diff --git a/Dockerfile.rocky8 b/Dockerfile.rocky8 index ef8e6bd4..01965dc5 100755 --- a/Dockerfile.rocky8 +++ b/Dockerfile.rocky8 @@ -637,12 +637,14 @@ RUN useradd -l -u $UID -g $GID -ms /bin/bash $USER ENV MIG_ROOT=/home/$USER ENV WEB_DIR=/etc/httpd ENV CERT_DIR=$WEB_DIR/MiG-certificates +ENV HOTFIXES_DIR=/hotfixes USER root -RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} \ +RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} ${HOTFIXES_DIR} \ && chown $USER:$GROUP ${CERT_DIR} \ - && chmod 775 ${CERT_DIR} + && chmod 775 ${CERT_DIR} \ + && chmod 700 ${HOTFIXES_DIR} #------------------------- next stage -----------------------------# # Certs and keys @@ -1748,6 +1750,7 @@ ENTRYPOINT ["/tini", "--"] # NOTE: it's recommended to use COPY over ADD except when URL/unpack is needed COPY docker-entry.sh /app/docker-entry.sh +COPY apply-hotfixes.sh /app/apply-hotfixes.sh COPY migrid-httpd.env /app/migrid-httpd.env COPY migrid-httpd-init.sh /app/migrid-httpd-init.sh COPY apache-init-helper /etc/init.d/apache-minimal @@ -1756,7 +1759,7 @@ RUN sed "s/#LANG=.*/LANG=${LANG}/g" /app/migrid-httpd-init.sh > /etc/sysconfig/a RUN grep LANG /etc/sysconfig/apache-minimal > /etc/sysconfig/migrid COPY rsyslog-init-helper /etc/init.d/rsyslog-minimal RUN chown $USER:$GROUP /app/docker-entry.sh \ - && chmod +x /app/docker-entry.sh + && chmod +x /app/docker-entry.sh /app/apply-hotfixes.sh USER root WORKDIR /app diff --git a/Dockerfile.rocky9 b/Dockerfile.rocky9 index f15f837f..e397b872 100755 --- a/Dockerfile.rocky9 +++ b/Dockerfile.rocky9 @@ -596,12 +596,14 @@ RUN useradd -l -u $UID -g $GID -ms /bin/bash $USER ENV MIG_ROOT=/home/$USER ENV WEB_DIR=/etc/httpd ENV CERT_DIR=$WEB_DIR/MiG-certificates +ENV HOTFIXES_DIR=/hotfixes USER root -RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} \ +RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} ${HOTFIXES_DIR} \ && chown $USER:$GROUP ${CERT_DIR} \ - && chmod 775 ${CERT_DIR} + && chmod 775 ${CERT_DIR} \ + && chmod 700 ${HOTFIXES_DIR} #------------------------- next stage -----------------------------# # Certs and keys @@ -1635,6 +1637,7 @@ ENTRYPOINT ["/tini", "--"] # NOTE: it's recommended to use COPY over ADD except when URL/unpack is needed COPY docker-entry.sh /app/docker-entry.sh +COPY apply-hotfixes.sh /app/apply-hotfixes.sh COPY migrid-httpd.env /app/migrid-httpd.env COPY migrid-httpd-init.sh /app/migrid-httpd-init.sh COPY apache-init-helper /etc/init.d/apache-minimal @@ -1643,7 +1646,7 @@ RUN sed "s/#LANG=.*/LANG=${LANG}/g" /app/migrid-httpd-init.sh > /etc/sysconfig/a RUN grep LANG /etc/sysconfig/apache-minimal > /etc/sysconfig/migrid COPY rsyslog-init-helper /etc/init.d/rsyslog-minimal RUN chown $USER:$GROUP /app/docker-entry.sh \ - && chmod +x /app/docker-entry.sh + && chmod +x /app/docker-entry.sh /app/apply-hotfixes.sh USER root WORKDIR /app diff --git a/Makefile b/Makefile index 61998fd8..0b4836f2 100755 --- a/Makefile +++ b/Makefile @@ -133,6 +133,7 @@ initdirs: initcomposevars mkdir -p ${PERSISTENT_ROOT}/wwwpublic-vgrid mkdir -p ${PERSISTENT_ROOT}/wwwpublic-download mkdir -p ${PERSISTENT_ROOT}/secrets + mkdir -p ${PERSISTENT_ROOT}/hotfixes/{scripts,patches} mkdir -p ${PERSISTENT_ROOT}/mig-server-extconfs mkdir -p ${LOG_ROOT}/miglog mkdir -p ${LOG_ROOT}/syslog/migrid diff --git a/apply-hotfixes.sh b/apply-hotfixes.sh new file mode 100755 index 00000000..6d27fea6 --- /dev/null +++ b/apply-hotfixes.