[bitnami/ejbca] Release 7.11.0-debian-11-r27 (#31001)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2023-04-20 01:23:54 +02:00 · 2023-04-20 01:23:54 +02:00 · 099a4f647d
parent 8df95fb9ab
commit 099a4f647d
5 changed files with 107 additions and 19 deletions
--- a/bitnami/ejbca/7/debian-11/Dockerfile
+++ b/bitnami/ejbca/7/debian-11/Dockerfile
@ -4,10 +4,10 @@ ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
 ARG TARGETARCH

 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-04-16T20:58:15Z" \
+      org.opencontainers.image.created="2023-04-19T22:15:02Z" \
      org.opencontainers.image.description="Application packaged by VMware, Inc" \
      org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="7.11.0-debian-11-r26" \
+      org.opencontainers.image.ref.name="7.11.0-debian-11-r27" \
      org.opencontainers.image.title="ejbca" \
      org.opencontainers.image.vendor="VMware, Inc." \
      org.opencontainers.image.version="7.11.0"
@ -23,10 +23,9 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN install_packages acl ca-certificates curl libaio1 libaudit1 libcap-ng0 libgcc-s1 libicu67 liblzma5 libncurses6 libpam0g libssl1.1 libstdc++6 libtinfo6 libxml2 procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
    COMPONENTS=( \
-      "java-11.0.18-10-4-linux-${OS_ARCH}-debian-11" \
-      "wildfly-26.1.3-7-linux-${OS_ARCH}-debian-11" \
+      "java-11.0.19-7-0-linux-${OS_ARCH}-debian-11" \
+      "wildfly-26.1.3-9-linux-${OS_ARCH}-debian-11" \
      "mysql-client-10.6.12-4-linux-${OS_ARCH}-debian-11" \
-      "gosu-1.16.0-5-linux-${OS_ARCH}-debian-11" \
      "ejbca-7.11.0-4-linux-${OS_ARCH}-debian-11" \
    ) && \
    for COMPONENT in "${COMPONENTS[@]}"; do \
@ -49,7 +48,7 @@ RUN /opt/bitnami/scripts/java/postunpack.sh
 ENV APP_VERSION="7.11.0" \
    BITNAMI_APP_NAME="ejbca" \
    JAVA_HOME="/opt/bitnami/java" \
-    PATH="/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/mysql/bin:/opt/bitnami/common/bin:/opt/bitnami/ejbca/bin:$PATH"
+    PATH="/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/mysql/bin:/opt/bitnami/ejbca/bin:$PATH"

