [[ "$value" -gt 65535 ]]; then + echo "requested port is greater than 65535" + return 2 + elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then + echo "privileged port requested" + return 3 + fi + fi +} + +######################## +# Validate if the provided argument is a valid IPv6 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ipv6() { + local ip="${1:?ip is missing}" + local stat=1 + local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' + local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' + + if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then + stat=0 + fi + return $stat +} + +######################## +# Validate if the provided argument is a valid IPv4 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ipv4() { + local ip="${1:?ip is missing}" + local stat=1 + + if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" + [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ + && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] + stat=$? + fi + return $stat +} + +######################## +# Validate if the provided argument is a valid IPv4 or IPv6 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ip() { + local ip="${1:?ip is missing}" + local stat=1 + + if validate_ipv4 "$ip"; then + stat=0 + else + stat=$(validate_ipv6 "$ip") + fi + return $stat +} + +######################## +# Validate a string format +# Arguments: +# $1 - String to validate +# Returns: +# Boolean +######################### +validate_string() { + local string + local min_length=-1 + local max_length=-1 + + # Parse flags + while [ "$#" -gt 0 ]; do + case "$1" in + -min-length) + shift + min_length=${1:-} + ;; + -max-length) + shift + max_length=${1:-} + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [ "$#" -gt 1 ]; then + stderr_print "too many arguments provided" + return 2 + elif [ "$#" -eq 0 ]; then + stderr_print "missing string" + return 1 + else + string=$1 + fi + + if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then + echo "string length is less than $min_length" + return 1 + fi + if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then + echo "string length is great than $max_length" + return 1 + fi +} diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh new file mode 100644 index 0000000..f0d5a5c --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing versions strings + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions +######################## +# Gets semantic version +# Arguments: +# $1 - version: string to extract major.minor.patch +# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch +# Returns: +# array with the major, minor and release +######################### +get_sematic_version () { + local version="${1:?version is required}" + local section="${2:?section is required}" + local -a version_sections + + #Regex to parse versions: x.y.z + local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' + + if [[ "$version" =~ $regex ]]; then + local i=1 + local j=1 + local n=${#BASH_REMATCH[*]} + + while [[ $i -lt $n ]]; do + if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then + version_sections[j]="${BASH_REMATCH[$i]}" + ((j++)) + fi + ((i++)) + done + + local number_regex='^[0-9]+$' + if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then + echo "${version_sections[$section]}" + return + else + stderr_print "Section allowed values are: 1, 2, and 3" + return 1 + fi + fi +} diff --git a/8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh new file mode 100644 index 0000000..acb84fc --- /dev/null +++ b/8/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh @@ -0,0 +1,476 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami web server handler library + +# shellcheck disable=SC1090,SC1091 + +# Load generic libraries +. /opt/bitnami/scripts/liblog.sh + +######################## +# Execute a command (or list of commands) with the web server environment and library loaded +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_execute() { + local -r web_server="${1:?missing web server}" + shift + # Run program in sub-shell to avoid web server environment getting loaded when not necessary + ( + . "/opt/bitnami/scripts/lib${web_server}.sh" + . "/opt/bitnami/scripts/${web_server}-env.sh" + "$@" + ) +} + +######################## +# Prints the list of enabled web servers +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_list() { + local -r -a supported_web_servers=(apache nginx) + local -a existing_web_servers=() + for web_server in "${supported_web_servers[@]}"; do + [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") + done + echo "${existing_web_servers[@]:-}" +} + +######################## +# Prints the currently-enabled web server type (only one, in order of preference) +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_type() { + local -a web_servers + read -r -a web_servers <<< "$(web_server_list)" + echo "${web_servers[0]:-}" +} + +######################## +# Validate that a supported web server is configured +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_validate() { + local error_code=0 + local supported_web_servers=("apache" "nginx") + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then + print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" + elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then + print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." + fi + + return "$error_code" +} + +######################## +# Check whether the web server is running +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the web server is running, false otherwise +######################### +is_web_server_running() { + "is_$(web_server_type)_running" +} + +######################## +# Start web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_start() { + info "Starting $(web_server_type) in background" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl start "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" + fi +} + +######################## +# Stop web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_stop() { + info "Stopping $(web_server_type)" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl stop "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" + fi +} + +######################## +# Restart web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_restart() { + info "Restarting $(web_server_type)" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl restart "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" + fi +} + +######################## +# Reload web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_reload() { + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl reload "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" + fi +} + +######################## +# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on which configuration template to use +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --disable - Whether to render server configurations with a .disabled prefix +# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix +# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix +# --http-port - HTTP port number +# --https-port - HTTPS port number +# --document-root - Path to document root directory +# Apache-specific flags: +# --apache-additional-configuration - Additional vhost configuration (no default) +# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) +# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) +# --apache-before-vhost-configuration - Configuration to add before the directive (no default) +# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --apache-extra-directory-configuration - Extra configuration for the document root directory +# --apache-proxy-address - Address where to proxy requests +# --apache-proxy-configuration - Extra configuration for the proxy +# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost +# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost +# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# NGINX-specific flags: +# --nginx-additional-configuration - Additional server block configuration (no default) +# --nginx-external-configuration - Configuration external to server block (no default) +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_web_server_app_configuration_exists() { + local app="${1:?missing app}" + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --disable \ + | --disable-http \ + | --disable-https \ + ) + apache_args+=("$1") + nginx_args+=("$1") + ;; + --hosts \ + | --server-name \ + | --server-aliases \ + | --type \ + | --allow-remote-connections \ + | --http-port \ + | --https-port \ + | --document-root \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-additional-http-configuration \ + | --apache-additional-https-configuration \ + | --apache-before-vhost-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-proxy-address \ + | --apache-proxy-configuration \ + | --apache-proxy-http-configuration \ + | --apache-proxy-https-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "${2:?missing value}") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration \ + | --nginx-external-configuration) + nginx_args+=("${1//nginx-/}" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" + done +} + +######################## +# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Returns: +# true if the configuration was disabled, false otherwise +######################## +ensure_web_server_app_configuration_not_exists() { + local app="${1:?missing app}" + local -a web_servers + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" + done +} + +######################## +# Ensure the web server loads the configuration for an application in a URL prefix +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --document-root - Path to document root directory +# --prefix - URL prefix from where it will be accessible (i.e. /myapp) +# --type - Application type, which has an effect on what configuration template will be used +# Apache-specific flags: +# --apache-additional-configuration - Additional vhost configuration (no default) +# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') +# --apache-extra-directory-configuration - Extra configuration for the document root directory +# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup +# NGINX-specific flags: +# --nginx-additional-configuration - Additional server block configuration (no default) +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_web_server_prefix_configuration_exists() { + local app="${1:?missing app}" + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --allow-remote-connections \ + | --document-root \ + | --prefix \ + | --type \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "$2") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration) + nginx_args+=("${1//nginx-/}" "$2") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" + done +} + +######################## +# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --enable-http - Enable HTTP app configuration (if not enabled already) +# --enable-https - Enable HTTPS app configuration (if not enabled already) +# --disable-http - Disable HTTP app configuration (if not disabled already) +# --disable-https - Disable HTTPS app configuration (if not disabled already) +# --http-port - HTTP port number +# --https-port - HTTPS port number +# Returns: +# true if the configuration was updated, false otherwise +######################## +web_server_update_app_configuration() { + local app="${1:?missing app}" + shift + local -a args web_servers + args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --enable-http \ + | --enable-https \ + | --disable-http \ + | --disable-https \ + ) + args+=("$1") + ;; + --hosts \ + | --server-name \ + | --server-aliases \ + | --http-port \ + | --https-port \ + ) + args+=("$1" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" + done +} + +######################## +# Enable loading page, which shows users that the initialization process is not yet completed +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_enable_loading_page() { + ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ + --apache-additional-configuration " +# Show a HTTP 503 Service Unavailable page by default +RedirectMatch 503 ^/$ +# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes +ErrorDocument 404 /index.html +ErrorDocument 503 /index.html" \ + --nginx-additional-configuration " +# Show a HTTP 503 Service Unavailable page by default +location / { + return 503; +} +# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes +error_page 404 @installing; +error_page 503 @installing; +location @installing { + rewrite ^(.*)$ /index.html break; +}" + web_server_reload +} + +######################## +# Enable loading page, which shows users that the initialization process is not yet completed +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_disable_install_page() { + ensure_web_server_app_configuration_not_exists "__loading" + web_server_reload +} diff --git a/8/debian-12/prebuildfs/usr/sbin/install_packages b/8/debian-12/prebuildfs/usr/sbin/install_packages new file mode 100755 index 0000000..ccce248 --- /dev/null +++ b/8/debian-12/prebuildfs/usr/sbin/install_packages @@ -0,0 +1,27 @@ +#!/bin/sh +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +set -eu + +n=0 +max=2 +export DEBIAN_FRONTEND=noninteractive + +until [ $n -gt $max ]; do + set +e + ( + apt-get update -qq && + apt-get install -y --no-install-recommends "$@" + ) + CODE=$? + set -e + if [ $CODE -eq 0 ]; then + break + fi + if [ $n -eq $max ]; then + exit $CODE + fi + echo "apt failed, retrying" + n=$(($n + 1)) +done +apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/8/debian-12/prebuildfs/usr/sbin/run-script b/8/debian-12/prebuildfs/usr/sbin/run-script new file mode 100755 index 0000000..0e07c90 --- /dev/null +++ b/8/debian-12/prebuildfs/usr/sbin/run-script @@ -0,0 +1,24 @@ +#!