From 3c6ea5dd7754972d3f1d9cb789d7ad03cb08d55e Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Apr 2023 09:42:25 +0200 Subject: [PATCH] [bitnami/apache] Release 2.4.57-debian-11-r8 (#31404) * [bitnami/apache] Release 2.4.57-debian-11-r8 Signed-off-by: Bitnami Containers * Remove bitnami-ssl.conf check for bitnami.conf file Signed-off-by: Fran Mulero --------- Signed-off-by: Bitnami Containers Signed-off-by: Fran Mulero Co-authored-by: Fran Mulero --- .vib/apache/goss/apache.yaml | 1 - bitnami/apache/2.4/debian-11/Dockerfile | 12 +-- .../opt/bitnami/.bitnami_components.json | 10 +- .../prebuildfs/opt/bitnami/scripts/libos.sh | 95 +++++++++++++++++++ .../apache/conf/bitnami/certs/server.crt | 17 ---- .../apache/conf/bitnami/certs/server.key | 27 ------ .../apache/bitnami-templates/bitnami.conf.tpl | 1 - .../opt/bitnami/scripts/apache/postunpack.sh | 1 + .../opt/bitnami/scripts/apache/setup.sh | 21 ++++ .../rootfs/opt/bitnami/scripts/libapache.sh | 10 +- 10 files changed, 131 insertions(+), 64 deletions(-) delete mode 100644 bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.crt delete mode 100644 bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.key diff --git a/.vib/apache/goss/apache.yaml b/.vib/apache/goss/apache.yaml index 580045463ab5..4360ee11bfe6 100644 --- a/.vib/apache/goss/apache.yaml +++ b/.vib/apache/goss/apache.yaml @@ -29,7 +29,6 @@ file: filetype: file contains: - /DocumentRoot.*/opt/bitnami/apache/htdocs/ - - /^Include.*/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf/ # Main Bitnami ssl config file was correctly generated /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf: exists: true diff --git a/bitnami/apache/2.4/debian-11/Dockerfile b/bitnami/apache/2.4/debian-11/Dockerfile index 514893b5cdd2..c87bb84b9c1e 100644 --- a/bitnami/apache/2.4/debian-11/Dockerfile +++ b/bitnami/apache/2.4/debian-11/Dockerfile @@ -2,11 +2,12 @@ FROM docker.io/bitnami/minideb:bullseye ARG TARGETARCH -LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \ - org.opencontainers.image.created="2023-04-14T18:04:17Z" \ +LABEL com.vmware.cp.artifact.flavor="sha256:109c7d51bd69bb6b3df71017440c1ea0699454f81fe188056c083f0b57c96ea6" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \ + org.opencontainers.image.created="2023-04-23T13:11:22Z" \ org.opencontainers.image.description="Application packaged by VMware, Inc" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.4.57-debian-11-r5" \ + org.opencontainers.image.ref.name="2.4.57-debian-11-r8" \ org.opencontainers.image.title="apache" \ org.opencontainers.image.vendor="VMware, Inc." \ org.opencontainers.image.version="2.4.57" @@ -22,9 +23,8 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN install_packages ca-certificates curl libcrypt1 libexpat1 libffi7 libgcc-s1 libgmp10 libgnutls30 libhogweed6 libicu67 libidn2-0 libldap-2.4-2 liblzma5 libnettle8 libnghttp2-14 libp11-kit0 libpcre3 libsasl2-2 libssl1.1 libstdc++6 libtasn1-6 libunistring2 libxml2 procps zlib1g RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \ COMPONENTS=( \ - "render-template-1.0.5-4-linux-${OS_ARCH}-debian-11" \ - "gosu-1.16.0-5-linux-${OS_ARCH}-debian-11" \ - "apache-2.4.57-3-linux-${OS_ARCH}-debian-11" \ + "render-template-1.0.5-5-linux-${OS_ARCH}-debian-11" \ + "apache-2.4.57-5-linux-${OS_ARCH}-debian-11" \ ) && \ for COMPONENT in "${COMPONENTS[@]}"; do \ if [ ! -f "${COMPONENT}.tar.gz" ]; then \ diff --git