 EXPOSE 8009 8080 9990

--- a/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
@ -5,17 +5,11 @@
        "type": "NAMI",
        "version": "7.11.0-4"
    },
-    "gosu": {
-        "arch": "amd64",
-        "distro": "debian-11",
-        "type": "NAMI",
-        "version": "1.16.0-5"
-    },
    "java": {
        "arch": "amd64",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "11.0.18-10-4"
+        "version": "11.0.19-7-0"
    },
    "mysql-client": {
        "arch": "amd64",
@ -27,6 +21,6 @@
        "arch": "amd64",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "26.1.3-7"
+        "version": "26.1.3-9"
    }
 }
--- a/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
+++ b/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
@ -553,3 +553,98 @@ get_root_disk_device_id() {
 get_root_disk_size() {
    fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
 }
+
+########################
+# Run command as a specific user and group (optional)
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Returns:
+#   Exit code of the specified command
+#########################
+run_as_user() {
+    run_chroot "$@"
+}
+
+########################
+# Execute command as a specific user and group (optional),
+# replacing the current process image
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Returns:
+#   Exit code of the specified command
+#########################
+exec_as_user() {
+    run_chroot --replace-process "$@"
+}
+
+########################
+# Run a command using chroot
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Flags:
+#   -r | --replace-process - Replace the current process image (optional)
+# Returns:
+#   Exit code of the specified command
+#########################
+run_chroot() {
+    local userspec
+    local user
+    local homedir
+    local replace=false
+    local -r cwd="$(pwd)"
+
+    # Parse and validate flags
+    while [[ "$#" -gt 0 ]]; do
+        case "$1" in
+            -r | --replace-process)
+                replace=true
+                ;;
+            --)
+                shift
+                break
+                ;;
+            -*)
+                stderr_print "unrecognized flag $1"
+                return 1
+                ;;
+            *)
+                break
+                ;;
+        esac
+        shift
+    done
+
+    # Parse and validate arguments
+    if [[ "$#" -lt 2 ]]; then
+        echo "expected at least 2 arguments"
+        return 1
+    else
+        userspec=$1
+        shift
+
+        # userspec can optionally include the group, so we parse the user
+        user=$(echo "$userspec" | cut -d':' -f1)
+    fi
+
+    if ! am_i_root; then
+        error "Could not switch to '${userspec}': Operation not permitted"
+        return 1
+    fi
+
+    # Get the HOME directory for the user to switch, as chroot does
+    # not properly update this env and some scripts rely on it
+    homedir=$(eval echo "~${user}")
+    if [[ ! -d $homedir ]]; then
+        homedir="${HOME:-/}"
+    fi
+
+    # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
+    if [[ "$replace" = true ]]; then
+        exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
+    else
+        chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
+    fi
+}
--- a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/ejbca/run.sh
+++ b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/ejbca/run.sh
@ -19,7 +19,7 @@ info "** Starting ejbca **"
 start_command=("${EJBCA_WILDFLY_BIN_DIR}/standalone.sh" "-b" "0.0.0.0")

 if am_i_root; then
-    exec gosu "$EJBCA_DAEMON_USER" "${start_command[@]}"
+    exec_as_user "$EJBCA_DAEMON_USER" "${start_command[@]}"
 else
    exec "${start_command[@]}"
 fi
--- a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
+++ b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
@ -72,7 +72,7 @@ ejbca_wildfly_command_print_output() {
    local -r cmd="${EJBCA_WILDFLY_BIN_DIR}/jboss-cli.sh"
    local -r -a args=("--connect" "-u=${EJBCA_WILDFLY_ADMIN_USER}" "-p=${EJBCA_WILDFLY_ADMIN_PASSWORD}" "$@")
    if am_i_root; then
-        gosu "$EJBCA_DAEMON_USER" "$cmd" "${args[@]}"
+        run_as_user "$EJBCA_DAEMON_USER" "$cmd" "${args[@]}"
    else
        "$cmd" "${args[@]}"
    fi
@ -255,7 +255,7 @@ ejbca_start_wildfly_bg() {

    if ! is_wildfly_running; then
        if am_i_root; then
-            debug_execute gosu "$EJBCA_DAEMON_USER" "${exec}" "${args[@]}" &
+            debug_execute run_as_user "$EJBCA_DAEMON_USER" "${exec}" "${args[@]}" &
        else
            debug_execute "${exec}" "${args[@]}" &
        fi
@ -299,7 +299,7 @@ ejbca_create_management_user() {
    local -r -a args=("-u" "$EJBCA_WILDFLY_ADMIN_USER" "-p" "$EJBCA_WILDFLY_ADMIN_PASSWORD" "-s")

    if am_i_root; then
-        debug_execute gosu "$EJBCA_DAEMON_USER" "$cmd" "${args[@]}"
+        debug_execute run_as_user "$EJBCA_DAEMON_USER" "$cmd" "${args[@]}"
    else
        debug_execute "$cmd" "${args[@]}"
    fi
@ -472,7 +472,7 @@ ejbca_generate_ca() {
 #########################
 ejbca_execute_command_print_output() {
    if am_i_root; then
-        gosu "$EJBCA_DAEMON_USER" "$EJBCA_BIN_DIR"/ejbca.sh "$@" 2>&1
+        run_as_user "$EJBCA_DAEMON_USER" "$EJBCA_BIN_DIR"/ejbca.sh "$@" 2>&1
    else
        "$EJBCA_BIN_DIR"/ejbca.sh "$@" 2>&1
    fi