/bin/sh +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +set -u + +if [ $# -eq 0 ]; then + >&2 echo "No arguments provided" + exit 1 +fi + +script=$1 +exit_code="${2:-96}" +fail_if_not_present="${3:-n}" + +if test -f "$script"; then + sh $script + + if [ $? -ne 0 ]; then + exit $((exit_code)) + fi +elif [ "$fail_if_not_present" = "y" ]; then + >&2 echo "script not found: $script" + exit 127 +fi diff --git a/8/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf b/8/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf new file mode 100644 index 0000000..6016f8f --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf @@ -0,0 +1,5 @@ + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript + AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript + AddOutputFilterByType DEFLATE application/rss+xml + diff --git a/8/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/8/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf new file mode 100644 index 0000000..c0838da --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf @@ -0,0 +1,7 @@ + + ServerName status.localhost + + Require local + SetHandler server-status + + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh new file mode 100644 index 0000000..b8762c6 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh @@ -0,0 +1,81 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for apache + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-apache}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +apache_env_vars=( + APACHE_HTTP_PORT_NUMBER + APACHE_HTTPS_PORT_NUMBER + APACHE_SERVER_TOKENS + APACHE_HTTP_PORT + APACHE_HTTPS_PORT +) +for env_var in "${apache_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset apache_env_vars +export WEB_SERVER_TYPE="apache" + +# Paths +export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache" +export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin" +export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf" +export APACHE_DEFAULT_CONF_DIR="${APACHE_BASE_DIR}/conf.default" +export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs" +export APACHE_TMP_DIR="${APACHE_BASE_DIR}/var/run" +export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs" +export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts" +export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess" +export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf" +export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid" +export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" + +# System users (when running with a privileged user) +export APACHE_DAEMON_USER="daemon" +export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER" +export APACHE_DAEMON_GROUP="daemon" +export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP" +export WEB_SERVER_GROUP="$APACHE_DAEMON_GROUP" + +# Apache configuration +export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080" +export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER" # only used at build time +export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443" +export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER" # only used at build time +APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-"${APACHE_HTTP_PORT:-}"}" +export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}" +export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER" +APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-"${APACHE_HTTPS_PORT:-}"}" +export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}" +export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER" +export APACHE_SERVER_TOKENS="${APACHE_SERVER_TOKENS:-Prod}" + +# Custom environment variables may be defined below diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh new file mode 100755 index 0000000..f2303ab --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libversion.sh +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh +. /opt/bitnami/scripts/php-env.sh + +# Enable required Apache modules +apache_enable_module "mpm_prefork_module" +php_version="$("${PHP_BIN_DIR}/php" -v | grep ^PHP | cut -d' ' -f2))" +php_major_version="$(get_sematic_version "$php_version" 1)" +if [[ "$php_major_version" -eq "8" ]]; then + apache_enable_module "php_module" "modules/libphp.so" +else + apache_enable_module "php${php_major_version}_module" "modules/libphp${php_major_version}.so" +fi + +# Disable incompatible Apache modules +apache_disable_module "mpm_event_module" + +# Write Apache configuration +apache_php_conf_file="${APACHE_CONF_DIR}/bitnami/php.conf" +cat > "$apache_php_conf_file" < + {{server_name_configuration}} + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl new file mode 100644 index 0000000..5895385 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl @@ -0,0 +1,10 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl new file mode 100644 index 0000000..c895e53 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl @@ -0,0 +1 @@ +{{additional_configuration}} diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl new file mode 100644 index 0000000..96be8f8 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl @@ -0,0 +1,15 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + + {{additional_http_configuration}} + {{additional_configuration}} + {{htaccess_include}} + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl new file mode 100644 index 0000000..1ad9389 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl @@ -0,0 +1,18 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + + {{additional_https_configuration}} + {{additional_configuration}} + {{htaccess_include}} + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl new file mode 100644 index 0000000..fc0f6c2 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl @@ -0,0 +1,9 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + +{{additional_configuration}} +{{htaccess_include}} diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl new file mode 100644 index 0000000..9440b89 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl @@ -0,0 +1,11 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + {{proxy_configuration}} + {{proxy_http_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl new file mode 100644 index 0000000..577cd46 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl @@ -0,0 +1,14 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + {{proxy_configuration}} + {{proxy_https_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl new file mode 100644 index 0000000..7ac08b1 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl @@ -0,0 +1,11 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{proxy_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{extra_directory_configuration}} + +{{additional_configuration}} diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl new file mode 100644 index 0000000..f518c7d --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl @@ -0,0 +1,16 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} +PassengerPreStart http://localhost:{{http_port}}/ + + {{server_name_configuration}} + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl new file mode 100644 index 0000000..5aae54c --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl @@ -0,0 +1,19 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} +PassengerPreStart https://localhost:{{https_port}}/ + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl new file mode 100644 index 0000000..2242d65 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl @@ -0,0 +1,9 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + +{{additional_configuration}} diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl new file mode 100644 index 0000000..f1d31ed --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl @@ -0,0 +1,29 @@ +# Default SSL Virtual Host configuration. + + + LoadModule ssl_module modules/mod_ssl.so + + +Listen 443 +SSLProtocol all -SSLv2 -SSLv3 +SSLHonorCipherOrder on +SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4" +SSLPassPhraseDialog builtin +SSLSessionCache "shmcb:{{APACHE_LOGS_DIR}}/ssl_scache(512000)" +SSLSessionCacheTimeout 300 + + + DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + # Error Documents + ErrorDocument 503 /503.html + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl new file mode 100644 index 0000000..75a255c --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl @@ -0,0 +1,17 @@ +# Default Virtual Host configuration. + +# Let Apache know we're behind a SSL reverse proxy +SetEnvIf X-Forwarded-Proto https HTTPS=on + + + DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + # Error Documents + ErrorDocument 503 /503.html + + diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh new file mode 100755 index 0000000..f43c6c4 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +#set -o xtrace + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +print_welcome_page + +# We add the copy from default config in the entrypoint to not break users +# bypassing the setup.sh logic. If the file already exists do not overwrite (in +# case someone mounts a configuration file in /opt/bitnami/apache/conf) +debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" +cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" + +if [[ "$*" == *"/opt/bitnami/scripts/apache/run.sh"* ]]; then + info "** Starting Apache setup **" + /opt/bitnami/scripts/apache/setup.sh + info "** Apache setup finished! **" +fi + +echo "" +exec "$@" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh new file mode 100755 index 0000000..eb8f766 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh @@ -0,0 +1,131 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh + +######################## +# Sets up the default Bitnami configuration +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_setup_bitnami_config() { + local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" + + # Enable Apache modules + local -a modules_to_enable=( + "deflate_module" + "negotiation_module" + "proxy[^\s]*_module" + "rewrite_module" + "slotmem_shm_module" + "socache_shmcb_module" + "ssl_module" + "status_module" + "version_module" + ) + for module in "${modules_to_enable[@]}"; do + apache_enable_module "$module" + done + + # Disable Apache modules + local -a modules_to_disable=( + "http2_module" + "proxy_hcheck_module" + "proxy_html_module" + "proxy_http2_module" + ) + for module in "${modules_to_disable[@]}"; do + apache_disable_module "$module" + done + + # Bitnami customizations + ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" + render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + + # Add new configuration only once, to avoid a second postunpack run breaking Apache + local apache_conf_add + apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < + RequestHeader unset Proxy + +EOF + fi +} + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +apache_setup_bitnami_config + +# Ensure non-root user has write permissions on a set of directories +for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do + ensure_dir_exists "$dir" + chmod -R g+rwX "$dir" +done + +# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides +ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" + +ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" +ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" + +# This file is necessary for avoiding the error +# "unable to write random state" +# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean + +touch /.rnd && chmod g+rw /.rnd + +# Copy all initially generated configuration files to the default directory +# (this is to avoid breaking when entrypoint is being overridden) +cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh new file mode 100755 index 0000000..b5c43c4 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +info "** Reloading Apache configuration **" +exec "${APACHE_BIN_DIR}/apachectl" -k graceful diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh new file mode 100755 index 0000000..7735dea --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +/opt/bitnami/scripts/apache/stop.sh +/opt/bitnami/scripts/apache/start.sh diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh new file mode 100755 index 0000000..23f1e31 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +info "** Starting Apache **" +exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh new file mode 100755 index 0000000..c1f6b37 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh @@ -0,0 +1,98 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +# Ensure Apache environment variables are valid +apache_validate + +# Ensure Apache daemon user exists when running as 'root' +am_i_root && ensure_user_exists "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" + +if ! is_dir_empty "$APACHE_DEFAULT_CONF_DIR"; then + # We add the copy from default config in the initialize function for web applications + # that make use of the Apache setup.sh script + debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" + cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" +fi +# Generate SSL certs (without a passphrase) +ensure_dir_exists "${APACHE_CONF_DIR}/bitnami/certs" +if [[ ! -f "${APACHE_CONF_DIR}/bitnami/certs/server.crt" ]]; then + info "Generating sample certificates" + SSL_KEY_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.key" + SSL_CERT_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.crt" + SSL_CSR_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.csr" + SSL_SUBJ="/CN=example.com" + SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" + rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" + openssl genrsa -out "$SSL_KEY_FILE" 4096 + # OpenSSL version 1.0.x does not use the same parameters as OpenSSL >= 1.1.x + if [[ "$(openssl version | grep -oE "[0-9]+\.[0-9]+")" == "1.0" ]]; then + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" + else + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" + fi + openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") + rm -f "$SSL_CSR_FILE" +fi +# Load SSL configuration +if [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]] && [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then + ensure_apache_configuration_exists "Include \"${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf\"" "bitnami-ssl\.conf" "${APACHE_CONF_DIR}/bitnami/bitnami.conf" +fi + +# Copy vhosts files +if ! is_dir_empty "/vhosts"; then + info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'" + cp -Lr "/vhosts/." "${APACHE_VHOSTS_DIR}" +fi + +# Mount certificate files +if ! is_dir_empty "${APACHE_BASE_DIR}/certs"; then + warn "The directory '${APACHE_BASE_DIR}/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#using-custom-ssl-certificates" + warn "Restoring certificates at '${APACHE_BASE_DIR}/certs' to '${APACHE_CONF_DIR}/bitnami/certs'" + rm -rf "${APACHE_CONF_DIR}/bitnami/certs" + ln -sf "${APACHE_BASE_DIR}/certs" "${APACHE_CONF_DIR}/bitnami/certs" +elif ! is_dir_empty "/certs"; then + info "Mounting certificates files from '/certs'" + rm -rf "${APACHE_CONF_DIR}/bitnami/certs" + ln -sf "/certs" "${APACHE_CONF_DIR}/bitnami/certs" +fi + +# Mount application files +if ! is_dir_empty "/app"; then + info "Mounting application files from '/app'" + rm -rf "$APACHE_HTDOCS_DIR" + ln -sf "/app" "$APACHE_HTDOCS_DIR" +fi + +# Restore persisted configuration files (deprecated) +if ! is_dir_empty "/bitnami/apache/conf"; then + warn "The directory '/bitnami/apache/conf' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '${APACHE_CONF_DIR}' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#full-configuration" + warn "Restoring configuration at '/bitnami/apache/conf' to '${APACHE_CONF_DIR}'" + rm -rf "$APACHE_CONF_DIR" + ln -sf "/bitnami/apache/conf" "$APACHE_CONF_DIR" +fi + +# Update ports in configuration +[[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && info "Configuring the HTTP port" && apache_configure_http_port "$APACHE_HTTP_PORT_NUMBER" +[[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && info "Configuring the HTTPS port" && apache_configure_https_port "$APACHE_HTTPS_PORT_NUMBER" + +# Configure ServerTokens with user values +[[ -n "$APACHE_SERVER_TOKENS" ]] && info "Configuring Apache ServerTokens directive" && apache_configure_server_tokens "$APACHE_SERVER_TOKENS" + +# Fix logging issue when running as root +! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh new file mode 100755 index 0000000..b47c8aa --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +error_code=0 + +if is_apache_not_running; then + "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" + if ! retry_while "is_apache_running"; then + error "apache did not start" + error_code=1 + else + info "apache started" + fi +else + info "apache is already running" +fi + +exit "$error_code" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh new file mode 100755 index 0000000..db8c132 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +if is_apache_running; then + info "apache is already running" +else + info "apache is not running" +fi diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh b/8/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh new file mode 100755 index 0000000..adc6613 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +error_code=0 + +if is_apache_running; then + BITNAMI_QUIET=1 apache_stop + if ! retry_while "is_apache_not_running"; then + error "apache could not be stopped" + error_code=1 + else + info "apache stopped" + fi +else + info "apache is not running" +fi + +exit "$error_code" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/libapache.sh b/8/debian-12/rootfs/opt/bitnami/scripts/libapache.sh new file mode 100644 index 0000000..d6eb686 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/libapache.sh @@ -0,0 +1,808 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami Apache library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libservice.sh + +######################## +# Validate settings in APACHE_* env vars +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_validate() { + debug "Validating settings in APACHE_* environment variables" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + check_allowed_port() { + local port_var="${1:?missing port variable}" + local -a validate_port_args=() + ! am_i_root && validate_port_args+=("-unprivileged") + validate_port_args+=("${!port_var}") + if ! err=$(validate_port "${validate_port_args[@]}"); then + print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." + fi + } + + [[ -w "$APACHE_CONF_FILE" ]] || warn "The Apache configuration file '${APACHE_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied." + + if [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]]; then + if [[ "$APACHE_HTTP_PORT_NUMBER" -eq "$APACHE_HTTPS_PORT_NUMBER" ]]; then + print_validation_error "APACHE_HTTP_PORT_NUMBER and APACHE_HTTPS_PORT_NUMBER are bound to the same port!" + fi + fi + + [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTP_PORT_NUMBER + [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTPS_PORT_NUMBER + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Configure Apache's HTTP port +# Globals: +# APACHE_CONF_FILE, APACHE_CONF_DIR +# Arguments: +# None +# Returns: +# None +######################### +apache_configure_http_port() { + local -r port=${1:?missing port} + local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" + local -r server_name_exp="s|^\s*#?\s*ServerName\s+([^:\s]+)(:[0-9]+)?$|ServerName \1:${port}|" + local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_FILE}" + apache_configuration="$(sed -E -e "$listen_exp" -e "$server_name_exp" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi + + if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami.conf" + apache_configuration="$(sed -E "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami.conf")" + echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + fi + + if [[ -w "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_VHOSTS_DIR}/00_status-vhost.conf" + apache_configuration="$(sed -E "$vhost_exp" "${APACHE_VHOSTS_DIR}/00_status-vhost.conf")" + echo "$apache_configuration" > "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" + fi +} + +######################## +# Configure Apache's HTTPS port +# Globals: +# APACHE_CONF_DIR +# Arguments: +# None +# Returns: +# None +######################### +apache_configure_https_port() { + local -r port=${1:?missing port} + local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" + local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" + local apache_configuration + + if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + apache_configuration="$(sed -E -e "$listen_exp" -e "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf")" + echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + fi +} + +######################## +# Configure Apache's ServerTokens directive +# Globals: +# APACHE_CONF_DIR +# Arguments: +# $1 - Value for ServerTokens directive +# Returns: +# None +######################### +apache_configure_server_tokens() { + local -r value=${1:?missing value} + local -r server_tokens_exp="s|^\s*ServerTokens\s+\w+\s*$|ServerTokens ${value}|" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Configuring ServerTokens ${value} on file ${APACHE_CONF_FILE}" + apache_configuration="$(sed -E -e "$server_tokens_exp" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi +} + +######################## +# Enable a module in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Module to enable +# $2 - Path to module .so file (optional if already defined in httpd.conf) +# Returns: +# None +######################### +apache_enable_module() { + local -r name="${1:?missing name}" + local -r file="${2:-}" + local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Enabling module '${name}'" + if grep -q -E "$regex" "$APACHE_CONF_FILE"; then + # Uncomment line if the module was already defined + replace_in_file "$APACHE_CONF_FILE" "$regex" "\1" + elif [[ -n "$file" ]]; then + # Add right after the last LoadModule, so all Apache modules are organized in the same section of the file + append_file_after_last_match "$APACHE_CONF_FILE" "^[#\s]*LoadModule" "LoadModule ${name} ${file}" + else + error "Module ${name} was not defined in ${APACHE_CONF_FILE}. Please specify the 'file' parameter for 'apache_enable_module'." + fi + fi +} + +######################## +# Disable a module in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Module to disable +# Returns: +# None +######################### +apache_disable_module() { + local -r name="${1:?missing name}" + local -r file="${2:-}" + local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Disabling module '${name}'" + replace_in_file "$APACHE_CONF_FILE" "$regex" "#\1" + fi +} + +######################## +# Stop Apache +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_stop() { + is_apache_not_running && return + stop_service_using_pid "$APACHE_PID_FILE" +} + +######################## +# Check if Apache is running +# Globals: +# APACHE_PID_FILE +# Arguments: +# None +# Returns: +# Whether Apache is running +######################## +is_apache_running() { + local pid + pid="$(get_pid_from_file "$APACHE_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if Apache is running +# Globals: +# APACHE_PID_FILE +# Arguments: +# None +# Returns: +# Whether Apache is not running +######################## +is_apache_not_running() { + ! is_apache_running +} + +######################## +# Ensure configuration gets added to the main Apache configuration file +# Globals: +# APACHE_* +# Arguments: +# $1 - configuration string +# $2 - pattern to use for checking if the configuration already exists (default: $1) +# $3 - Apache configuration file (default: $APACHE_CONF_FILE) +# Returns: +# None +######################## +ensure_apache_configuration_exists() { + local -r conf="${1:?conf missing}" + local -r pattern="${2:-"$conf"}" + local -r conf_file="${3:-"$APACHE_CONF_FILE"}" + # Enable configuration by appending to httpd.conf + if ! grep -E -q "$pattern" "$conf_file"; then + if is_file_writable "$conf_file"; then + cat >> "$conf_file" <<< "$conf" + else + error "Could not add the following configuration to '${conf_file}:" + error "" + error "$(indent "$conf" 4)" + error "" + error "Include the configuration manually and try again." + return 1 + fi + fi +} + +######################## +# Collect all the .htaccess files from /opt/bitnami/$name and write the result in the 'htaccess' directory +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# $2 - Overwrite the original .htaccess with the explanation text (defaults to 'yes') +# Flags: +# --document-root - Path to document root directory +# Returns: +# None +######################## +apache_replace_htaccess_files() { + local -r app="${1:?missing app}" + local -r result_file="${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" + # Default options + local document_root="${BITNAMI_ROOT_DIR}/${app}" + local overwrite="yes" + local -a htaccess_files + local htaccess_dir + local htaccess_contents + # Validate arguments + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --document-root) + shift + document_root="$1" + ;; + --overwrite) + shift + overwrite="$1" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + if is_file_writable "$result_file"; then + # Locate all .htaccess files inside the document root + read -r -a htaccess_files <<< "$(find "$document_root" -name .htaccess -print0 | xargs -0)" + [[ "${#htaccess_files[@]}" = 0 ]] && return + # Create file with root group write privileges, so it can be modified in non-root containers + [[ ! -f "$result_file" ]] && touch "$result_file" && chmod g+rw "$result_file" + for htaccess_file in "${htaccess_files[@]}"; do + htaccess_dir="$(dirname "$htaccess_file")" + htaccess_contents="$(indent "$(< "$htaccess_file")" 2)" + # Skip if it was already included to the resulting htaccess file + if grep -q "^" <<< "$htaccess_contents"; then + continue + fi + # Add to the htaccess file + cat >> "$result_file" < +${htaccess_contents} + +EOF + # Overwrite the original .htaccess with the explanation text + if is_boolean_yes "$overwrite"; then + echo "# This configuration has been moved to the ${result_file} config file for performance and security reasons" > "$htaccess_file" + fi + done + elif [[ ! -f "$result_file" ]]; then + error "Could not create htaccess for ${app} at '${result_file}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} htaccess file '${result_file}' is not writable. Configurations based on environment variables will not be applied for this file." + return + fi +} + +######################## +# Ensure an Apache application configuration exists (in virtual host format) +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases (defaults to '*') +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --disable - Whether to render the app's virtual hosts with a .disabled prefix +# --disable-http - Whether to render the app's HTTP virtual host with a .disabled prefix +# --disable-https - Whether to render the app's HTTPS virtual host with a .disabled prefix +# --http-port - HTTP port number +# --https-port - HTTPS port number +# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# --additional-configuration - Additional vhost configuration (no default) +# --additional-http-configuration - Additional HTTP vhost configuration (no default) +# --additional-https-configuration - Additional HTTPS vhost configuration (no default) +# --before-vhost-configuration - Configuration to add before the directive (no default) +# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --document-root - Path to document root directory +# --extra-directory-configuration - Extra configuration for the document root directory +# --proxy-address - Address where to proxy requests +# --proxy-configuration - Extra configuration for the proxy +# --proxy-http-configuration - Extra configuration for the proxy HTTP vhost +# --proxy-https-configuration - Extra configuration for the proxy HTTPS vhost +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_apache_app_configuration_exists() { + local -r app="${1:?missing app}" + # Default options + local type="" + local -a hosts=("127.0.0.1" "_default_") + local server_name="www.example.com" # Default ServerName in httpd.conf + local -a server_aliases=("*") + local allow_remote_connections="yes" + local disable="no" + local disable_http="no" + local disable_https="no" + local move_htaccess="yes" + # Template variables defaults + export additional_configuration="" + export additional_http_configuration="" + export additional_https_configuration="" + export before_vhost_configuration="" + export allow_override="All" + export document_root="${BITNAMI_ROOT_DIR}/${app}" + export extra_directory_configuration="" + export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" + export http_port="$default_http_port" + export https_port="$default_https_port" + export proxy_address="" + export proxy_configuration="" + export proxy_http_configuration="" + export proxy_https_configuration="" + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --hosts \ + | --server-aliases) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + read -r -a "${var_name?}" <<< "$1" + ;; + --disable \ + | --disable-http \ + | --disable-https \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + export "${var_name}=yes" + ;; + --type \ + | --server-name \ + | --allow-remote-connections \ + | --http-port \ + | --https-port \ + | --move-htaccess \ + | --additional-configuration \ + | --additional-http-configuration \ + | --additional-https-configuration \ + | --before-vhost-configuration \ + | --allow-override \ + | --document-root \ + | --extra-directory-configuration \ + | --proxy-address \ + | --proxy-configuration \ + | --proxy-http-configuration \ + | --proxy-https-configuration \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + export "${var_name}=${1}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Construct listen ports configuration (only to add when using non-standard ports) + export http_listen_configuration="" + export https_listen_configuration="" + [[ "$http_port" != "$default_http_port" ]] && http_listen_configuration="Listen ${http_port}" + [[ "$https_port" != "$default_https_port" ]] && https_listen_configuration="Listen ${https_port}" + # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" + export http_listen_addresses="" + export https_listen_addresses="" + for host in "${hosts[@]}"; do + http_listen="${host}:${http_port}" + https_listen="${host}:${https_port}" + [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" + [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" + done + # Construct ServerName/ServerAlias block + export server_name_configuration="" + if ! is_empty_value "${server_name:-}"; then + server_name_configuration="ServerName ${server_name}" + fi + if [[ "${#server_aliases[@]}" -gt 0 ]]; then + server_name_configuration+=$'\n'"ServerAlias ${server_aliases[*]}" + fi + # App .htaccess support (only when type is not defined) + export htaccess_include + [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" + if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then + allow_override="None" + htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" + else + # allow_override is already set to the expected value + htaccess_include="" + fi + # ACL configuration + export acl_configuration + if is_boolean_yes "$allow_remote_connections"; then + acl_configuration="Require all granted" + else + acl_configuration="$(cat < "$http_vhost" + elif [[ ! -f "$http_vhost" ]]; then + error "Could not create virtual host for ${app} at '${http_vhost}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + if is_file_writable "$https_vhost"; then + # Create file with root group write privileges, so it can be modified in non-root containers + [[ ! -f "$https_vhost" ]] && touch "$https_vhost" && chmod g+rw "$https_vhost" + render-template "${template_dir}/${template_name}-https-vhost.conf.tpl" | sed '/^\s*$/d' > "$https_vhost" + elif [[ ! -f "$https_vhost" ]]; then + error "Could not create virtual host for ${app} at '${https_vhost}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi +} + +######################## +# Ensure an Apache application configuration does not exist anymore (in virtual hosts format) +# Globals: +# * +# Arguments: +# $1 - App name +# Returns: +# true if the configuration was disabled, false otherwise +######################## +ensure_apache_app_configuration_not_exists() { + local -r app="${1:?missing app}" + local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" + local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" + local -r disable_suffix=".disabled" + # Note that 'rm -f' will not fail if the files don't exist + # However if we lack permissions to remove the file, it will result in a non-zero exit code, as expected by this function + rm -f "$http_vhost" "$https_vhost" "${http_vhost}${disable_suffix}" "${https_vhost}${disable_suffix}" +} + +######################## +# Ensure Apache loads the configuration for an application in a URL prefix +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# --prefix - URL prefix from where it will be accessible (i.e. /myapp) +# --additional-configuration - Additional vhost configuration (no default) +# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --document-root - Path to document root directory +# --extra-directory-configuration - Extra configuration for the document root directory +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_apache_prefix_configuration_exists() { + local -r app="${1:?missing app}" + # Default options + local type="" + local allow_remote_connections="yes" + local move_htaccess="yes" + local prefix="/${app}" + # Template variables defaults + export additional_configuration="" + export allow_override="All" + export document_root="${BITNAMI_ROOT_DIR}/${app}" + export extra_directory_configuration="" + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --type \ + | --allow-remote-connections \ + | --move-htaccess \ + | --prefix \ + | --additional-configuration \ + | --allow-override \ + | --document-root \ + | --extra-directory-configuration \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "${var_name}=${1}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # App .htaccess support (only when type is not defined) + export htaccess_include + [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" + if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then + allow_override="None" + htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" + else + # allow_override is already set to the expected value + htaccess_include="" + fi + # ACL configuration + export acl_configuration + if is_boolean_yes "$allow_remote_connections"; then + acl_configuration="Require all granted" + else + acl_configuration="$(cat < "$prefix_file" + ensure_apache_configuration_exists "Include \"$prefix_file\"" + elif [[ ! -f "$prefix_file" ]]; then + error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} web server configuration file '${prefix_file}' is not writable. Configurations based on environment variables will not be applied for this file." + fi +} + +######################## +# Ensure Apache application configuration is updated with the runtime configuration (i.e. ports) +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --enable-http - Enable HTTP app configuration (if not enabled already) +# --enable-https - Enable HTTPS app configuration (if not enabled already) +# --disable-http - Disable HTTP app configuration (if not disabled already) +# --disable-https - Disable HTTPS app configuration (if not disabled already) +# --http-port - HTTP port number +# --https-port - HTTPS port number +# Returns: +# true if the configuration was updated, false otherwise +######################## +apache_update_app_configuration() { + local -r app="${1:?missing app}" + # Default options + local -a hosts=("127.0.0.1" "_default_") + local server_name="www.example.com" # Default ServerName in httpd.conf + local -a server_aliases=() + local enable_http="no" + local enable_https="no" + local disable_http="no" + local disable_https="no" + export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" + export http_port="$default_http_port" + export https_port="$default_https_port" + local var_name + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --hosts \ + | --server-aliases) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + read -r -a "${var_name?}" <<< "$1" + ;; + # Common flags + --enable-http \ + | --enable-https \ + | --disable-http \ + | --disable-https \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + declare "${var_name}=yes" + ;; + --server-name \ + | --http-port \ + | --https-port \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "${var_name}=${1}" + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" + export http_listen_addresses="" + export https_listen_addresses="" + for host in "${hosts[@]}"; do + http_listen="${host}:${http_port}" + https_listen="${host}:${https_port}" + [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" + [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" + done + # Update configuration + local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" + local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" + local -r disable_suffix=".disabled" + # Helper function to avoid duplicating code + update_common_vhost_config() { + local -r vhost_file="${1:?missing virtual host}" + # Update ServerName + if ! is_empty_value "${server_name:-}"; then + replace_in_file "$vhost_file" "^(\s*ServerName\s+).*" "\1${server_name}" + fi + # Update ServerAlias + if [[ "${#server_aliases[@]}" -gt 0 ]]; then + replace_in_file "$vhost_file" "^(\s*ServerAlias\s+).*" "\1${server_aliases[*]}" + fi + } + # Disable and enable configuration files + rename_conf_file() { + local -r origin="$1" + local -r destination="$2" + if is_file_writable "$origin" && is_file_writable "$destination"; then + warn "Could not rename virtual host file '${origin}' to '${destination}' due to lack of permissions." + else + mv "$origin" "$destination" + fi + } + is_boolean_yes "$disable_http" && [[ -e "$http_vhost" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" + is_boolean_yes "$disable_https" && [[ -e "$https_vhost" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" + is_boolean_yes "$enable_http" && [[ -e "${http_vhost}${disable_suffix}" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" + is_boolean_yes "$enable_https" && [[ -e "${https_vhost}${disable_suffix}" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" + # Update only configuration files without the '.disabled' suffix + if [[ -e "$http_vhost" ]]; then + if is_file_writable "$http_vhost"; then + update_common_vhost_config "$http_vhost" + # Update vhost-specific config (listen port and addresses) + replace_in_file "$http_vhost" "^Listen .*" "Listen ${http_port}" + replace_in_file "$http_vhost" "^$" "" + else + warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + fi + if [[ -e "$https_vhost" ]]; then + if is_file_writable "$https_vhost"; then + update_common_vhost_config "$https_vhost" + # Update vhost-specific config (listen port and addresses) + replace_in_file "$https_vhost" "^Listen .*" "Listen ${https_port}" + replace_in_file "$https_vhost" "^$" "" + else + warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + fi +} + +######################## +# Create a password file for basic authentication and restrict its permissions +# Globals: +# * +# Arguments: +# $1 - file +# $2 - username +# $3 - password +# Returns: +# true if the configuration was updated, false otherwise +######################## +apache_create_password_file() { + local -r file="${1:?missing file}" + local -r username="${2:?missing username}" + local -r password="${3:?missing password}" + + "${APACHE_BIN_DIR}/htpasswd" -bc "$file" "$username" "$password" + am_i_root && configure_permissions_ownership "$file" --file-mode "600" --user "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" +} diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/8/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh new file mode 100644 index 0000000..b0e0b4c --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh @@ -0,0 +1,1048 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami MySQL Client library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh + +######################## +# Validate settings in MYSQL_CLIENT_* environment variables +# Globals: +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_validate() { + info "Validating settings in MYSQL_CLIENT_* env vars" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + empty_password_enabled_warn() { + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + } + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + backslash_password_error() { + print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" + } + + check_yes_no_value() { + if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then + print_validation_error "The allowed values for ${1} are: yes no" + fi + } + + check_multi_value() { + if [[ " ${2} " != *" ${!1} "* ]]; then + print_validation_error "The allowed values for ${1} are: ${2}" + fi + } + + # Only validate environment variables if any action needs to be performed + check_yes_no_value "MYSQL_CLIENT_ENABLE_SSL_WRAPPER" + check_multi_value "MYSQL_CLIENT_FLAVOR" "mariadb mysql" + + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -z "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" + fi + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && [[ -z "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" + fi + fi + if [[ "${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" + fi + if [[ "${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" + fi + fi + return "$error_code" +} + +######################## +# Perform actions to a database +# Globals: +# DB_* +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_initialize() { + # Wrap binary to force the usage of SSL + if is_boolean_yes "$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"; then + mysql_client_wrap_binary_for_ssl + fi + # Wait for the database to be accessible if any action needs to be performed + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Trying to connect to the database server" + check_mysql_connection() { + echo "SELECT 1" | mysql_execute "mysql" "$MYSQL_CLIENT_DATABASE_ROOT_USER" "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" "-h" "$MYSQL_CLIENT_DATABASE_HOST" "-P" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER" + } + if ! retry_while "check_mysql_connection"; then + error "Could not connect to the database server" + return 1 + fi + fi + # Ensure a database user exists in the server + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]]; then + info "Creating database user ${MYSQL_CLIENT_CREATE_DATABASE_USER}" + local -a args=("$MYSQL_CLIENT_CREATE_DATABASE_USER" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD") + [[ -n "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN") + mysql_ensure_optional_user_exists "${args[@]}" + fi + # Ensure a database exists in the server (and that the user has write privileges, if specified) + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Creating database ${MYSQL_CLIENT_CREATE_DATABASE_NAME}" + local -a createdb_args=("$MYSQL_CLIENT_CREATE_DATABASE_NAME" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" ]] && createdb_args+=("--privileges" "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES") + mysql_ensure_optional_database_exists "${createdb_args[@]}" + fi +} + +######################## +# Wrap binary to force the usage of SSL +# Globals: +# DB_* +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_wrap_binary_for_ssl() { + local wrapper_file="${DB_BIN_DIR}/mysql" + # In MySQL Client 10.6, mysql is a link to the mariadb binary + if [[ -f "${DB_BIN_DIR}/mariadb" ]]; then + wrapper_file="${DB_BIN_DIR}/mariadb" + fi + local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql" + local -a ssl_opts=() + read -r -a ssl_opts <<<"$(mysql_client_extra_opts)" + + mv "$wrapper_file" "$wrapped_binary_file" + cat >"$wrapper_file" <> "$custom_conf_file" + cat "$old_custom_conf_file" >> "$custom_conf_file" + fi + if am_i_root; then + [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" + rm -rf "$DB_VOLUME_DIR/conf" + else + warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" + fi +} + +######################## +# Ensure a db user exists with the given password for the '%' host +# Globals: +# DB_* +# Flags: +# -p|--password - database password +# -u|--user - database user +# --auth-plugin - authentication plugin +# --use-ldap - authenticate user via LDAP +# --host - database host +# --port - database host +# Arguments: +# $1 - database user +# Returns: +# None +######################### +mysql_ensure_user_exists() { + local -r user="${1:?user is required}" + local password="" + local auth_plugin="" + local use_ldap="no" + local hosts + local auth_string="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -p|--password) + shift + password="${1:?missing database password}" + ;; + --auth-plugin) + shift + auth_plugin="${1:?missing authentication plugin}" + ;; + --use-ldap) + use_ldap="yes" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if is_boolean_yes "$use_ldap"; then + auth_string="identified via pam using '$DB_FLAVOR'" + elif [[ -n "$password" ]]; then + if [[ -n "$auth_plugin" ]]; then + auth_string="identified with $auth_plugin by '$password'" + else + auth_string="identified by '$password'" + fi + fi + debug "creating database user \'$user\'" + + local -a mysql_execute_cmd=("mysql_execute") + local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") + if [[ -n "$db_host" && -n "$db_port" ]]; then + mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") + fi + + local mysql_create_user_cmd + [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ + # Views have a definer user, in this case set to 'root', which needs to exist for the view to work + # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html + # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed + if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then + alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 + return 1 + ;; + esac + shift + done + + local -a mysql_execute_cmd=("mysql_execute") + [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + + local -a create_database_args=() + [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") + [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") + + debug "Creating database $database" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$user") + [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") + [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") + if is_boolean_yes "$use_ldap"; then + flags+=("--use-ldap") + elif [[ -n "$password" ]]; then + flags+=("-p" "$password") + [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") + fi + mysql_ensure_user_exists "${flags[@]}" +} + +######################## +# Optionally create the given database, and then optionally give a user +# full privileges on the database. +# Flags: +# -u|--user - database user +# --character-set - character set +# --collation - collation +# --host - database host +# --port - database port +# Arguments: +# $1 - database name +# Returns: +# None +######################### +mysql_ensure_optional_database_exists() { + local -r database="${1:?database is missing}" + local character_set="" + local collate="" + local user="" + local privileges="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + --character-set) + shift + character_set="${1:?missing character set}" + ;; + --collate) + shift + collate="${1:?missing collate}" + ;; + -u|--user) + shift + user="${1:?missing database user}" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + --privileges) + shift + privileges="${1:?missing privileges}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$database") + [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") + [[ -n "$collate" ]] && flags+=("--collate" "$collate") + [[ -n "$db_host" ]] && flags+=("--host" "$db_host") + [[ -n "$db_port" ]] && flags+=("--port" "$db_port") + mysql_ensure_database_exists "${flags[@]}" + + if [[ -n "$user" ]]; then + mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" + fi +} + +######################## +# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") +# Globals: +# DB_* +# Arguments: +# $1 - MySQL variable name +# $2 - Value to assign to the MySQL variable +# $3 - Section in the MySQL configuration file the key is located (default: mysqld) +# $4 - Configuration file (default: "$BD_CONF_FILE") +# Returns: +# None +######################### +mysql_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + read -r -a sections <<<"${3:-mysqld}" + local -r ignore_inline_comments="${4:-no}" + local -r file="${5:-"$DB_CONF_FILE"}" + info "Setting ${key} option" + debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" + # Check if the configuration exists in the file + for section in "${sections[@]}"; do + if is_boolean_yes "$ignore_inline_comments"; then + ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" + else + ini-file set --section "$section" --key "$key" --value "$value" "$file" + fi + done +} + +######################## +# Update MySQL/MariaDB configuration file with user custom inputs +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_update_custom_config() { + # Persisted configuration files from old versions + ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration + + # User injected custom configuration + if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then + debug "Injecting custom configuration from my_custom.conf" + cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" + fi + + ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" + ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" + ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" + ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" + ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" + ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" + ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" + ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" + ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Find the path to the libjemalloc library file +# Globals: +# None +# Arguments: +# None +# Returns: +# Path to a libjemalloc shared object file +######################### +find_jemalloc_lib() { + local -a locations=( "/usr/lib" "/usr/lib64" ) + local -r pattern='libjemalloc.so.[0-9]' + local path + for dir in "${locations[@]}"; do + # Find the first element matching the pattern and quit + [[ ! -d "$dir" ]] && continue + path="$(find "$dir" -name "$pattern" -print -quit)" + [[ -n "$path" ]] && break + done + echo "${path:-}" +} + +######################## +# Execute a reliable health check against the current mysql instance +# Globals: +# DB_ROOT_USER, DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD +# Arguments: +# None +# Returns: +# mysqladmin output +######################### +mysql_healthcheck() { + local args=("-u${DB_ROOT_USER}" "-h0.0.0.0") + local root_password + + root_password="$(get_master_env_var_value ROOT_PASSWORD)" + if [[ -n "$root_password" ]]; then + args+=("-p${root_password}") + fi + + mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status +} + +######################## +# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# mysql client flavor +######################### +mysql_client_flavor() { + if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then + echo "mariadb" + else + echo "mysql" + fi +} + +######################## +# Prints extra options for MySQL client calls (i.e. SSL options) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# List of options to pass to "mysql" CLI +######################### +mysql_client_extra_opts() { + # Helper to get the proper value for the MySQL client environment variable + mysql_client_env_value() { + local env_name="MYSQL_CLIENT_${1:?missing name}" + if [[ -n "${!env_name:-}" ]]; then + echo "${!env_name:-}" + else + env_name="DB_CLIENT_${1}" + echo "${!env_name:-}" + fi + } + local -a opts=() + local key value + if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=REQUIRED") + else + opts+=("--ssl=TRUE") + fi + # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined + for key in ca key cert; do + value="$(mysql_client_env_value "SSL_${key^^}_FILE")" + [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") + done + else + # Skip SSL validation + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=DISABLED") + else + # SSL connections are enabled by default in MariaDB >=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi + fi + echo "${opts[@]:-}" +} diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/libphp.sh b/8/debian-12/rootfs/opt/bitnami/scripts/libphp.sh new file mode 100644 index 0000000..838cd2b --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/libphp.sh @@ -0,0 +1,265 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami PHP library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libwebserver.sh + +######################## +# Add or modify an entry in the main PHP configuration file (php.ini) +# Globals: +# PHP_CONF_FILE +# Arguments: +# $1 - Key +# $2 - Value +# $3 - File to modify (default: $PHP_CONF_FILE) +# Returns: +# None +######################### +php_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + local -r file="${3:-"$PHP_CONF_FILE"}" + local pattern="^[; ]*${key}\s*=.*$" + if [[ "$key" = "extension" || "$key" = "zend_extension" ]]; then + # The "extension" property works a bit different for PHP, as there is one per module to be included, meaning it is additive unlike other configurations + # Because of that, we first check if the extension was defined in the file to replace the proper entry + pattern="^[; ]*${key}\s*=\s*[\"]?${value}(\.so)?[\"]?\s*$" + fi + local -r entry="${key} = ${value}" + if is_file_writable "$file"; then + # Not using the ini-file tool since it does not play well with php.ini + if grep -q -E "$pattern" "$file"; then + replace_in_file "$file" "$pattern" "$entry" + else + cat >> "$file" <<< "$entry" + fi + else + warn "The PHP configuration file '${file}' is not writable. The '${key}' option will not be configured." + fi +} + +######################## +# Ensure PHP is initialized +# Globals: +# PHP_* +# Arguments: +# None +# Returns: +# None +######################### +php_initialize() { + # Configure PHP options based on the runtime environment + info "Configuring PHP options" + if ! is_dir_empty "$PHP_DEFAULT_CONF_DIR"; then + # Copy default configuration to php configuration directory + cp -nr "$PHP_DEFAULT_CONF_DIR"/. "$PHP_CONF_DIR" + fi + php_set_runtime_config "$PHP_CONF_FILE" + + + # PHP-FPM configuration + ! is_empty_value "$PHP_FPM_LISTEN_ADDRESS" && info "Setting PHP-FPM listen option" && php_conf_set "listen" "$PHP_FPM_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Set PHP runtime options, based on user-provided environment variables +# Globals: +# PHP_* +# Arguments: +# None +# Returns: +# None +######################### +php_set_runtime_config() { + local -r conf_file="${1:?missing conf file}" + + ! is_empty_value "$PHP_DATE_TIMEZONE" && info "Setting PHP date.timezone option" && php_conf_set date.timezone "$PHP_DATE_TIMEZONE" "$conf_file" + ! is_empty_value "$PHP_ENABLE_OPCACHE" && info "Setting PHP opcache.enable option" && php_conf_set opcache.enable "$PHP_ENABLE_OPCACHE" "$conf_file" + ! is_empty_value "$PHP_EXPOSE_PHP" && info "Setting PHP expose_php option" && php_conf_set expose_php "$PHP_EXPOSE_PHP" "$conf_file" + ! is_empty_value "$PHP_MAX_EXECUTION_TIME" && info "Setting PHP max_execution_time option" && php_conf_set max_execution_time "$PHP_MAX_EXECUTION_TIME" "$conf_file" + ! is_empty_value "$PHP_MAX_INPUT_TIME" && info "Setting PHP max_input_time option" && php_conf_set max_input_time "$PHP_MAX_INPUT_TIME" "$conf_file" + ! is_empty_value "$PHP_MAX_INPUT_VARS" && info "Setting PHP max_input_vars option" && php_conf_set max_input_vars "$PHP_MAX_INPUT_VARS" "$conf_file" + ! is_empty_value "$PHP_MEMORY_LIMIT" && info "Setting PHP memory_limit option" && php_conf_set memory_limit "$PHP_MEMORY_LIMIT" "$conf_file" + ! is_empty_value "$PHP_POST_MAX_SIZE" && info "Setting PHP post_max_size option" && php_conf_set post_max_size "$PHP_POST_MAX_SIZE" "$conf_file" + ! is_empty_value "$PHP_UPLOAD_MAX_FILESIZE" && info "Setting PHP upload_max_filesize option" && php_conf_set upload_max_filesize "$PHP_UPLOAD_MAX_FILESIZE" "$conf_file" + ! is_empty_value "$PHP_OUTPUT_BUFFERING" && info "Setting PHP output_buffering option" && php_conf_set output_buffering "$PHP_OUTPUT_BUFFERING" "$conf_file" + + true +} + +######################## +# Convert a yes/no value to a PHP boolean +# Globals: +# None +# Arguments: +# $1 - yes/no value +# Returns: +# None +######################### +php_convert_to_boolean() { + local -r value="${1:?missing value}" + is_boolean_yes "$value" && echo "true" || echo "false" +} + +######################## +# Execute/run PHP code and print to stdout +# Globals: +# None +# Stdin: +# Code to execute +# Arguments: +# $1..$n - Input arguments to script +# Returns: +# None +######################### +php_execute_print_output() { + local php_cmd + # Obtain the command specified via stdin + php_cmd="$( "$SUITECRM_SILENT_INSTALL_CONF_FILE" + ) + web_server_start + suitecrm_7_pass_wizard + # Configure SMTP via application wizard + if ! is_empty_value "$SUITECRM_SMTP_HOST"; then + info "Configuring SMTP" + suitecrm_pass_smtp_wizard + fi + web_server_stop + # Delete configuration file for silent install as it's not needed anymore + rm "$SUITECRM_SILENT_INSTALL_CONF_FILE" + else + suitecrm_pass_wizard + # Configure SMTP via application wizard + if ! is_empty_value "$SUITECRM_SMTP_HOST"; then + web_server_start + info "Configuring SMTP" + suitecrm_pass_smtp_wizard + web_server_stop + fi + fi + + else + info "An already initialized SuiteCRM database was provided, configuration will be skipped" + # A very basic 'config.php' will be generated with enough information for the application to be able to connect to the database + # Afterwards we will make use of the application's 'Rebuild Config File' functionality to create a complete configuration file + # Then we will be able to use the application's scripts to generate cache files, '.htaccess' and other required files + info "Generating SuiteCRM configuration file" + ( + export db_host db_port db_name db_user db_pass + render-template "${template_dir}/config_db.php.tpl" > "$SUITECRM_CONF_FILE" + # Ensure the configuration file is writable by the web server + # Negate the condition to always return true and avoid causing exit code + ! am_i_root || configure_permissions_ownership "$SUITECRM_CONF_FILE" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" + ) + suitecrm_rebuild_files + fi + + info "Persisting SuiteCRM installation" + persist_app "$app_name" "$SUITECRM_DATA_TO_PERSIST" + else + info "Restoring persisted SuiteCRM installation" + restore_persisted_app "$app_name" "$SUITECRM_DATA_TO_PERSIST" + info "Trying to connect to the database server" + db_host="$(suitecrm_conf_get "dbconfig" "db_host_name")" + db_port="$(suitecrm_conf_get "dbconfig" "db_port")" + db_name="$(suitecrm_conf_get "dbconfig" "db_name")" + db_user="$(suitecrm_conf_get "dbconfig" "db_user_name")" + db_pass="$(suitecrm_conf_get "dbconfig" "db_password")" + suitecrm_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" + fi + + # Ensure SuiteCRM cron jobs are created when running setup with a root user + # https://docs.suitecrm.com/blog/scheduler-jobs/ + local -a cron_cmd=(cd "${SUITECRM_BASE_DIR};" "${PHP_BIN_DIR}/php" "-f" "cron.php") + if am_i_root; then + generate_cron_conf "suitecrm" "${cron_cmd[*]} > /dev/null 2>&1" --run-as "$WEB_SERVER_DAEMON_USER" --schedule "*/1 * * * *" + else + warn "Skipping cron configuration for SuiteCRM because of running as a non-root user" + fi + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Get an entry from the SuiteCRM configuration file ('config.php') +# Globals: +# SUITECRM_* +# Arguments: +# $1 - PHP variable name +# Returns: +# None +######################### +suitecrm_conf_get() { + local key="${1:?key missing}" + # Construct a PHP array path for the configuration, so each key is passed as a separate argument + local path="\$sugar_config" + for key in "$@"; do + path="${path}['${key}']" + done + debug "Getting ${key} from SuiteCRM configuration" + php -r "require ('${SUITECRM_CONF_FILE}'); print_r($path);" +} + +######################## +# Set an entry into the SuiteCRM configuration file ('config.php') +# Globals: +# SUITECRM_* +# Arguments: +# $1 - PHP variable name +# Returns: +# None +######################### +suitecrm_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?missing value}" + debug "Setting ${key} to '${value}' in SuiteCRM configuration" + # Sanitize key (sed does not support fixed string substitutions) + local sanitized_pattern + sanitized_pattern="$(sed 's/[]\[^$.*/]/\\&/g' <<< "$key")" + # Check if the configuration exists in the file + if grep -q -E "$sanitized_pattern" "$SUITECRM_CONF_FILE"; then + # It exists, so replace the line + replace_in_file "$SUITECRM_CONF_FILE" "('${sanitized_pattern}' => ').