[bitnami/sonarqube] Release 10.0.0-debian-11-r1 (#32675)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/sonarqube/10/debian-11/Dockerfile

@@ -3,8 +3,9 @@ FROM docker.io/bitnami/minideb:bullseye
 ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
 ARG TARGETARCH
 
-LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-04-18T11:47:12Z" \
+LABEL com.vmware.cp.artifact.flavor="sha256:109c7d51bd69bb6b3df71017440c1ea0699454f81fe188056c083f0b57c96ea6" \
+      org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
+      org.opencontainers.image.created="2023-05-05T06:17:38Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
       org.opencontainers.image.ref.name="10.0.0-debian-11-r1" \
@@ -24,9 +25,8 @@ RUN install_packages acl ca-certificates curl libbsd0 libedit2 libffi7 libgcc-s1
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
     COMPONENTS=( \
       "postgresql-client-15.2.0-4-linux-${OS_ARCH}-debian-11" \
-      "java-17.0.6-10-4-linux-${OS_ARCH}-debian-11" \
+      "java-17.0.7-7-1-linux-${OS_ARCH}-debian-11" \
       "sonarqube-10.0.0-1-linux-${OS_ARCH}-debian-11" \
-      "gosu-1.16.0-5-linux-${OS_ARCH}-debian-11" \
     ) && \
     for COMPONENT in "${COMPONENTS[@]}"; do \
       if [ ! -f "${COMPONENT}.tar.gz" ]; then \
@@ -48,7 +48,7 @@ ENV APP_VERSION="10.0.0" \
     BITNAMI_APP_NAME="sonarqube" \
     JAVA_HOME="/opt/bitnami/java" \
     LD_LIBRARY_PATH="/opt/bitnami/postgresql/lib:$LD_LIBRARY_PATH" \
-    PATH="/opt/bitnami/postgresql/bin:/opt/bitnami/java/bin:/opt/bitnami/common/bin:$PATH"
+    PATH="/opt/bitnami/postgresql/bin:/opt/bitnami/java/bin:$PATH"
 
 EXPOSE 9000
 

bitnami/sonarqube/10/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json

@@ -1,15 +1,9 @@
 {
-    "gosu": {
-        "arch": "amd64",
-        "distro": "debian-11",
-        "type": "NAMI",
-        "version": "1.16.0-5"
-    },
     "java": {
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "17.0.6-10-4"
+        "version": "17.0.7-7-1"
     },
     "postgresql-client": {
         "arch": "amd64",

bitnami/sonarqube/10/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh

@@ -412,11 +412,16 @@ generate_random_string() {
     ascii)
         filter="[:print:]"
         ;;
+    numeric)
+        filter="0-9"
+        ;;
     alphanumeric)
         filter="a-zA-Z0-9"
         ;;
-    numeric)
-        filter="0-9"
+    alphanumeric+special|special+alphanumeric)
+        # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
+        # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
+        filter='a-zA-Z0-9!@#$%^'
         ;;
     *)
         echo "Invalid type ${type}" >&2
@@ -553,3 +558,98 @@ get_root_disk_device_id() {
 get_root_disk_size() {
     fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
 }
+
+########################
+# Run command as a specific user and group (optional)
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Returns:
+#   Exit code of the specified command
+#########################
+run_as_user() {
+    run_chroot "$@"
+}
+
+########################
+# Execute command as a specific user and group (optional),
+# replacing the current process image
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Returns:
+#   Exit code of the specified command
+#########################
+exec_as_user() {
+    run_chroot --replace-process "$@"
+}
+
+########################
+# Run a command using chroot
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Flags:
+#   -r | --replace-process - Replace the current process image (optional)
+# Returns:
+#   Exit code of the specified command
+#########################
+run_chroot() {
+    local userspec
+    local user
+    local homedir
+    local replace=false
+    local -r cwd="$(pwd)"
+
+    # Parse and validate flags
+    while [[ "$#" -gt 0 ]]; do
+        case "$1" in
+            -r | --replace-process)
+                replace=true
+                ;;
+            --)
+                shift
+                break
+                ;;
+            -*)
+                stderr_print "unrecognized flag $1"
+                return 1
+                ;;
+            *)
+                break
+                ;;
+        esac
+        shift
+    done
+
+    # Parse and validate arguments
+    if [[ "$#" -lt 2 ]]; then
+        echo "expected at least 2 arguments"
+        return 1
+    else
+        userspec=$1
+        shift
+
+        # userspec can optionally include the group, so we parse the user
+        user=$(echo "$userspec" | cut -d':' -f1)
+    fi
+
+    if ! am_i_root; then
+        error "Could not switch to '${userspec}': Operation not permitted"
+        return 1
+    fi
+
+    # Get the HOME directory for the user to switch, as chroot does
+    # not properly update this env and some scripts rely on it
+    homedir=$(eval echo "~${user}")
+    if [[ ! -d $homedir ]]; then
+        homedir="${HOME:-/}"
+    fi
+
+    # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
+    if [[ "$replace" = true ]]; then
+        exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
+    else
+        chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
+    fi
+}

bitnami/sonarqube/10/debian-11/rootfs/opt/bitnami/scripts/libsonarqube.sh

@@ -133,7 +133,7 @@ sonarqube_initialize() {
     if [[ "${#additional_properties[@]}" -gt 0 ]]; then
         info "Adding properties provided via SONARQUBE_EXTRA_PROPERTIES to sonar.properties"
         for property in "${additional_properties[@]}"; do
-            sonarqube_conf_set "${property%%=*}" "${property#*=}"
+            sonarqube_conf_set "${property%=*}" "${property#*=}"
         done
     fi
 