a/bitnami/apache/2.4/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/apache/2.4/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json index 1e5dbed47da9..646be2d7cf67 100644 --- a/bitnami/apache/2.4/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/apache/2.4/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json @@ -3,18 +3,12 @@ "arch": "amd64", "distro": "debian-11", "type": "NAMI", - "version": "2.4.57-3" - }, - "gosu": { - "arch": "amd64", - "distro": "debian-11", - "type": "NAMI", - "version": "1.16.0-5" + "version": "2.4.57-5" }, "render-template": { "arch": "amd64", "distro": "debian-11", "type": "NAMI", - "version": "1.0.5-4" + "version": "1.0.5-5" } } \ No newline at end of file diff --git a/bitnami/apache/2.4/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/apache/2.4/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh index 5e141d4ce3f1..e573899abacb 100644 --- a/bitnami/apache/2.4/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh +++ b/bitnami/apache/2.4/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh @@ -553,3 +553,98 @@ get_root_disk_device_id() { get_root_disk_size() { fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true } + +######################## +# Run command as a specific user and group (optional) +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Returns: +# Exit code of the specified command +######################### +run_as_user() { + run_chroot "$@" +} + +######################## +# Execute command as a specific user and group (optional), +# replacing the current process image +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Returns: +# Exit code of the specified command +######################### +exec_as_user() { + run_chroot --replace-process "$@" +} + +######################## +# Run a command using chroot +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Flags: +# -r | --replace-process - Replace the current process image (optional) +# Returns: +# Exit code of the specified command +######################### +run_chroot() { + local userspec + local user + local homedir + local replace=false + local -r cwd="$(pwd)" + + # Parse and validate flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -r | --replace-process) + replace=true + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + # Parse and validate arguments + if [[ "$#" -lt 2 ]]; then + echo "expected at least 2 arguments" + return 1 + else + userspec=$1 + shift + + # userspec can optionally include the group, so we parse the user + user=$(echo "$userspec" | cut -d':' -f1) + fi + + if ! am_i_root; then + error "Could not switch to '${userspec}': Operation not permitted" + return 1 + fi + + # Get the HOME directory for the user to switch, as chroot does + # not properly update this env and some scripts rely on it + homedir=$(eval echo "~${user}") + if [[ ! -d $homedir ]]; then + homedir="${HOME:-/}" + fi + + # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion + if [[ "$replace" = true ]]; then + exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" + else + chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" + fi +} \ No newline at end of file diff --git a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.crt b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.crt deleted file mode 100644 index 466bbeab9ff4..000000000000 --- a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.crt +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICqDCCAZACCQCz8T3726LYsjANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDDAtl -eGFtcGxlLmNvbTAeFw0xMjExMTQxMTE4MjdaFw0yMjExMTIxMTE4MjdaMBYxFDAS -BgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA5NHl5TfZtO6zugau2tp5mWIcQYJhuwKTmYeXDLYAGJpoD2SixwPL5c8glneI -Rz1N2EQIZVeaWGbS0FLFlPdOkCkplpW9isYVC4XqKrk5b4HW4+YC+Cup0k+Kd4NM -eZOTUvWr5N6dIpdibkVumBc/pao8VtdwywlCL/PwGRsQtkXrRICzdtRa3MXqTmEF -foyVCGgBRtronlB9x4Plfb8Psk4GrPkjrWYgO8peKrl0O5+F+sYg7Gj95zCH73BQ -ANzCVNrgD9fs9cyx3ru9CUdEoIxAAJwQFkjm7xr6xqhIlSgnQ7B0uOSTNRcXY6rw -s+PxGneec/kRPRgzjC/QHY6n8QIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBbyMqF -RDsX8zX1EW5qA8AQ8Jb2XqWrVeSO8blMV3WagJ2airMm3+c/82FCwsd/cZ08UXhA -/Kou0gi/F16tV26PiiUdp590Qao3d8H2qxc1rzzULimZPgxH4iA4vRyMHtyZN6h4 -7Fdn7O9xNMPu8siOz8rrzsEdEX5URbOMkDLCZsbTIUWVv2XmqrR0K10d5VuLWeLi -r+4G6c6jpa244WmqT9ClqceJ12G1Wnmezy7ybiW0l5M2iuIKFEiRP5Hj0J15o1I2 -pXAbKysAdWRHsJSQOtcgO8Vh9k0wo3tKg4HDp1hbrEzoGzOv92Vjg3lG8X+hzbMJ -MQURotHkD4Gk57wL ------END CERTIFICATE----- diff --git a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.key b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.key deleted file mode 100644 index 1904ca7090ae..000000000000 --- a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA5NHl5TfZtO6zugau2tp5mWIcQYJhuwKTmYeXDLYAGJpoD2Si -xwPL5c8glneIRz1N2EQIZVeaWGbS0FLFlPdOkCkplpW9isYVC4XqKrk5b4HW4+YC -+Cup0k+Kd4NMeZOTUvWr5N6dIpdibkVumBc/pao8VtdwywlCL/PwGRsQtkXrRICz -dtRa3MXqTmEFfoyVCGgBRtronlB9x4Plfb8Psk4GrPkjrWYgO8peKrl0O5+F+sYg -7Gj95zCH73BQANzCVNrgD9fs9cyx3ru9CUdEoIxAAJwQFkjm7xr6xqhIlSgnQ7B0 -uOSTNRcXY6rws+PxGneec/kRPRgzjC/QHY6n8QIDAQABAoIBACo3G131tuGtpFTu -xLW11vdYZXQklNlGuWp63IBI162yVv54B5wF9Ek6tH1uIiNaiREcRBxGVEB4/+3V -R4SbN9Ba98RDbgu7TcipdTFaqOEMqFO1bNjSXWtip14zSBmqA2Ur1AHOnFj0awGD -J8tBhsmOpcEz0Ch1VdO5ApPvLV8jH9wQiMI/Q6yYQMtmzTMCUMYdMqe+LOziIOzL -oqN/WXnKL5E5TiO1bIxSpWPbT+IVn1c3/PShmvmRrLWsFUQlkwXJKMYZPO+rCCfe -b+Q9lMLMnj+vOnM3z16WC3aiiJGCZjVTvQ+x22YrBTRPxZmHO2eZ4H/cUQM7Y/tw -I7RjEM0CgYEA9Kxt1t8bWonzBii3P0rwyx0IECvg63k+pp4BpxpeWQKL7NVdSzk3 -AyJVcNjUoZgi2kVPdxzZGLrnZfuZ691xQB3oZF0LwBzQ4GFHkTRCB0s8ZA5lcJaI -9pBu91bhz2VOZSTeQWpdMMURjXVyTXZInU1mwzmjVOIAYmO33shH9gcCgYEA72mX -UoIrFPLkOTSZOb7UbjYH01vf6ThQiYCEWg7mD3CbY7n9oobIcQMzNnt7xN4wOl/V -eKfZ7G56q8enfqm45Dyo9aCBCENVzmwO8wLe5UnvJBNL20KjvtwG8w5A6UZQzC7p -3QS+U2zxVQNEeaE6a8Wrq2d1PlhVAHYw8odgNEcCgYBN38+58xrmrz99d1oTuAt5 -6kyVsRGOgPGS4HmQMRFUbT4R7DscZSKASd4945WRtTVqmWLYe4MRnvNlfzYXX0zb -ZmmAAClsRP+qWuwHaEWXwrd+9SIOOqtvJrta1/lZJFpWUOy4j10H18Flb7sosnwc -LPWHL4Iv0xriNfDg5Iga4wKBgQDLJBU59SkJBW+Q+oho7vrg6QeK15IOGbJ8eYfT -woCC6VFwNQh5N1QsUELMH8rNKJpTba18SzAl5ThBOY9tciVnw/C5Og9CK6BLHnUw -zWbDtxAq1BSxXsIB2EAtTBLX3MoB9myJFNVJhE7hi3w2mA8yEu+u6IIa/Ghjk+XE -ZAnFUQKBgQDjMinRZrK5wA09jcetI+dNiLnKHoQG6OaXDDsNCatex0O2F36BvVXE -P78qDz/i5aBMWsLx6VDvWJAkBIpZoNS5UsOn17tFaocGUSkcm48bs8Dn6VvsE8Bd -XMPAHyKuILlKYifBvNq5T22KhqKX7yGmk/AeOOiKr2KeMnh27JYrCA== ------END RSA PRIVATE KEY----- diff --git a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl index 6d3b22894445..75a255c3efee 100644 --- a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl +++ b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl @@ -15,4 +15,3 @@ SetEnvIf X-Forwarded-Proto https HTTPS=on ErrorDocument 503 /503.html -Include "{{APACHE_CONF_DIR}}/bitnami/bitnami-ssl.conf" diff --git a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/postunpack.sh index 