[bitnami/harbor-adapter-trivy] Release 2.6.2-debian-11-r5 (#16553)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2022-12-10 23:51:22 +01:00 · 2022-12-10 23:51:22 +01:00 · 05a09b5d7d
parent 679618dcea
commit 05a09b5d7d
7 changed files with 525 additions and 17 deletions
--- a/bitnami/harbor-adapter-trivy/2/debian-11/Dockerfile
+++ b/bitnami/harbor-adapter-trivy/2/debian-11/Dockerfile
@ -4,7 +4,7 @@ ARG TARGETARCH

 LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
      org.opencontainers.image.description="Application packaged by Bitnami" \
-      org.opencontainers.image.ref.name="2.6.2-debian-11-r4" \
+      org.opencontainers.image.ref.name="2.6.2-debian-11-r5" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/harbor-adapter-trivy" \
      org.opencontainers.image.title="harbor-adapter-trivy" \
      org.opencontainers.image.vendor="VMware, Inc." \
--- a/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy-env.sh
+++ b/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy-env.sh
@ -40,9 +40,12 @@ done
 unset harbor_adapter_trivy_env_vars

 # Paths
-export SCANNER_TRIVY_VOLUME_DIR="${SCANNER_TRIVY_VOLUME_DIR:-/bitnami/harbor-adapter-trivy}"
+export SCANNER_TRIVY_BASE_DIR="${BITNAMI_ROOT_DIR}/harbor-adapter-trivy"
+export SCANNER_TRIVY_VOLUME_DIR="${SCANNER_TRIVY_VOLUME_DIR:-${BITNAMI_VOLUME_DIR}/harbor-adapter-trivy}"
 export SCANNER_TRIVY_CACHE_DIR="${SCANNER_TRIVY_CACHE_DIR:-${SCANNER_TRIVY_VOLUME_DIR}/.cache/trivy}"
 export SCANNER_TRIVY_REPORTS_DIR="${SCANNER_TRIVY_REPORTS_DIR:-${SCANNER_TRIVY_VOLUME_DIR}/.cache/reports}"
+
+# System users
 export SCANNER_TRIVY_DAEMON_USER="trivy-scanner"
 export SCANNER_TRIVY_DAEMON_GROUP="trivy-scanner"

--- a/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy/entrypoint.sh
+++ b/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy/entrypoint.sh
@ -5,7 +5,7 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-#set -o xtrace
+# set -o xtrace # Uncomment this line for debugging purposes

 # Load libraries
 . /opt/bitnami/scripts/libbitnami.sh
@ -15,9 +15,9 @@ set -o pipefail
 print_welcome_page

 if [[ "$*" = *"/opt/bitnami/scripts/harbor-adapter-trivy/run.sh"* ]]; then
-    info "** Starting Harbor Adapter Trivy setup **"
+    info "** Starting harbor-adapter-trivy setup **"
    /opt/bitnami/scripts/harbor-adapter-trivy/setup.sh
-    info "** Harbor Adapter Trivy setup finished! **"
+    info "** harbor-adapter-trivy setup finished! **"
 fi

 echo ""
--- a/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy/postunpack.sh
+++ b/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy/postunpack.sh
@ -5,20 +5,26 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-# set -o xtrace
+# set -o xtrace # Uncomment this line for debugging purposes

 # Load libraries
 . /opt/bitnami/scripts/libfs.sh
-. /opt/bitnami/scripts/harbor-adapter-trivy-env.sh
+. /opt/bitnami/scripts/libos.sh
+. /opt/bitnami/scripts/libservice.sh
 . /opt/bitnami/scripts/libharbor.sh

+# Load environment
+. /opt/bitnami/scripts/harbor-adapter-trivy-env.sh
+
+ensure_user_exists "$SCANNER_TRIVY_DAEMON_USER" --group "$SCANNER_TRIVY_DAEMON_GROUP"
+
+# Ensure a set of directories exist and the non-root user has write privileges to them
 read -r -a directories <<<"$(get_system_cert_paths)"
 directories+=("$SCANNER_TRIVY_CACHE_DIR" "$SCANNER_TRIVY_REPORTS_DIR")
-
-# Create directories
 for dir in "${directories[@]}"; do
    ensure_dir_exists "$dir"
    chmod -R g+rwX "$dir"
+    chown -R "$SCANNER_TRIVY_DAEMON_USER" "$dir"
 done