*(',)" "\1${value}\2" + else + # The SuiteCRM configuration file includes all supported keys, but because of its format, + # we cannot append contents to the end. We can assume thi + warn "Could not set the SuiteCRM '${key}' configuration. Check that the file has not been modified externally." + fi +} + +######################## +# Wait until the database is accessible with the currently-known credentials +# Globals: +# * +# Arguments: +# $1 - database host +# $2 - database port +# $3 - database name +# $4 - database username +# $5 - database user password (optional) +# Returns: +# true if the database connection succeeded, false otherwise +######################### +suitecrm_wait_for_db_connection() { + local -r db_host="${1:?missing database host}" + local -r db_port="${2:?missing database port}" + local -r db_name="${3:?missing database name}" + local -r db_user="${4:?missing database user}" + local -r db_pass="${5:-}" + check_mysql_connection() { + echo "SELECT 1" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" + } + if ! retry_while "check_mysql_connection"; then + error "Could not connect to the database" + return 1 + fi +} + +######################## +# Pass SuiteCRM SMTP wizard +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the wizard succeeded, false otherwise +######################### +suitecrm_pass_smtp_wizard() { + local -r port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + local wizard_url curl_output + local -a curl_opts curl_data_opts + local url_protocol=http + is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https + local site_url="${url_protocol}://127.0.0.1:${port}/index.php" + cookie_file="/tmp/cookie$(generate_random_string -t alphanumeric -c 8)" + curl_opts=( + "--location" + "--silent" + "--cookie-jar" "$cookie_file" + "--cookie" "$cookie_file" + # Used to avoid XSRF warning + "--referer" "http://localhost" + ) + # Step 1: Login to SuiteCRM and check that SMTP is not configured yet + wizard_url="${site_url}?action=Login&module=Users" + curl_data_opts=( + "--data-urlencode" "username_password=${SUITECRM_PASSWORD}" + "--data-urlencode" "user_name=${SUITECRM_USERNAME}" + "--data-urlencode" "return_action=Login" + "--data-urlencode" "module=Users" + "--data-urlencode" "action=Authenticate" + ) + curl_output="$(curl "${curl_opts[@]}" "${curl_data_opts[@]}" "${wizard_url}")" + if [[ "$curl_output" != *"an SMTP server must be configured"* ]]; then + error "An error occurred while trying to login to configure SMTP" + return 1 + fi + + # Step 2: Configure SMTP and check the message to warn about SMTP has gone + wizard_url="${site_url}?module=EmailMan&action=config" + + # Check if SMTP should go over SSL + local smtp_protocol="" + [[ "$SUITECRM_SMTP_PROTOCOL" = "ssl" ]] && smtp_protocol="1" + [[ "$SUITECRM_SMTP_PROTOCOL" = "tls" ]] && smtp_protocol="2" + + # Check if SMTP user:pass is configured + local smtp_auth_req=0 + ! is_empty_value "$SUITECRM_SMTP_USER" && smtp_auth_req=1 + + curl_data_opts=( + "--data-urlencode" "mail_allowusersend=0" + "--data-urlencode" "mail_sendtype=SMTP" + "--data-urlencode" "mail_smtpauth_req=${smtp_auth_req}" + "--data-urlencode" "module=EmailMan" + "--data-urlencode" "mail_smtppass=${SUITECRM_SMTP_PASSWORD}" + "--data-urlencode" "mail_smtpport=${SUITECRM_SMTP_PORT_NUMBER}" + "--data-urlencode" "mail_smtpserver=${SUITECRM_SMTP_HOST}" + "--data-urlencode" "mail_smtptype=other" + "--data-urlencode" "mail_smtpuser=${SUITECRM_SMTP_USER}" + "--data-urlencode" "mail_smtpssl=${smtp_protocol}" + "--data-urlencode" "notify_fromaddress=${SUITECRM_SMTP_NOTIFY_ADDRESS}" + "--data-urlencode" "notify_fromname=${SUITECRM_SMTP_NOTIFY_NAME}" + "--data-urlencode" "action=Save" + ) + curl_output="$(curl "${curl_opts[@]}" "${curl_data_opts[@]}" "${wizard_url}")" + if [[ "$curl_output" == *"an SMTP server must be configured"* ]]; then + error "An error occurred configuring SMTP for SuiteCRM" + return 1 + fi +} + +######################## +# Pass SuiteCRM wizard +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the wizard succeeded, false otherwise +######################### +suitecrm_pass_wizard() { + local -a install_args + local url_protocol=http + info "Running setup wizard" + is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https + + install_args=( + "--site_host=${url_protocol}://${SUITECRM_HOST}" + "--site_username=${SUITECRM_USERNAME}" + "--site_password=${SUITECRM_PASSWORD}" + "--db_username=${SUITECRM_DATABASE_USER}" + "--db_password=${SUITECRM_DATABASE_PASSWORD}" + "--db_host=${SUITECRM_DATABASE_HOST}" + "--db_port=${SUITECRM_DATABASE_PORT_NUMBER}" + "--db_name=${SUITECRM_DATABASE_NAME}" + "--no-interaction" + ) + + suitecrm_execute suitecrm:app:install "${install_args[@]}" +} + +######################## +# Pass SuiteCRM 7 wizard +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the wizard succeeded, false otherwise +######################### +suitecrm_7_pass_wizard() { + local -r port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + local wizard_url curl_output + local -a curl_opts curl_data_opts + local url_protocol=http + info "Running setup wizard" + is_boolean_yes "$SUITECRM_ENABLE_HTTPS" && url_protocol=https + wizard_url="${url_protocol}://127.0.0.1:${port}/install.php?goto=SilentInstall&cli=true" + curl_opts=("--location" "--silent") + curl_data_opts=( + "--data-urlencode" "current_step=8" + "--data-urlencode" "goto=Next" + ) + local wizard_exit_code=0 + wizard_error() { + error "An error occurred while installing SuiteCRM: ${*}" + wizard_exit_code=1 + } + if ! debug_execute curl "${curl_opts[@]}" "${wizard_url}"; then + wizard_error "The wizard could not be accessed" + fi + if ! grep -q "Save user settings" "${SUITECRM_BASE_DIR}/install.log"; then + wizard_error "Installation failed" + fi + return "$wizard_exit_code" +} + +######################## +# Rebuild SuiteCRM's configuration file +# Globals: +# * +# Arguments: +# None +# Returns: +# true if succeded, false otherwise +######################### +suitecrm_rebuild_files() { + # The below script executes the code from "Repair > Rebuild Config File" to regenerate the configuration file + # We prefer to run a script rather than via cURL requests because it would require to login, and could cause + # issues with SUITECRM_SKIP_BOOTSTRAP + php_execute </dev/null 2>&1 & + if ! retry_while "is_php_fpm_running"; then + error "php-fpm did not start" + error_code=1 + else + info "php-fpm started" + fi +else + info "php-fpm is already running" +fi + +exit "$error_code" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/php/status.sh b/8/debian-12/rootfs/opt/bitnami/scripts/php/status.sh new file mode 100755 index 0000000..2ca4fb3 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/php/status.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/liblog.sh + +# Load PHP-FPM environment variables +. /opt/bitnami/scripts/php-env.sh + +if is_php_fpm_running; then + info "php-fpm is already running" +else + info "php-fpm is not running" +fi diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh b/8/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh new file mode 100755 index 0000000..74274a4 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load PHP-FPM environment variables +. /opt/bitnami/scripts/php-env.sh + +error_code=0 + +if is_php_fpm_running; then + BITNAMI_QUIET=1 php_fpm_stop + if ! retry_while "is_php_fpm_not_running"; then + error "php-fpm could not be stopped" + error_code=1 + else + info "php-fpm stopped" + fi +else + info "php-fpm is not running" +fi + +exit "$error_code" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh new file mode 100644 index 0000000..a4ba165 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm-env.sh @@ -0,0 +1,120 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for suitecrm + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-suitecrm}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +suitecrm_env_vars=( + SUITECRM_DATA_TO_PERSIST + SUITECRM_SKIP_BOOTSTRAP + SUITECRM_USERNAME + SUITECRM_PASSWORD + SUITECRM_EMAIL + SUITECRM_HOST + SUITECRM_ENABLE_HTTPS + SUITECRM_EXTERNAL_HTTP_PORT_NUMBER + SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER + SUITECRM_VALIDATE_USER_IP + SUITECRM_SMTP_HOST + SUITECRM_SMTP_PORT_NUMBER + SUITECRM_SMTP_USER + SUITECRM_SMTP_PASSWORD + SUITECRM_SMTP_PROTOCOL + SUITECRM_SMTP_NOTIFY_ADDRESS + SUITECRM_SMTP_NOTIFY_NAME + SUITECRM_DATABASE_HOST + SUITECRM_DATABASE_PORT_NUMBER + SUITECRM_DATABASE_NAME + SUITECRM_DATABASE_USER + SUITECRM_DATABASE_PASSWORD + SMTP_HOST + SMTP_PORT + SUITECRM_SMTP_PORT + SMTP_USER + SMTP_PASSWORD + SMTP_PROTOCOL +) +for env_var in "${suitecrm_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset suitecrm_env_vars + +# Paths +export SUITECRM_BASE_DIR="${BITNAMI_ROOT_DIR}/suitecrm" +export SUITECRM_CONF_FILE="${SUITECRM_BASE_DIR}/public/legacy/config.php" +export SUITECRM_SILENT_INSTALL_CONF_FILE="${SUITECRM_BASE_DIR}/public/legacy/config_si.php" + +# SuiteCRM persistence configuration +export SUITECRM_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/suitecrm" +export SUITECRM_MOUNTED_CONF_FILE="${SUITECRM_VOLUME_DIR}/config_si.php" +export SUITECRM_DATA_TO_PERSIST="${SUITECRM_DATA_TO_PERSIST:-$SUITECRM_BASE_DIR}" + +# SuiteCRM configuration +export SUITECRM_SKIP_BOOTSTRAP="${SUITECRM_SKIP_BOOTSTRAP:-}" # only used during the first initialization + +# SuiteCRM credentials +export SUITECRM_USERNAME="${SUITECRM_USERNAME:-user}" # only used during the first initialization +export SUITECRM_PASSWORD="${SUITECRM_PASSWORD:-bitnami}" # only used during the first initialization +export SUITECRM_EMAIL="${SUITECRM_EMAIL:-user@example.com}" # only used during the first initialization +export SUITECRM_HOST="${SUITECRM_HOST:-localhost}" # only used during the first initialization +export SUITECRM_ENABLE_HTTPS="${SUITECRM_ENABLE_HTTPS:-no}" # only used during the first initialization +export SUITECRM_EXTERNAL_HTTP_PORT_NUMBER="${SUITECRM_EXTERNAL_HTTP_PORT_NUMBER:-80}" # only used during the first initialization +export SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER="${SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER:-443}" # only used during the first initialization +export SUITECRM_VALIDATE_USER_IP="${SUITECRM_VALIDATE_USER_IP:-true}" + +# SuiteCRM SMTP credentials +SUITECRM_SMTP_HOST="${SUITECRM_SMTP_HOST:-"${SMTP_HOST:-}"}" +export SUITECRM_SMTP_HOST="${SUITECRM_SMTP_HOST:-}" # only used during the first initialization +SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-"${SMTP_PORT:-}"}" +SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-"${SUITECRM_SMTP_PORT:-}"}" +export SUITECRM_SMTP_PORT_NUMBER="${SUITECRM_SMTP_PORT_NUMBER:-}" # only used during the first initialization +SUITECRM_SMTP_USER="${SUITECRM_SMTP_USER:-"${SMTP_USER:-}"}" +export SUITECRM_SMTP_USER="${SUITECRM_SMTP_USER:-}" # only used during the first initialization +SUITECRM_SMTP_PASSWORD="${SUITECRM_SMTP_PASSWORD:-"${SMTP_PASSWORD:-}"}" +export SUITECRM_SMTP_PASSWORD="${SUITECRM_SMTP_PASSWORD:-}" # only used during the first initialization +SUITECRM_SMTP_PROTOCOL="${SUITECRM_SMTP_PROTOCOL:-"${SMTP_PROTOCOL:-}"}" +export SUITECRM_SMTP_PROTOCOL="${SUITECRM_SMTP_PROTOCOL:-}" # only used during the first initialization +export SUITECRM_SMTP_NOTIFY_ADDRESS="${SUITECRM_SMTP_NOTIFY_ADDRESS:-${SUITECRM_EMAIL}}" +export SUITECRM_SMTP_NOTIFY_NAME="${SUITECRM_SMTP_NOTIFY_NAME:-SuiteCRM}" + +# Database configuration +export SUITECRM_DEFAULT_DATABASE_HOST="mariadb" # only used at build time +export SUITECRM_DATABASE_HOST="${SUITECRM_DATABASE_HOST:-$SUITECRM_DEFAULT_DATABASE_HOST}" # only used during the first initialization +export SUITECRM_DATABASE_PORT_NUMBER="${SUITECRM_DATABASE_PORT_NUMBER:-3306}" # only used during the first initialization +export SUITECRM_DATABASE_NAME="${SUITECRM_DATABASE_NAME:-bitnami_suitecrm}" # only used during the first initialization +export SUITECRM_DATABASE_USER="${SUITECRM_DATABASE_USER:-bn_suitecrm}" # only used during the first initialization +export SUITECRM_DATABASE_PASSWORD="${SUITECRM_DATABASE_PASSWORD:-}" # only used during the first initialization + +# PHP configuration +export PHP_DEFAULT_MEMORY_LIMIT="256M" # only used at build time +export PHP_DEFAULT_POST_MAX_SIZE="60M" # only used at build time +export PHP_DEFAULT_UPLOAD_MAX_FILESIZE="60M" # only used at build time + +# Custom environment variables may be defined below diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl new file mode 100644 index 0000000..cf8eab3 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_db.php.tpl @@ -0,0 +1,23 @@ +// This file is based on a config.php file from a completed install. You can obtain it by disabling the wizard and browsing to the application. +// This will be used for new installs using existing databases, where we will first use a very basic config file and then repair via the app to add missing fields. + + array ( + 'db_host_name' => '{{db_host}}', + 'db_host_instance' => '', + 'db_user_name' => '{{db_user}}', + 'db_password' => '{{db_pass}}', + 'db_name' => '{{db_name}}', + 'db_type' => 'mysql', + 'db_port' => '{{db_port}}', + 'db_manager' => 'MysqliManager', + ), + 'dbconfigoption' => + array ( + 'persistent' => true, + 'autofree' => false, + 'debug' => 0, + 'ssl' => false, + ), +); diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl new file mode 100644 index 0000000..6bc6a35 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/bitnami-templates/config_si.php.tpl @@ -0,0 +1,39 @@ +// This file is based on https://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_9.3/Architecture/Configurator/Silent_Installer_Settings/#config_siphp + + '{{url_protocol}}://{{SUITECRM_HOST}}', + 'setup_system_name' => 'Bitnami SuiteCRM', + 'setup_db_host_name' => '{{SUITECRM_DATABASE_HOST}}', + 'setup_site_admin_user_name' => '{{SUITECRM_USERNAME}}', + 'setup_site_admin_email' => ' {{SUITECRM_EMAIL}}', + 'setup_site_admin_password' => '{{SUITECRM_PASSWORD}}', + 'demoData' => false, + 'setup_db_type' => 'mysql', + 'setup_db_host_name' => '{{SUITECRM_DATABASE_HOST}}', + 'setup_db_database_name' => '{{SUITECRM_DATABASE_NAME}}', + 'setup_db_port_num' => '{{SUITECRM_DATABASE_PORT_NUMBER}}', + 'setup_db_sugarsales_user' => '{{SUITECRM_DATABASE_USER}}', + 'setup_db_sugarsales_password' => '{{SUITECRM_DATABASE_PASSWORD}}', + 'setup_db_admin_user_name' => '{{SUITECRM_DATABASE_USER}}', + 'setup_db_admin_password' => '{{SUITECRM_DATABASE_PASSWORD}}', + 'setup_db_drop_tables' => false, + 'setup_db_create_database' => true, + 'default_currency_iso4217' => 'USD', + 'default_currency_name' => 'US Dollars', + 'default_currency_significant_digits' => '2', + 'default_currency_symbol' => '$', + 'default_date_format' => 'Y-m-d', + 'default_time_format' => 'H:i', + 'default_decimal_seperator' => '.', + 'default_export_charset' => 'ISO-8859-1', + 'default_language' => 'en_us', + 'default_locale_name_format' => 's f l', + 'default_number_grouping_seperator' => ',', + 'export_delimiter' => ',', + 'verify_client_ip' => {{SUITECRM_VALIDATE_USER_IP}}, + 'session_dir' => '/tmp', +); + +?> diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh new file mode 100755 index 0000000..7795e36 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/entrypoint.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libwebserver.sh + +print_welcome_page + +if [[ "$1" = "/opt/bitnami/scripts/suitecrm/run.sh" || "$1" = "/opt/bitnami/scripts/$(web_server_type)/run.sh" || "$1" = "/opt/bitnami/scripts/nginx-php-fpm/run.sh" ]]; then + info "** Starting SuiteCRM setup **" + /opt/bitnami/scripts/"$(web_server_type)"/setup.sh + /opt/bitnami/scripts/php/setup.sh + /opt/bitnami/scripts/mysql-client/setup.sh + /opt/bitnami/scripts/suitecrm/setup.sh + /post-init.sh + info "** SuiteCRM setup finished! **" +fi + +echo "" +exec "$@" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh new file mode 100755 index 0000000..a5a5c14 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/postunpack.