From 099a4f647d0b5dcbdadc8ebf03eedb42383d4c97 Mon Sep 17 00:00:00 2001
From: Bitnami Bot <bitnami-bot@vmware.com>
Date: Thu, 20 Apr 2023 01:23:54 +0200
Subject: [PATCH] [bitnami/ejbca] Release 7.11.0-debian-11-r27 (#31001)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
---
 bitnami/ejbca/7/debian-11/Dockerfile          | 11 +--
 .../opt/bitnami/.bitnami_components.json      | 10 +-
 .../prebuildfs/opt/bitnami/scripts/libos.sh   | 95 +++++++++++++++++++
 .../rootfs/opt/bitnami/scripts/ejbca/run.sh   |  2 +-
 .../rootfs/opt/bitnami/scripts/libejbca.sh    |  8 +-
 5 files changed, 107 insertions(+), 19 deletions(-)

diff --git a/bitnami/ejbca/7/debian-11/Dockerfile b/bitnami/ejbca/7/debian-11/Dockerfile
index 195c5df8cc70..4abe8645bdce 100644
--- a/bitnami/ejbca/7/debian-11/Dockerfile
+++ b/bitnami/ejbca/7/debian-11/Dockerfile
@@ -4,10 +4,10 @@ ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
 ARG TARGETARCH
 
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-04-16T20:58:15Z" \
+      org.opencontainers.image.created="2023-04-19T22:15:02Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="7.11.0-debian-11-r26" \
+      org.opencontainers.image.ref.name="7.11.0-debian-11-r27" \
       org.opencontainers.image.title="ejbca" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="7.11.0"
@@ -23,10 +23,9 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN install_packages acl ca-certificates curl libaio1 libaudit1 libcap-ng0 libgcc-s1 libicu67 liblzma5 libncurses6 libpam0g libssl1.1 libstdc++6 libtinfo6 libxml2 procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
     COMPONENTS=( \
-      "java-11.0.18-10-4-linux-${OS_ARCH}-debian-11" \
-      "wildfly-26.1.3-7-linux-${OS_ARCH}-debian-11" \
+      "java-11.0.19-7-0-linux-${OS_ARCH}-debian-11" \
+      "wildfly-26.1.3-9-linux-${OS_ARCH}-debian-11" \
       "mysql-client-10.6.12-4-linux-${OS_ARCH}-debian-11" \
-      "gosu-1.16.0-5-linux-${OS_ARCH}-debian-11" \
       "ejbca-7.11.0-4-linux-${OS_ARCH}-debian-11" \
     ) && \
     for COMPONENT in "${COMPONENTS[@]}"; do \
@@ -49,7 +48,7 @@ RUN /opt/bitnami/scripts/java/postunpack.sh
 ENV APP_VERSION="7.11.0" \
     BITNAMI_APP_NAME="ejbca" \
     JAVA_HOME="/opt/bitnami/java" \
-    PATH="/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/mysql/bin:/opt/bitnami/common/bin:/opt/bitnami/ejbca/bin:$PATH"
+    PATH="/opt/bitnami/java/bin:/opt/bitnami/wildfly/bin:/opt/bitnami/mysql/bin:/opt/bitnami/ejbca/bin:$PATH"
 