 # Fix for CentOS Internal TLS
--- a/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy/run.sh
+++ b/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy/run.sh
@ -5,18 +5,20 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-# set -o xtrace
+# set -o xtrace # Uncomment this line for debugging purposes

 # Load libraries
 . /opt/bitnami/scripts/liblog.sh
 . /opt/bitnami/scripts/libos.sh
+
+# Load harbor-adapter-trivy environment
 . /opt/bitnami/scripts/harbor-adapter-trivy-env.sh

-cmd=$(command -v scanner-trivy)
+CMD="$(command -v scanner-trivy)"

-info "** Starting Harbor Adapter Trivy **"
+info "** Starting harbor-adapter-trivy **"
 if am_i_root; then
-    exec gosu "$SCANNER_TRIVY_DAEMON_USER" "$cmd" "$@"
+    exec gosu "$SCANNER_TRIVY_DAEMON_USER" "$CMD" "$@"
 else
-    exec "$cmd" "$@"
+    exec "$CMD" "$@"
 fi
--- a/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy/setup.sh
+++ b/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/harbor-adapter-trivy/setup.sh
@ -5,14 +5,16 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-# set -o xtrace
+# set -o xtrace # Uncomment this line for debugging purposes

 # Load libraries
 . /opt/bitnami/scripts/libfs.sh
 . /opt/bitnami/scripts/libos.sh
-. /opt/bitnami/scripts/harbor-adapter-trivy-env.sh
 . /opt/bitnami/scripts/libharbor.sh

+# Load environment
+. /opt/bitnami/scripts/harbor-adapter-trivy-env.sh
+
 # Create directories
 for dir in "$SCANNER_TRIVY_CACHE_DIR" "$SCANNER_TRIVY_REPORTS_DIR"; do
    ensure_dir_exists "$dir"
--- a/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh
+++ b/bitnami/harbor-adapter-trivy/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh
@ -6,6 +6,8 @@

 # Load Generic Libraries
 . /opt/bitnami/scripts/liblog.sh
+. /opt/bitnami/scripts/libos.sh
+. /opt/bitnami/scripts/libservice.sh

 ########################
 # Get the paths relevant to CA certs depending
@ -76,7 +78,6 @@ install_cert() {
 #   None
 #########################
 install_custom_certs() {
-
    local installed=false