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# +# Apply all hot-fixes in specified folder + +APPLIED_DIR="/tmp/hotfixes-applied" +HOTFIXES_DIR="${HOTFIXES_DIR:-/hotfixes}" +if [ $# -gt 0 ]; then + HOTFIXES_DIR="$1" +fi +PATCH_SOURCE="${HOTFIXES_DIR}/patches" +SCRIPT_SOURCE="${HOTFIXES_DIR}/scripts" +PATCHES_APPLIED="${APPLIED_DIR}/patches" +SCRIPTS_APPLIED="${APPLIED_DIR}/scripts" + +if [ -d "${HOTFIXES_DIR}" ]; then + #echo "DEBUG: Applying hot-fixes available in ${HOTFIXES_DIR}" + mkdir -p ${PATCHES_APPLIED} ${SCRIPTS_APPLIED} + if [ -d "${PATCH_SOURCE}" ]; then + #echo "DEBUG: Applying any patches available in ${PATCH_SOURCE}" + for PATCH_PATH in "${PATCH_SOURCE}"/* ; do + PATCH_NAME=$(basename "${PATCH_PATH}") + if [ ! -f "${PATCH_PATH}" ]; then + # skip anything but files + continue + fi + if [ -f "${PATCHES_APPLIED}/${PATCH_NAME}" ]; then + echo "Skip already applied patch: ${PATCH_NAME}" + else + #echo "DEBUG: applying patch ${PATCH_PATH}" + patch -d / -p0 < "${PATCH_PATH}" && \ + cp "${PATCH_PATH}" "${PATCHES_APPLIED}/" + fi + done + fi + if [ -d "${SCRIPT_SOURCE}" ]; then + #echo "DEBUG: Applying any scripts available in ${SCRIPT_SOURCE}" + for SCRIPT_PATH in "${SCRIPT_SOURCE}"/* ; do + SCRIPT_NAME=$(basename "${SCRIPT_PATH}") + if [ ! -f "${SCRIPT_PATH}" ]; then + # skip anything but files + continue + fi + if [ -f "${SCRIPTS_APPLIED}/${SCRIPT_NAME}" ]; then + echo "Skip already applied script: ${SCRIPT_NAME}" + else + #echo "DEBUG: running script ${SCRIPT_PATH}" + ${SCRIPT_PATH} && \ + cp "${SCRIPT_PATH}" "${SCRIPTS_APPLIED}/" + fi + done + fi + #echo "DEBUG: Applied hot-fixes available in ${HOTFIXES_DIR}" + exit 0 +else + echo "WARNING: no such hot-fixes folder ${HOTFIXES_DIR}" + exit 1 +fi + diff --git a/docker-compose_development.yml b/docker-compose_development.yml index a22e9d86..bc800f82 100644 --- a/docker-compose_development.yml +++ b/docker-compose_development.yml @@ -1,5 +1,5 @@ # docker-compose version -version: '3.7' +version: "3.7" services: devmail: @@ -21,7 +21,7 @@ services: image: ${CONTAINER_REGISTRY}/ruudud/devdns container_name: devdns ports: - - "127.0.0.1:53:53/udp" + - "127.0.0.1:53:53/udp" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: @@ -43,7 +43,7 @@ services: # Available target service names follow migrid init script and are: # httpd script monitor sshmux events cron transfers janitor # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy - RUN_SERVICES: + RUN_SERVICES: volumes: - type: volume source: httpd @@ -51,6 +51,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -114,6 +117,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -169,7 +175,7 @@ services: migrid-volume-init: condition: service_completed_successfully ports: - # NOTE: expose the unique raw port(s) to host + # NOTE: expose the unique raw port(s) to host - "${OPENID_PORT}:${OPENID_PORT}" networks: default: @@ -182,6 +188,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -222,7 +231,7 @@ services: migrid-volume-init: condition: service_completed_successfully ports: - # NOTE: expose the unique raw port(s) to host + # NOTE: expose the unique raw port(s) to host - "${SFTP_PORT}:${SFTP_PORT}" - "${SFTP_SUBSYS_PORT}:${SFTP_SUBSYS_PORT}" networks: @@ -236,6 +245,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -298,6 +310,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -342,7 +357,7 @@ services: migrid-volume-init: condition: service_completed_successfully ports: - # NOTE: expose the unique raw port(s) to host + # NOTE: expose the unique raw port(s) to host - "${DAVS_PORT}:${DAVS_PORT}" networks: default: @@ -355,6 +370,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -397,7 +415,7 @@ services: migrid: condition: service_started ports: - # NOTE: expose the unique raw port(s) to host + # NOTE: expose the unique raw port(s) to host - "80:80" - "443:443" - "444:444" @@ -446,6 +464,14 @@ volumes: device: ${DOCKER_MIGRID_ROOT}/mig o: bind + hotfixes: + # Volume used to contain the optional additional container hotfixes + driver: local + driver_opts: + type: none + device: ${PERSISTENT_ROOT}/hotfixes + o: bind + mig-server-extconfs: # Volume used to contain the optional additional mig server config snippets driver: local diff --git a/docker-compose_development_gdp.yml b/docker-compose_development_gdp.yml index 17b1414e..544c0f2a 100644 --- a/docker-compose_development_gdp.yml +++ b/docker-compose_development_gdp.yml @@ -1,5 +1,5 @@ # docker-compose version -version: '3.7' +version: "3.7" services: devmail: @@ -21,7 +21,7 @@ services: image: ${CONTAINER_REGISTRY}/ruudud/devdns container_name: devdns ports: - - "127.0.0.1:53:53/udp" + - "127.0.0.1:53:53/udp" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: @@ -43,7 +43,7 @@ services: # Available target service names follow migrid init script and are: # httpd script monitor sshmux events cron transfers janitor # openid sftp sftpsubsys webdavs ftps notify imnotify vmproxy - RUN_SERVICES: + RUN_SERVICES: volumes: - type: volume source: httpd @@ -51,6 +51,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -114,6 +117,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -173,7 +179,7 @@ services: migrid-volume-init: condition: service_completed_successfully ports: - # NOTE: expose the unique raw port(s) to host + # NOTE: expose the unique raw port(s) to host - "${OPENID_PORT}:${OPENID_PORT}" networks: default: @@ -186,6 +192,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -226,7 +235,7 @@ services: migrid-volume-init: condition: service_completed_successfully ports: - # NOTE: expose the unique raw port(s) to host + # NOTE: expose the unique raw port(s) to host - "${SFTP_PORT}:${SFTP_PORT}" - "${SFTP_SUBSYS_PORT}:${SFTP_SUBSYS_PORT}" networks: @@ -240,6 +249,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -302,6 +314,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -346,7 +361,7 @@ services: migrid-volume-init: condition: service_completed_successfully ports: - # NOTE: expose the unique raw port(s) to host + # NOTE: expose the unique raw port(s) to host - "${DAVS_PORT}:${DAVS_PORT}" networks: default: @@ -359,6 +374,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -401,7 +419,7 @@ services: migrid: condition: service_started ports: - # NOTE: expose the unique raw port(s) to host + # NOTE: expose the unique raw port(s) to host - "80:80" - "443:443" - "444:444" @@ -450,6 +468,14 @@ volumes: device: ${DOCKER_MIGRID_ROOT}/mig o: bind + hotfixes: + # Volume used to contain the optional additional container hotfixes + driver: local + driver_opts: + type: none + device: ${PERSISTENT_ROOT}/hotfixes + o: bind + mig-server-extconfs: # Volume used to contain the optional additional mig server config snippets driver: local diff --git a/docker-compose_production.yml b/docker-compose_production.yml index fe7e9aa6..307c5e02 100644 --- a/docker-compose_production.yml +++ b/docker-compose_production.yml @@ -41,6 +41,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -95,6 +98,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -243,6 +249,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -386,6 +395,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -528,6 +540,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -670,6 +685,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -812,6 +830,9 @@ services: - type: volume source: mig target: /home/mig/mig + - type: volume + source: hotfixes + target: /hotfixes - type: volume source: mig-server-extconfs target: /home/mig/mig/server/MiGserver.d @@ -891,6 +912,14 @@ volumes: device: ${DOCKER_MIGRID_ROOT}/mig o: bind + hotfixes: + # Volume used to contain the optional additional container hotfixes + driver: local + driver_opts: + type: none + device: ${PERSISTENT_ROOT}/hotfixes + o: bind + mig-server-extconfs: # Volume used to contain the optional additional mig server config snippets driver: local diff --git a/docker-entry.sh b/docker-entry.sh index 3baf6be9..5bf58ffa 100755 --- a/docker-entry.sh +++ b/docker-entry.sh @@ -7,6 +7,7 @@ CHECKCONF=0 KEEPALIVE=0 VERSIONINFO=0 +APPLYHOTFIXES="/app/apply-hotfixes.sh" # Make sure requested timezone is actually used everywhere for consistent # log time stamps. @@ -46,6 +47,13 @@ if [ ! -d "${MIG_ROOT}" ]; then exit 1 fi +if [ ! -f "${APPLYHOTFIXES}" ]; then + echo "No hot-fix support available in ${APPLYHOTFIXES}" +else + echo "Apply hot-fixes with ${APPLYHOTFIXES}" + ${APPLYHOTFIXES} +fi + # Create any user requested while getopts cku:p:s:V option; do