1f27c7ff04c8..a9ed67cd2bc8 100755 --- a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/postunpack.sh @@ -50,6 +50,7 @@ apache_setup_bitnami_config() { done # Bitnami customizations + ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" diff --git a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/setup.sh b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/setup.sh index 4322e06fb2f4..131f5acba447 100755 --- a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/setup.sh +++ b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/apache/setup.sh @@ -8,6 +8,7 @@ set -o pipefail # set -o xtrace # Uncomment this line for debugging purposes # Load libraries +. /opt/bitnami/scripts/liblog.sh . /opt/bitnami/scripts/libapache.sh # Load Apache environment @@ -19,6 +20,26 @@ apache_validate # Ensure Apache daemon user exists when running as 'root' am_i_root && ensure_user_exists "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" +# Generate SSL certs (without a passphrase) +ensure_dir_exists "${APACHE_CONF_DIR}/bitnami/certs" +if [[ ! -f "${APACHE_CONF_DIR}/bitnami/certs/server.crt" ]]; then + info "Generating sample certificates" + SSL_KEY_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.key" + SSL_CERT_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.crt" + SSL_CSR_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.csr" + SSL_SUBJ="/CN=example.com" + SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" + rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" + openssl genrsa -out "$SSL_KEY_FILE" 4096 + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" + openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") + rm -f "$SSL_CSR_FILE" +fi +# Load SSL configuration +if [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]] && [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then + ensure_apache_configuration_exists "Include \"${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf\"" "bitnami-ssl\.conf" "${APACHE_CONF_DIR}/bitnami/bitnami.conf" +fi + # Copy vhosts files if ! is_dir_empty "/vhosts"; then info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'" diff --git a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/libapache.sh b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/libapache.sh index 0aeb9a906755..f64a8b0b5e14 100644 --- a/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/libapache.sh +++ b/bitnami/apache/2.4/debian-11/rootfs/opt/bitnami/scripts/libapache.sh @@ -237,18 +237,20 @@ is_apache_not_running() { # Arguments: # $1 - configuration string # $2 - pattern to use for checking if the configuration already exists (default: $1) +# $3 - Apache configuration file (default: $APACHE_CONF_FILE) # Returns: # None ######################## ensure_apache_configuration_exists() { local -r conf="${1:?conf missing}" local -r pattern="${2:-"$conf"}" + local -r conf_file="${3:-"$APACHE_CONF_FILE"}" # Enable configuration by appending to httpd.conf - if ! grep -E -q "$pattern" "$APACHE_CONF_FILE"; then - if is_file_writable "$APACHE_CONF_FILE"; then - cat >> "$APACHE_CONF_FILE" <<< "$conf" + if ! grep -E -q "$pattern" "$conf_file"; then + if is_file_writable "$conf_file"; then + cat >> "$conf_file" <<< "$conf" else - error "Could not add the following configuration to '${APACHE_CONF_FILE}:" + error "Could not add the following configuration to '${conf_file}:" error "" error "$(indent "$conf" 4)" error ""