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load PHP environment for 'php_conf_set' (after 'suitecrm-env.sh' so that MODULE is not set to a wrong value) +. /opt/bitnami/scripts/php-env.sh + +# Load libraries +. /opt/bitnami/scripts/libsuitecrm.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Load web server environment and functions (after SuiteCRM environment file so MODULE is not set to a wrong value) +. "/opt/bitnami/scripts/$(web_server_type)-env.sh" + +# Ensure the SuiteCRM base directory exists and has proper permissions +info "Configuring file permissions for SuiteCRM" +ensure_user_exists "$WEB_SERVER_DAEMON_USER" --group "$WEB_SERVER_DAEMON_GROUP" +for dir in "$SUITECRM_BASE_DIR" "$SUITECRM_VOLUME_DIR" "${SUITECRM_BASE_DIR}/tmp"; do + ensure_dir_exists "$dir" + # Use daemon:daemon ownership for compatibility when running as a non-root user + configure_permissions_ownership "$dir" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" +done + +# Configure required PHP options for application to work properly, based on build-time defaults +info "Configuring default PHP options for SuiteCRM" +php_conf_set memory_limit "$PHP_DEFAULT_MEMORY_LIMIT" +php_conf_set upload_max_filesize "$PHP_DEFAULT_UPLOAD_MAX_FILESIZE" +php_conf_set post_max_size "$PHP_DEFAULT_POST_MAX_SIZE" +# Disabling opcache to be able to modify parameters using the system setting panel. Ref: T18279 +php_conf_set "opcache.enable" "Off" + +# Enable default web server configuration for SuiteCRM +info "Creating default web server configuration for SuiteCRM" +web_server_validate +# Not moving .htaccess because SuiteCRM generates some of them during installation +# Backward compatibility with SuiteCRM 7 +if [[ -d "${SUITECRM_BASE_DIR}/public" ]]; then + ensure_web_server_app_configuration_exists "suitecrm" --type php --apache-move-htaccess "no" --document-root "${BITNAMI_ROOT_DIR}/suitecrm/public" +else + ensure_web_server_app_configuration_exists "suitecrm" --type php --apache-move-htaccess "no" +fi diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh new file mode 100755 index 0000000..afdaaaf --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/run.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load libraries +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Catch SIGTERM signal and stop all child processes +_forwardTerm() { + warn "Caught signal SIGTERM, passing it to child processes..." + pgrep -P $$ | xargs kill -TERM 2>/dev/null + wait + exit $? +} +trap _forwardTerm TERM + +# Start cron +if am_i_root; then + info "** Starting cron **" + if ! cron_start; then + error "Failed to start cron. Check that it is installed and its configuration is correct." + exit 1 + fi +else + warn "Cron will not be started because of running as a non-root user" +fi + +# Start Apache +exec "/opt/bitnami/scripts/$(web_server_type)/run.sh" diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh new file mode 100755 index 0000000..299461e --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/setup.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load MySQL Client environment for 'mysql_remote_execute' (after 'suitecrm-env.sh' so that MODULE is not set to a wrong value) +if [[ -f /opt/bitnami/scripts/mysql-client-env.sh ]]; then + . /opt/bitnami/scripts/mysql-client-env.sh +elif [[ -f /opt/bitnami/scripts/mysql-env.sh ]]; then + . /opt/bitnami/scripts/mysql-env.sh +elif [[ -f /opt/bitnami/scripts/mariadb-env.sh ]]; then + . /opt/bitnami/scripts/mariadb-env.sh +fi + +# Load PHP environment for cron configuration (after 'moodle-env.sh' so that MODULE is not set to a wrong value) +. /opt/bitnami/scripts/php-env.sh + +# Load libraries +. /opt/bitnami/scripts/libsuitecrm.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Load web server environment and functions (after SuiteCRM environment file so MODULE is not set to a wrong value) +. "/opt/bitnami/scripts/$(web_server_type)-env.sh" + +# Ensure SuiteCRM environment variables are valid +suitecrm_validate + +# Update web server configuration with runtime environment (needs to happen before the initialization) +web_server_update_app_configuration "suitecrm" + +# Ensure SuiteCRM is initialized +suitecrm_initialize diff --git a/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh new file mode 100755 index 0000000..3069388 --- /dev/null +++ b/8/debian-12/rootfs/opt/bitnami/scripts/suitecrm/updatehost.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load SuiteCRM environment +. /opt/bitnami/scripts/suitecrm-env.sh + +# Load libraries +. /opt/bitnami/scripts/libsuitecrm.sh +. /opt/bitnami/scripts/libfile.sh + +SUITECRM_SERVER_HOST="${1:?missing host}" +if is_boolean_yes "$SUITECRM_ENABLE_HTTPS"; then + SUITECRM_SERVER_URL="https://${SUITECRM_SERVER_HOST}" + [[ "$SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER" != "443" ]] && SUITECRM_SERVER_URL+=":${SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER}" +else + SUITECRM_SERVER_URL="http://${SUITECRM_SERVER_HOST}" + [[ "$SUITECRM_EXTERNAL_HTTP_PORT_NUMBER" != "80" ]] && SUITECRM_SERVER_URL+=":${SUITECRM_EXTERNAL_HTTP_PORT_NUMBER}" +fi +suitecrm_conf_set "site_url" "$SUITECRM_SERVER_URL" +suitecrm_conf_set "host_name" "$SUITECRM_SERVER_HOST" diff --git a/8/debian-12/rootfs/post-init.d/php.sh b/8/debian-12/rootfs/post-init.d/php.sh new file mode 100755 index 0000000..6be2585 --- /dev/null +++ b/8/debian-12/rootfs/post-init.d/php.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom PHP init scripts + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ "$custom_init_script" != *".php" ]] && continue + info "Executing ${custom_init_script} with PHP interpreter" + php "$custom_init_script" || failure=1 + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/8/debian-12/rootfs/post-init.d/shell.sh b/8/debian-12/rootfs/post-init.d/shell.sh new file mode 100755 index 0000000..75a202d --- /dev/null +++ b/8/debian-12/rootfs/post-init.d/shell.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom Bash init scripts + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ "$custom_init_script" != *".sh" ]] && continue + if [[ -x "$custom_init_script" ]]; then + info "Executing ${custom_init_script}" + "$custom_init_script" || failure="1" + else + info "Sourcing ${custom_init_script} as it is not executable by the current user, any error may cause initialization to fail" + . "$custom_init_script" + fi + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/8/debian-12/rootfs/post-init.d/sql-mysql.sh b/8/debian-12/rootfs/post-init.d/sql-mysql.sh new file mode 100755 index 0000000..dc95fc8 --- /dev/null +++ b/8/debian-12/rootfs/post-init.d/sql-mysql.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom MySQL (.sql or .sql.gz) init scripts + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +mysql_execute() { + local -r sql_file="${1:?missing file}" + local failure=0 + mysql_cmd=("mysql" "-h" "$MARIADB_HOST" "-P" "$MARIADB_PORT_NUMBER" "-u" "$MARIADB_ROOT_USER") + if [[ "${ALLOW_EMPTY_PASSWORD:-no}" != "yes" ]]; then + mysql_cmd+=("-p${MARIADB_ROOT_PASSWORD}") + fi + if [[ "$sql_file" == *".sql" ]]; then + "${mysql_cmd[@]}" < "$sql_file" || failure=$? + elif [[ "$sql_file" == *".sql.gz" ]]; then + gunzip -c "$sql_file" | "${mysql_cmd[@]}" || failure=$? + fi + return "$failure" +} + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ ! "$custom_init_script" =~ ^.*(\.sql|\.sql\.gz)$ ]] && continue + info "Executing ${custom_init_script}" + mysql_execute "$custom_init_script" || failure=1 + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/8/debian-12/rootfs/post-init.sh b/8/debian-12/rootfs/post-init.sh new file mode 100755 index 0000000..5f80935 --- /dev/null +++ b/8/debian-12/rootfs/post-init.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Only execute init scripts once +if [[ ! -f "/bitnami/suitecrm/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then + read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)" + if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/suitecrm/.user_scripts_initialized" ]]; then + mkdir -p "/bitnami/suitecrm" + for init_script in "${init_scripts[@]}"; do + for init_script_type_handler in /post-init.d/*.sh; do + "$init_script_type_handler" "$init_script" + done + done + fi + + touch "/bitnami/suitecrm/.user_scripts_initialized" +fi diff --git a/8/debian-12/tags-info.yaml b/8/debian-12/tags-info.yaml new file mode 100644 index 0000000..81e89e9 --- /dev/null +++ b/8/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "8" +- 8-debian-12 +- 8.6.2 +- latest diff --git a/README.md b/README.md new file mode 100644 index 0000000..bdcc700 --- /dev/null +++ b/README.md @@ -0,0 +1,525 @@ +# Bitnami package for SuiteCRM + +## What is SuiteCRM? + +> SuiteCRM is a completely open source, enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a fork of the popular SugarCRM application. + +[Overview of SuiteCRM](http://www.suitecrm.com/) +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +docker run --name suitecrm bitnami/suitecrm:latest +``` + +**Warning**: This quick setup is only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Environment Variables](#environment-variables) section for a more secure deployment. + +## Why use Bitnami Images? + +* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems. +* With Bitnami images the latest bug fixes and features are available as soon as possible. +* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs. +* All our images are based on [**minideb**](https://github.com/bitnami/minideb) -a minimalist Debian based container image that gives you a small base container image and the familiarity of a leading Linux distribution- or **scratch** -an explicitly empty image-. +* All Bitnami images available in Docker Hub are signed with [Notation](https://notaryproject.dev/). [Check this post](https://blog.bitnami.com/2024/03/bitnami-packaged-containers-and-helm.html) to know how to verify the integrity of the images. +* Bitnami container images are released on a regular basis with the latest distribution packages available. + +Looking to use SuiteCRM in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Supported tags and respective `Dockerfile` links + +Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html). + +You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`. + +Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers). + +## Get this image + +The recommended way to get the Bitnami SuiteCRM Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/suitecrm). + +```console +docker pull bitnami/suitecrm:latest +``` + +To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/suitecrm/tags/) in the Docker Hub Registry. + +```console +docker pull bitnami/suitecrm:[TAG] +``` + +If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values. + +```console +git clone https://github.com/bitnami/containers.git +cd bitnami/APP/VERSION/OPERATING-SYSTEM +docker build -t bitnami/APP:latest . +``` + +## How to use this image + +SuiteCRM requires access to a MySQL or MariaDB database to store information. We'll use the [Bitnami Docker Image for MariaDB](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) for the database requirements. + +### Using the Docker Command Line + +#### Step 1: Create a network + +```console +docker network create suitecrm-network +``` + +#### Step 2: Create a volume for MariaDB persistence and create a MariaDB container + +```console +$ docker volume create --name mariadb_data +docker run -d --name mariadb \ + --env ALLOW_EMPTY_PASSWORD=yes \ + --env MARIADB_USER=bn_suitecrm \ + --env MARIADB_PASSWORD=bitnami \ + --env MARIADB_DATABASE=bitnami_suitecrm \ + --network suitecrm-network \ + --volume mariadb_data:/bitnami/mariadb \ + bitnami/mariadb:latest +``` + +#### Step 3: Create volumes for SuiteCRM persistence and launch the container + +```console +$ docker volume create --name suitecrm_data +docker run -d --name suitecrm \ + -p 8080:8080 -p 8443:8443 \ + --env ALLOW_EMPTY_PASSWORD=yes \ + --env SUITECRM_DATABASE_USER=bn_suitecrm \ + --env SUITECRM_DATABASE_PASSWORD=bitnami \ + --env SUITECRM_DATABASE_NAME=bitnami_suitecrm \ + --network suitecrm-network \ + --volume suitecrm_data:/bitnami/suitecrm \ + bitnami/suitecrm:latest +``` + +Access your application at `http://your-ip/` + +### Run the application using Docker Compose + +```console +curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/suitecrm/docker-compose.yml > docker-compose.yml +docker-compose up -d +``` + +Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/suitecrm). + +If you detect any issue in the `docker-compose.yaml` file, feel free to report it or contribute with a fix by following our [Contributing Guidelines](https://github.com/bitnami/containers/blob/main/CONTRIBUTING.md). + +## Persisting your application + +If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed. + +For persistence you should mount a directory at the `/bitnami/suitecrm` path. If the mounted directory is empty, it will be initialized on the first run. Additionally you should [mount a volume for persistence of the MariaDB data](https://github.com/bitnami/containers/blob/main/bitnami/mariadb#persisting-your-database). + +The above examples define the Docker volumes named `mariadb_data` and `suitecrm_data`. The SuiteCRM application state will persist as long as volumes are not removed. + +To avoid inadvertent removal of volumes, you can [mount host directories as data volumes](https://docs.docker.com/engine/tutorials/dockervolumes/). Alternatively you can make use of volume plugins to host the volume data. + +### Mount host directories as data volumes with Docker Compose + +This requires a minor change to the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/suitecrm/docker-compose.yml) file present in this repository: + +```diff + mariadb: + ... + volumes: +- - 'mariadb_data:/bitnami/mariadb' ++ - /path/to/mariadb-persistence:/bitnami/mariadb + ... + suitecrm: + ... + volumes: +- - 'suitecrm_data:/bitnami/suitecrm' ++ - /path/to/suitecrm-persistence:/bitnami/suitecrm + ... +-volumes: +- mariadb_data: +- driver: local +- suitecrm_data: +- driver: local +``` + +### Restoring persisted SuiteCRM installation + +The entire directory of the SuiteCRM application will be persisted. To update the application, you will need to do it manualy. +SuiteCRM does not offer any out-of-the-box tool to upgrade the database schema after an upgrade, so it will not be done automatically. + +### Mount host directories as data volumes using the Docker command line + +#### Step 1: Create a network (if it does not exist) + +```console +docker network create suitecrm-network +``` + +#### Step 2. Create a MariaDB container with host volume + +```console +docker run -d --name mariadb \ + --env ALLOW_EMPTY_PASSWORD=yes \ + --env MARIADB_USER=bn_suitecrm \ + --env MARIADB_PASSWORD=bitnami \ + --env MARIADB_DATABASE=bitnami_suitecrm \ + --network suitecrm-network \ + --volume /path/to/mariadb-persistence:/bitnami/mariadb \ + bitnami/mariadb:latest +``` + +#### Step 