@@ -186,7 +186,7 @@ EOF
                 unix_timestamp_ms="$(date '+%s%N' | cut -b1-13)"
                 for setting in "${settings_to_update[@]}"; do
                     postgresql_remote_execute "${postgresql_execute_args[@]}" <<EOF
-INSERT INTO properties (uuid, prop_key, is_empty, text_value, created_at) VALUES ('$(generate_random_string -t alphanumeric -c 20)', '${setting%%=*}', '0', '${setting#*=}', '${unix_timestamp_ms}');
+INSERT INTO properties (uuid, prop_key, is_empty, text_value, created_at) VALUES ('$(generate_random_string -t alphanumeric -c 20)', '${setting%=*}', '0', '${setting#*=}', '${unix_timestamp_ms}');
 EOF
                 done
             fi
@@ -237,7 +237,7 @@ sonarqube_start_bg() {
     (
         cd "$SONARQUBE_BASE_DIR" || return 1
         if am_i_root; then
-            debug_execute gosu "$SONARQUBE_DAEMON_USER" "${SONARQUBE_BIN_DIR}/sonar.sh" "start"
+            debug_execute run_as_user "$SONARQUBE_DAEMON_USER" "${SONARQUBE_BIN_DIR}/sonar.sh" "start"
         else
             debug_execute "${SONARQUBE_BIN_DIR}/sonar.sh" "start"
         fi
@@ -351,7 +351,7 @@ is_sonarqube_running() {
     # The 'sonar.sh status' command checks whether the PID file exists, and a process exists with that PID
     # That way we do not need to re-implement such logic
     if am_i_root; then
-        debug_execute gosu "$SONARQUBE_DAEMON_USER" "${SONARQUBE_BIN_DIR}/sonar.sh" "status"
+        debug_execute run_as_user "$SONARQUBE_DAEMON_USER" "${SONARQUBE_BIN_DIR}/sonar.sh" "status"
     else
         debug_execute "${SONARQUBE_BIN_DIR}/sonar.sh" "status"
     fi
@@ -378,7 +378,7 @@ is_sonarqube_not_running() {
 sonarqube_stop() {
     ! is_sonarqube_running && return
     if am_i_root; then
-        debug_execute gosu "$SONARQUBE_DAEMON_USER" "${SONARQUBE_BIN_DIR}/sonar.sh" "stop"
+        debug_execute run_as_user "$SONARQUBE_DAEMON_USER" "${SONARQUBE_BIN_DIR}/sonar.sh" "stop"
     else
         debug_execute "${SONARQUBE_BIN_DIR}/sonar.sh" "stop"
     fi

bitnami/sonarqube/10/debian-11/rootfs/opt/bitnami/scripts/sonarqube/postunpack.sh

@@ -17,22 +17,9 @@ set -o pipefail
 . /opt/bitnami/scripts/liblog.sh
 
 info "Updating PID files location"
-# PIDDIR appears in branch 8 
-replace_in_file "${SONARQUBE_BIN_DIR}/sonar.sh" "PIDDIR=\"\.\"" "PIDDIR=\"../../pids\""
 # PIDFile appears in branch 9
 replace_in_file "${SONARQUBE_BIN_DIR}/sonar.sh" "PIDFILE=\".*" "PIDFILE=\"/opt/bitnami/sonarqube/pids/\$APP_NAME.pid\""
 
-# The file wrapper.conf only exist in branch 8.
-if [[ -f "${SONARQUBE_CONF_DIR}/wrapper.conf" ]]; then
-    info "Updating log file location"
-    replace_in_file "${SONARQUBE_CONF_DIR}/wrapper.conf" "\.\./\.\./sonar\.YYYYMMDD\.log" "../../sonar.log"
-
-    # Log rotation will be handled externally
-    # Refer to "Log Rotation" section in https://docs.sonarqube.org/latest/instance-administration/system-info/
-    info "Disabling log rolling"
-    replace_in_file "${SONARQUBE_CONF_DIR}/wrapper.conf" "^[#\s]*wrapper.logfile.rollmode\s*=.*" "wrapper.logfile.rollmode=NONE"
-fi
-
 # Ensure the SonarQube base directory exists and has proper permissions
 # Based on https://github.com/SonarSource/docker-sonarqube/blob/master/9/community/Dockerfile#L129
 info "Configuring file permissions for SonarQube"

bitnami/sonarqube/10/debian-11/rootfs/opt/bitnami/scripts/sonarqube/run.sh

@@ -23,7 +23,7 @@ cd "$SONARQUBE_BASE_DIR"
 
 info "** Starting SonarQube **"
 if am_i_root; then
-    exec gosu "$SONARQUBE_DAEMON_USER" "${START_CMD[@]}" "$@"
+    exec_as_user "$SONARQUBE_DAEMON_USER" "${START_CMD[@]}" "$@"
 else
     exec "${START_CMD[@]}" "$@"
 fi