    # Install any internalTLS CA authority certificate, found under
@ -117,3 +118,497 @@ install_custom_certs() {
        info "No custom certificates were installed in the system"
    fi
 }
+
+########################
+# Generate an .env file contents given an input string containing all envvars
+# Arguments:
+#   None
+# Returns:
+#   String
+#########################
+harbor_generate_env_file_contents() {
+    local -r envvars_string="${1:?missing envvars}"
+    echo "#!/bin/bash"
+    while IFS= read -r ENV_VAR_LINE; do
+        if [[ ! "$ENV_VAR_LINE" =~ ^[A-Z_] ]]; then
+            continue
+        fi
+        ENV_VAR_NAME="${ENV_VAR_LINE/=*}"
+        ENV_VAR_VALUE="${ENV_VAR_LINE#*=}"
+        # Use single quotes to avoid shell expansion, and escape to be parsed properly (even if it contains quotes)
+        # Escape the value, so it can be parsed as a variable even with quotes set
+        echo "export ${ENV_VAR_NAME}='${ENV_VAR_VALUE//\'/\'\\\'\'}'"
+    done <<< "$envvars_string"
+}
+
+########################
+# Print harbor-core runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_core_print_env() {
+    # The CSRF key can only be up to 32 characters long
+    HARBOR_CORE_CFG_CSRF_KEY="${HARBOR_CORE_CFG_CSRF_KEY:0:32}"
+    for var in "${!HARBOR_CORE_CFG_@}"; do
+        echo "${var/HARBOR_CORE_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-core is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_core_running() {
+    # harbor-core does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v harbor_core)" > "$HARBOR_CORE_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_CORE_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-core is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_core_not_running() {
+    ! is_harbor_core_running
+}
+
+########################
+# Stop harbor-core
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_core_stop() {
+    ! is_harbor_core_running && return
+    stop_service_using_pid "$HARBOR_CORE_PID_FILE"
+}
+
+########################
+# Print harbor-jobservice runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_jobservice_print_env() {
+    for var in "${!HARBOR_JOBSERVICE_CFG_@}"; do
+        echo "${var/HARBOR_JOBSERVICE_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-jobservice is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_jobservice_running() {
+    # harbor-jobservice does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v harbor_jobservice)" > "$HARBOR_JOBSERVICE_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_JOBSERVICE_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-jobservice is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_jobservice_not_running() {
+    ! is_harbor_jobservice_running
+}
+
+########################
+# Stop harbor-jobservice
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_jobservice_stop() {
+    ! is_harbor_jobservice_running && return
+    stop_service_using_pid "$HARBOR_JOBSERVICE_PID_FILE"
+}
+
+########################
+# Print harbor-notary-server runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_notary_server_print_env() {
+    if [[ -n "${HARBOR_NOTARY_SERVER_DATABASE_NAME:-}" ]]; then
+        HARBOR_NOTARY_SERVER_CFG_DB_URL="postgres://${HARBOR_NOTARY_SERVER_DATABASE_USERNAME:-}:${HARBOR_NOTARY_SERVER_DATABASE_PASSWORD:-}@${HARBOR_NOTARY_SERVER_DATABASE_HOST:-127.0.0.1}:${HARBOR_NOTARY_SERVER_DATABASE_PORT_NUMBER:-5432}/${HARBOR_NOTARY_SERVER_DATABASE_NAME}?sslmode=${HARBOR_NOTARY_SERVER_DATABASE_SSLMODE:-disable}"
+    fi
+    for var in "${!HARBOR_NOTARY_SERVER_CFG_@}"; do
+        echo "${var/HARBOR_NOTARY_SERVER_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-notary-server is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_notary_server_running() {
+    # harbor-notary-server does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v notary-server)" > "$HARBOR_NOTARY_SERVER_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_NOTARY_SERVER_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-notary-server is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_notary_server_not_running() {
+    ! is_harbor_notary_server_running
+}
+
+########################
+# Stop harbor-notary-server
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_notary_server_stop() {
+    ! is_harbor_notary_server_running && return
+    stop_service_using_pid "$HARBOR_NOTARY_SERVER_PID_FILE"
+}
+
+########################
+# Print harbor-notary-signer runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_notary_signer_print_env() {
+    if [[ -n "${HARBOR_NOTARY_SIGNER_DATABASE_NAME:-}" ]]; then
+        HARBOR_NOTARY_SIGNER_CFG_DB_URL="postgres://${HARBOR_NOTARY_SIGNER_DATABASE_USERNAME:-}:${HARBOR_NOTARY_SIGNER_DATABASE_PASSWORD:-}@${HARBOR_NOTARY_SIGNER_DATABASE_HOST:-127.0.0.1}:${HARBOR_NOTARY_SIGNER_DATABASE_PORT_NUMBER:-5432}/${HARBOR_NOTARY_SIGNER_DATABASE_NAME}?sslmode=${HARBOR_NOTARY_SIGNER_DATABASE_SSLMODE:-disable}"
+    fi
+    for var in "${!HARBOR_NOTARY_SIGNER_CFG_@}"; do
+        echo "${var/HARBOR_NOTARY_SIGNER_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-notary-signer is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_notary_signer_running() {