3. Create the SuiteCRM container with host volumes + +```console +docker run -d --name suitecrm \ + -p 8080:8080 -p 8443:8443 \ + --env ALLOW_EMPTY_PASSWORD=yes \ + --env SUITECRM_DATABASE_USER=bn_suitecrm \ + --env SUITECRM_DATABASE_PASSWORD=bitnami \ + --env SUITECRM_DATABASE_NAME=bitnami_suitecrm \ + --network suitecrm-network \ + --volume /path/to/suitecrm-persistence:/bitnami/suitecrm \ + bitnami/suitecrm:latest +``` + +## Configuration + +### Environment variables + +#### Customizable environment variables + +| Name | Description | Default Value | +|---------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|-----------------------------------| +| `SUITECRM_DATA_TO_PERSIST` | Files to persist relative to the SuiteCRM installation directory. To provide multiple values, separate them with a whitespace. | `$SUITECRM_BASE_DIR` | +| `SUITECRM_SKIP_BOOTSTRAP` | Whether to perform initial bootstrapping for the application. | `nil` | +| `SUITECRM_USERNAME` | SuiteCRM user name. | `user` | +| `SUITECRM_PASSWORD` | SuiteCRM user password. | `bitnami` | +| `SUITECRM_EMAIL` | SuiteCRM user e-mail address. | `user@example.com` | +| `SUITECRM_HOST` | SuiteCRM server site URL. | `localhost` | +| `SUITECRM_ENABLE_HTTPS` | Whether to use HTTPS by default. | `no` | +| `SUITECRM_EXTERNAL_HTTP_PORT_NUMBER` | Port to used by SuiteCRM to generate URLs and links when accessing using HTTP. | `80` | +| `SUITECRM_EXTERNAL_HTTPS_PORT_NUMBER` | Port to used by SuiteCRM to generate URLs and links when accessing using HTTPS. | `443` | +| `SUITECRM_VALIDATE_USER_IP` | Whether or not to validate te user IP. | `true` | +| `SUITECRM_SMTP_HOST` | SuiteCRM SMTP server host. | `nil` | +| `SUITECRM_SMTP_PORT_NUMBER` | SuiteCRM SMTP server port number. | `nil` | +| `SUITECRM_SMTP_USER` | SuiteCRM SMTP server user. | `nil` | +| `SUITECRM_SMTP_PASSWORD` | SuiteCRM SMTP server user password. | `nil` | +| `SUITECRM_SMTP_PROTOCOL` | SuiteCRM SMTP server protocol to use. | `nil` | +| `SUITECRM_SMTP_NOTIFY_ADDRESS` | SuiteCRM email address to use in notifications. | `${SUITECRM_EMAIL}` | +| `SUITECRM_SMTP_NOTIFY_NAME` | SuiteCRM name to use in notifications. | `SuiteCRM` | +| `SUITECRM_DATABASE_HOST` | Database server host. | `$SUITECRM_DEFAULT_DATABASE_HOST` | +| `SUITECRM_DATABASE_PORT_NUMBER` | Database server port. | `3306` | +| `SUITECRM_DATABASE_NAME` | Database name. | `bitnami_suitecrm` | +| `SUITECRM_DATABASE_USER` | Database user name. | `bn_suitecrm` | +| `SUITECRM_DATABASE_PASSWORD` | Database user password. | `nil` | + +#### Read-only environment variables + +| Name | Description | Value | +|-------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------| +| `SUITECRM_BASE_DIR` | SuiteCRM installation directory. | `${BITNAMI_ROOT_DIR}/suitecrm` | +| `SUITECRM_CONF_FILE` | Configuration file for SuiteCRM. | `${SUITECRM_BASE_DIR}/public/legacy/config.php` | +| `SUITECRM_SILENT_INSTALL_CONF_FILE` | Configuration file for the SuiteCRM silent installation wizard. | `${SUITECRM_BASE_DIR}/public/legacy/config_si.php` | +| `SUITECRM_VOLUME_DIR` | SuiteCRM directory for mounted configuration files. | `${BITNAMI_VOLUME_DIR}/suitecrm` | +| `SUITECRM_MOUNTED_CONF_FILE` | Mounted configuration file for SuiteCRM. It will be copied to the SuiteCRM installation directory during the initialization process. | `${SUITECRM_VOLUME_DIR}/config_si.php` | +| `SUITECRM_DEFAULT_DATABASE_HOST` | Default database server host. | `mariadb` | +| `PHP_DEFAULT_MEMORY_LIMIT` | Default PHP memory limit. | `256M` | +| `PHP_DEFAULT_POST_MAX_SIZE` | Default maximum size for PHP POST requests. | `60M` | +| `PHP_DEFAULT_UPLOAD_MAX_FILESIZE` | Default maximum file size for PHP uploads. | `60M` | + +When you start the SuiteCRM image, you can adjust the configuration of the instance by passing one or more environment variables either on the docker-compose file or on the `docker run` command line. If you want to add a new environment variable: + +* For docker-compose add the variable name and value under the application section in the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/suitecrm/docker-compose.yml) file present in this repository: + +```yaml +suitecrm: + ... + environment: + - SUITECRM_PASSWORD=my_password + ... +``` + +* For manual execution add a `--env` option with each variable and value: + + ```console + docker run -d --name suitecrm -p 80:8080 -p 443:8443 \ + --env SUITECRM_PASSWORD=my_password \ + --network suitecrm-tier \ + --volume /path/to/suitecrm-persistence:/bitnami \ + bitnami/suitecrm:latest + ``` + +### Example + +This would be an example of SMTP configuration using a Gmail account: + +* Modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/suitecrm/docker-compose.yml) file present in this repository: + +```yaml + suitecrm: + ... + environment: + - SUITECRM_DATABASE_USER=bn_suitecrm + - SUITECRM_DATABASE_NAME=bitnami_suitecrm + - ALLOW_EMPTY_PASSWORD=yes + - SUITECRM_SMTP_HOST=smtp.gmail.com + - SUITECRM_SMTP_PROTOCOL=tls + - SUITECRM_SMTP_PORT=587 + - SUITECRM_SMTP_USER=your_email@gmail.com + - SUITECRM_SMTP_PASSWORD=your_password + ... +``` + +* For manual execution: + + ```console + docker run -d --name suitecrm -p 80:8080 -p 443:8443 \ + --env SUITECRM_DATABASE_USER=bn_suitecrm \ + --env SUITECRM_DATABASE_NAME=bitnami_suitecrm \ + --env SUITECRM_SMTP_HOST=smtp.gmail.com \ + --env SUITECRM_SMTP_PORT=587 \ + --env SUITECRM_SMTP_PROTOCOL=tls \ + --env SUITECRM_SMTP_USER=your_email@gmail.com \ + --env SUITECRM_SMTP_PASSWORD=your_password \ + --network suitecrm-tier \ + --volume /path/to/suitecrm-persistence:/bitnami \ + bitnami/suitecrm:latest + ``` + +## Logging + +The Bitnami SuiteCRM Docker image sends the container logs to `stdout`. To view the logs: + +```console +docker logs suitecrm +``` + +Or using Docker Compose: + +```console +docker-compose logs suitecrm +``` + +You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver. + +## Maintenance + +### Backing up your container + +To backup your data, configuration and logs, follow these simple steps: + +#### Step 1: Stop the currently running container + +```console +docker stop suitecrm +``` + +Or using Docker Compose: + +```console +docker-compose stop suitecrm +``` + +#### Step 2: Run the backup command + +We need to mount two volumes in a container we will use to create the backup: a directory on your host to store the backup in, and the volumes from the container we just stopped so we can access the data. + +```console +docker run --rm -v /path/to/suitecrm-backups:/backups --volumes-from suitecrm busybox \ + cp -a /bitnami/suitecrm /backups/latest +``` + +### Restoring a backup + +Restoring a backup is as simple as mounting the backup as volumes in the containers. + +For the MariaDB database container: + +```diff + $ docker run -d --name mariadb \ + ... +- --volume /path/to/mariadb-persistence:/bitnami/mariadb \ ++ --volume /path/to/mariadb-backups/latest:/bitnami/mariadb \ + bitnami/mariadb:latest +``` + +For the SuiteCRM container: + +```diff + $ docker run -d --name suitecrm \ + ... +- --volume /path/to/suitecrm-persistence:/bitnami/suitecrm \ ++ --volume /path/to/suitecrm-backups/latest:/bitnami/suitecrm \ + bitnami/suitecrm:latest +``` + +### Upgrade this image + +Bitnami provides up-to-date versions of MariaDB and SuiteCRM, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container. We will cover here the upgrade of the SuiteCRM container. For the MariaDB upgrade see: + +#### Step 1: Get the updated image + +```console +docker pull bitnami/suitecrm:latest +``` + +#### Step 2: Stop the running container + +Stop the currently running container using the command + +```console +docker-compose stop suitecrm +``` + +#### Step 3: Take a snapshot of the application state + +Follow the steps in [Backing up your container](#backing-up-your-container) to take a snapshot of the current application state. + +#### Step 4: Remove the currently running container + +Remove the currently running container by executing the following command: + +```console +docker-compose rm -v suitecrm +``` + +#### Step 5: Run the new image + +Update the image tag in `docker-compose.yml` and re-create your container with the new image: + +```console +docker-compose up -d +``` + +## Customize this image + +The Bitnami SuiteCRM Docker image is designed to be extended so it can be used as the base image for your custom web applications. + +### Extend this image + +Before extending this image, please note there are certain configuration settings you can modify using the original image: + +* Settings that can be adapted using environment variables. For instance, you can change the ports used by Apache for HTTP and HTTPS, by setting the environment variables `APACHE_HTTP_PORT_NUMBER` and `APACHE_HTTPS_PORT_NUMBER` respectively. +* [Adding custom virtual hosts](https://github.com/bitnami/containers/blob/main/bitnami/apache#adding-custom-virtual-hosts). +* [Replacing the 'httpd.conf' file](https://github.com/bitnami/containers/blob/main/bitnami/apache#full-configuration). +* [Using custom SSL certificates](https://github.com/bitnami/containers/blob/main/bitnami/apache#using-custom-ssl-certificates). + +If your desired customizations cannot be covered using the methods mentioned above, extend the image. To do so, create your own image using a Dockerfile with the format below: + +```Dockerfile +FROM bitnami/suitecrm +## Put your customizations below +... +``` + +## Example 1 + +Here is an example of extending the image with the following modifications: + +* Install the `vim` editor +* Modify the Apache configuration file +* Modify the ports used by Apache + +```Dockerfile +FROM bitnami/suitecrm + +## Install 'vim' +RUN install_packages vim + +## Enable mod_ratelimit module +RUN sed -i -r 's/#LoadModule ratelimit_module/LoadModule ratelimit_module/' /opt/bitnami/apache/conf/httpd.conf + +## Modify the ports used by Apache by default +# It is also possible to change these environment variables at runtime +ENV APACHE_HTTP_PORT_NUMBER=8181 +ENV APACHE_HTTPS_PORT_NUMBER=8143 +EXPOSE 8181 8143 +``` + +Based on the extended image, you can update the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/suitecrm/docker-compose.yml) file present in this repository to add other features: + +```diff + suitecrm: +- image: bitnami/suitecrm:latest ++ build: . + ports: +- - '80:8080' +- - '443:8443' ++ - '80:8181' ++ - '443:8143' + environment: ++ - PHP_MEMORY_LIMIT=512m + ... +``` + +## Example 2: Add SuiteCRM API support + +```Dockerfile +FROM bitnami/suitecrm +## Install keys +RUN openssl genrsa -out /opt/bitnami/suitecrm/Api/V8/OAuth2/private.key 2048 && \ + openssl rsa -in /opt/bitnami/suitecrm/Api/V8/OAuth2/private.key -pubout -out /opt/bitnami/suitecrm/Api/V8/OAuth2/public.key && \ + chmod 640 /opt/bitnami/suitecrm/Api/V8/OAuth2/private.key && \ + chgrp daemon /opt/bitnami/suitecrm/Api/V8/OAuth2/private.key /opt/bitnami/suitecrm/Api/V8/OAuth2/public.key +``` + +## Notable Changes + +### 7.11.18-debian-10-r13 + +* The size of the container image has been decreased. +* The configuration logic is now based on Bash scripts in the *rootfs/* folder. +* `SUITECRM_HTTP_TIMEOUT` environment variable has been removed. +* The SuiteCRM container now supports the "non-root" user approach, but it still runs as the root user by default. When running as a non-root user, all services will be run under the same user and Cron jobs will be disabled as crond requires to be run as a superuser. To run as a non-root user, change USER root to USER 1001 in the Dockerfile, or use user: 1001 in docker-compose.yml. Related changes: +* The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. +* Backwards compatibility is not guaranteed when data is persisted using docker or docker-compose. We highly recommend migrating the SuiteCRM site by exporting its content, and importing it on a new SuiteCRM container. + +To upgrade a deployment with the previous Bitnami SuiteCRM container image, which did not support non-root, the easiest way is to start the new image as a *root* user and updating the port numbers. Modify your `docker-compose.yml` file as follows: + +```diff + - ALLOW_EMPTY_PASSWORD=yes ++ user: root + ports: +- - '80:80' +- - '443:443' ++ - '80:8080' ++ - '443:8443' + volumes: +``` + +### 7.11.4-debian-9-r21 and 7.11.4-ol-7-r32 + +* This image has been adapted so it's easier to customize. See the [Customize this image](#customize-this-image) section for more information. +* The Apache configuration volume (`/bitnami/apache`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the Apache configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom Apache configuration files are advised to mount a volume for the configuration at `/opt/bitnami/apache/conf`, or mount specific configuration files individually. +* The PHP configuration volume (`/bitnami/php`) has been deprecated, and support for this feature will be dropped in the near future. Until then, the container will enable the PHP configuration from that volume if it exists. By default, and if the configuration volume does not exist, the configuration files will be regenerated each time the container is created. Users wanting to apply custom PHP configuration files are advised to mount a volume for the configuration at `/opt/bitnami/php/conf`, or mount specific configuration files individually. +* Enabling custom Apache certificates by placing them at `/opt/bitnami/apache/certs` has been deprecated, and support for this functionality will be dropped in the near future. Users wanting to enable custom certificates are advised to mount their certificate files on top of the preconfigured ones at `/certs`. + +### 7.10.10-debian-9-r18 and 7.10.10-ol-7-r24 + +* Due to several broken SuiteCRM features and plugins, the entire `htdocs` directory is now being persisted (instead of a select number of files and directories). Because of this, upgrades will not work and a full migration needs to be performed. Upgrade instructions have been updated to reflect these changes. + +## Contributing + +We'd love for you to contribute to this container. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution. + +## Issues + +If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template. + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..37e423f --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,37 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +version: '2' +services: + mariadb: + image: docker.io/bitnami/mariadb:11.4 + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - MARIADB_USER=bn_suitecrm + - MARIADB_DATABASE=bitnami_suitecrm + - MARIADB_PASSWORD=bitnami123 + volumes: + - 'mariadb_data:/bitnami/mariadb' + suitecrm: + image: docker.io/bitnami/suitecrm:8 + ports: + - '80:8080' + - '443:8443' + environment: + - SUITECRM_DATABASE_HOST=mariadb + - SUITECRM_DATABASE_PORT_NUMBER=3306 + - SUITECRM_DATABASE_USER=bn_suitecrm + - SUITECRM_DATABASE_NAME=bitnami_suitecrm + - SUITECRM_DATABASE_PASSWORD=bitnami123 + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + volumes: + - 'suitecrm_data:/bitnami/suitecrm' + depends_on: + - mariadb +volumes: + mariadb_data: + driver: local + suitecrm_data: + driver: local