 EXPOSE 8009 8080 9990
 
diff --git a/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
index 31f8ee9e9f01..e844f935e801 100644
--- a/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -5,17 +5,11 @@
         "type": "NAMI",
         "version": "7.11.0-4"
     },
-    "gosu": {
-        "arch": "amd64",
-        "distro": "debian-11",
-        "type": "NAMI",
-        "version": "1.16.0-5"
-    },
     "java": {
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "11.0.18-10-4"
+        "version": "11.0.19-7-0"
     },
     "mysql-client": {
         "arch": "amd64",
@@ -27,6 +21,6 @@
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "26.1.3-7"
+        "version": "26.1.3-9"
     }
 }
\ No newline at end of file
diff --git a/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
index 5e141d4ce3f1..e573899abacb 100644
--- a/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
+++ b/bitnami/ejbca/7/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
@@ -553,3 +553,98 @@ get_root_disk_device_id() {
 get_root_disk_size() {
     fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
 }
+
+########################
+# Run command as a specific user and group (optional)
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Returns:
+#   Exit code of the specified command
+#########################
+run_as_user() {
+    run_chroot "$@"
+}
+
+########################
+# Execute command as a specific user and group (optional),
+# replacing the current process image
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Returns:
+#   Exit code of the specified command
+#########################
+exec_as_user() {
+    run_chroot --replace-process "$@"
+}
+
+########################
+# Run a command using chroot
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Flags:
+#   -r | --replace-process - Replace the current process image (optional)
+# Returns:
+#   Exit code of the specified command
+#########################
+run_chroot() {
+    local userspec
+    local user
+    local homedir
+    local replace=false
+    local -r cwd="$(pwd)"
+
+    # Parse and validate flags
+    while [[ "$#" -gt 0 ]]; do
+        case "$1" in
+            -r | --replace-process)
+                replace=true
+                ;;
+            --)
+                shift
+                break
+                ;;
+            -*)
+                stderr_print "unrecognized flag $1"
+                return 1
+                ;;
+            *)
+                break
+                ;;
+        esac
+        shift
+    done
+
+    # Parse and validate arguments
+    if [[ "$#" -lt 2 ]]; then
+        echo "expected at least 2 arguments"
+        return 1
+    else
+        userspec=$1
+        shift
+
+        # userspec can optionally include the group, so we parse the user
+        user=$(echo "$userspec" | cut -d':' -f1)
+    fi
+
+    if ! am_i_root; then
+        error "Could not switch to '${userspec}': Operation not permitted"
+        return 1
+    fi
+
+    # Get the HOME directory for the user to switch, as chroot does
+    # not properly update this env and some scripts rely on it
+    homedir=$(eval echo "~${user}")
+    if [[ ! -d $homedir ]]; then
+        homedir="${HOME:-/}"
+    fi
+
+    # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
+    if [[ "$replace" = true ]]; then
+        exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
+    else
+        chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
+    fi
+}
\ No newline at end of file
diff --git a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/ejbca/run.sh b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/ejbca/run.sh
index 15a8d3bb3097..a633fbfbba26 100755
--- a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/ejbca/run.sh
+++ b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/ejbca/run.sh
@@ -19,7 +19,7 @@ info "** Starting ejbca **"
 start_command=("${EJBCA_WILDFLY_BIN_DIR}/standalone.sh" "-b" "0.0.0.0")
 
 if am_i_root; then
-    exec gosu "$EJBCA_DAEMON_USER" "${start_command[@]}"
+    exec_as_user "$EJBCA_DAEMON_USER" "${start_command[@]}"
 else
     exec "${start_command[@]}"
 fi
diff --git a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
index 7f7edb8d742a..a136752d2830 100644
--- a/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
+++ b/bitnami/ejbca/7/debian-11/rootfs/opt/bitnami/scripts/libejbca.sh
@@ -72,7 +72,7 @@ ejbca_wildfly_command_print_output() {
     local -r cmd="${EJBCA_WILDFLY_BIN_DIR}/jboss-cli.sh"
     local -r -a args=("--connect" "-u=${EJBCA_WILDFLY_ADMIN_USER}" "-p=${EJBCA_WILDFLY_ADMIN_PASSWORD}" "$@")
     if am_i_root; then
-        gosu "$EJBCA_DAEMON_USER" "$cmd" "${args[@]}"
+        run_as_user "$EJBCA_DAEMON_USER" "$cmd" "${args[@]}"
     else
         "$cmd" "${args[@]}"
     fi
@@ -255,7 +255,7 @@ ejbca_start_wildfly_bg() {
 
     if ! is_wildfly_running; then
         if am_i_root; then
-            debug_execute gosu "$EJBCA_DAEMON_USER" "${exec}" "${args[@]}" &
+            debug_execute run_as_user "$EJBCA_DAEMON_USER" "${exec}" "${args[@]}" &
         else
             debug_execute "${exec}" "${args[@]}" &
         fi
@@ -299,7 +299,7 @@ ejbca_create_management_user() {
     local -r -a args=("-u" "$EJBCA_WILDFLY_ADMIN_USER" "-p" "$EJBCA_WILDFLY_ADMIN_PASSWORD" "-s")
 
     if am_i_root; then
-        debug_execute gosu "$EJBCA_DAEMON_USER" "$cmd" "${args[@]}"
+        debug_execute run_as_user "$EJBCA_DAEMON_USER" "$cmd" "${args[@]}"
     else
         debug_execute "$cmd" "${args[@]}"
     fi
@@ -472,7 +472,7 @@ ejbca_generate_ca() {
 #########################
 ejbca_execute_command_print_output() {
     if am_i_root; then
-        gosu "$EJBCA_DAEMON_USER" "$EJBCA_BIN_DIR"/ejbca.sh "$@" 2>&1
+        run_as_user "$EJBCA_DAEMON_USER" "$EJBCA_BIN_DIR"/ejbca.sh "$@" 2>&1
     else
         "$EJBCA_BIN_DIR"/ejbca.sh "$@" 2>&1
     fi