+    # harbor-notary-signer does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v notary-signer)" > "$HARBOR_NOTARY_SIGNER_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_NOTARY_SIGNER_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-notary-signer is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_notary_signer_not_running() {
+    ! is_harbor_notary_signer_running
+}
+
+########################
+# Stop harbor-notary-signer
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_notary_signer_stop() {
+    ! is_harbor_notary_signer_running && return
+    stop_service_using_pid "$HARBOR_NOTARY_SIGNER_PID_FILE"
+}
+
+########################
+# Print harbor-registry runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_registry_print_env() {
+    if [[ -n "$HARBOR_REGISTRY_USER" && -n "$HARBOR_REGISTRY_PASSWORD" ]]; then
+        HARBOR_REGISTRY_CFG_REGISTRY_HTPASSWD="$(htpasswd -nbBC10 "$HARBOR_REGISTRY_USER" "$HARBOR_REGISTRY_PASSWORD")"
+        # Update passwd file
+        echo "$HARBOR_REGISTRY_CFG_REGISTRY_HTPASSWD" >/etc/registry/passwd
+    fi
+    for var in "${!HARBOR_REGISTRY_CFG_@}"; do
+        echo "${var/HARBOR_REGISTRY_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-registry is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_registry_running() {
+    # harbor-registry does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v registry)" > "$HARBOR_REGISTRY_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_REGISTRY_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-registry is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_registry_not_running() {
+    ! is_harbor_registry_running
+}
+
+########################
+# Stop harbor-registry
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_registry_stop() {
+    ! is_harbor_registry_running && return
+    stop_service_using_pid "$HARBOR_REGISTRY_PID_FILE"
+}
+
+########################
+# Print harbor-registryctl runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_registryctl_print_env() {
+    if [[ -n "$HARBOR_REGISTRYCTL_USER" && -n "$HARBOR_REGISTRYCTL_PASSWORD" ]]; then
+        HARBOR_REGISTRYCTL_CFG_REGISTRY_HTPASSWD="$(htpasswd -nbBC10 "$HARBOR_REGISTRYCTL_USER" "$HARBOR_REGISTRYCTL_PASSWORD")"
+        # Update passwd file
+        echo "$HARBOR_REGISTRYCTL_CFG_REGISTRY_HTPASSWD" >/etc/registry/passwd
+    fi
+    for var in "${!HARBOR_REGISTRYCTL_CFG_@}"; do
+        echo "${var/HARBOR_REGISTRYCTL_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-registryctl is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_registryctl_running() {
+    # harbor-registryctl does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v harbor_registryctl)" > "$HARBOR_REGISTRYCTL_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_REGISTRYCTL_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-registryctl is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_registryctl_not_running() {
+    ! is_harbor_registryctl_running
+}
+
+########################
+# Stop harbor-registryctl
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_registryctl_stop() {
+    ! is_harbor_registryctl_running && return
+    stop_service_using_pid "$HARBOR_REGISTRYCTL_PID_FILE"
+    # The service may not respond properly to the default kill signal, so send a SIGKILL if it fails
+    local -r retries=5
+    local -r sleep_time=1
+    if ! retry_while "is_harbor_registryctl_not_running" "$retries" "$sleep_time"; then
+        stop_service_using_pid "$HARBOR_REGISTRYCTL_PID_FILE" SIGKILL
+    fi
+}
+
+########################
+# Print harbor-adapter-trivy runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_adapter_trivy_print_env() {
+    for var in "${!SCANNER_TRIVY_CFG_@}"; do
+        echo "${var/SCANNER_TRIVY_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-adapter-trivy is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_adapter_trivy_running() {
+    # harbor-adapter-trivy does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v scanner-trivy)" > "$SCANNER_TRIVY_PID_FILE"
+
+    pid="$(get_pid_from_file "$SCANNER_TRIVY_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-adapter-trivy is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_adapter_trivy_not_running() {
+    ! is_harbor_adapter_trivy_running
+}
+
+########################
+# Stop harbor-adapter-trivy
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_adapter_trivy_stop() {
+    ! is_harbor_adapter_trivy_running && return
+    stop_service_using_pid "$SCANNER_TRIVY_PID_FILE"
+}
+
+########################
+# Print chartmuseum runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+chartmuseum_print_env() {
+    for var in "${!CHARTMUSEUM_CFG_@}"; do
+        echo "${var/CHARTMUSEUM_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if chartmuseum is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_chartmuseum_running() {
+    # chartmuseum does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v chartmuseum)" > "$CHARTMUSEUM_PID_FILE"
+
+    pid="$(get_pid_from_file "$CHARTMUSEUM_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if chartmuseum is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_chartmuseum_not_running() {
+    ! is_chartmuseum_running
+}
+
+########################
+# Stop chartmuseum
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+chartmuseum_stop() {
+    ! is_chartmuseum_running && return
+    stop_service_using_pid "$CHARTMUSEUM_PID_FILE"
+}