Inicio Explorar Axuda
Iniciar sesión
fphammerle
/
docker-postsrsd
réplica de https://github.com/fphammerle/docker-postsrsd
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

adapt image for postsrsd v2: modify new config file for running container as uid ≠ 0; expose tcp port 10003 instead of 10001 & 10002; remove environment variables `SRS_DOMAIN` & `SRS_SECRET`; fix secrets path in postsrsd's config file

Fabian Peter Hammerle hai 2 días
pai
fdb16ff4d2
achega
7930fb5fce
Modificáronse 2 ficheiros con 29 adicións e 18 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 9 0
      CHANGELOG.md
  2. 20 18
      Dockerfile

+ 9 - 0
CHANGELOG.md
Ver ficheiro 

@@ -5,8 +5,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
 ## [Unreleased]
 
+### Changed
 
+- expose tcp port 10003 instead of 10001 & 10002
 
+  (postsrsd v2 uses "socketmap:" instead of "tcp:" tables)
 
+
 
+### Removed
 
+- environment variables `SRS_DOMAIN` & `SRS_SECRET`
 
+  (settings moved to `/etc/postsrsd/postsrsd.conf` in postsrsd v2)
 
+
 
 ### Fixed
 
 - dockerfile: prefix registry in `FROM` instruction (for `podman build`)
 
+- set path of secrets file in postsrsd's config file (compatible with v[0.1.1])
 
 
 ## [0.1.1] - 2019-08-19
 
 ### Fixed

+ 20 - 18
Dockerfile
Ver ficheiro 

@@ -3,27 +3,29 @@ FROM docker.io/alpine:3.22.0
 
 # https://github.com/roehling/postsrsd/blob/main/CHANGELOG.rst
 
 # https://git.alpinelinux.org/aports/log/community/postsrsd?h=3.22-stable
 
 ARG POSTSRSD_PACKAGE_VERSION=2.0.11-r0
 
+# default in /etc/postsrsd/postsrsd.conf:
 
+# > secrets-file = "/etc/postsrsd/postsrsd.secret"
 
+ARG POSTSRSD_SECRET_DIR_PATH=/etc/postsrsd/secrets
 
+ENV POSTSRSD_SECRET_PATH=${POSTSRSD_SECRET_DIR_PATH}/list
 
+# `unprivileged-user = ""` for running as uid ≠ 0 without CAP_{SETUID,SETGID}:
 
+# > postsrsd: error: cannot drop privileges: setgroups: Operation not permitted
 
+# `chroot-dir = ""` for running as uid ≠ 0 without CAP_SYS_CHROOT:
 
+# > postsrsd: error: cannot drop privileges: chroot: Operation not permitted
 
 RUN adduser -S postsrsd \
 
     && apk add --no-cache postsrsd=$POSTSRSD_PACKAGE_VERSION \
 
-    && mkdir -p /etc/postsrsd/secrets \
 
-    && chown postsrsd /etc/postsrsd/secrets
 
+    && sed -i 's/^\(\(unprivileged-user\|chroot-dir\) = "\).*"/\1"/' \
 
+         /etc/postsrsd/postsrsd.conf \
 
+    && mkdir --mode 700 "${POSTSRSD_SECRET_DIR_PATH}" \
 
+    && chown postsrsd "${POSTSRSD_SECRET_DIR_PATH}" \
 
+    && sed -i 's#^\(secrets-file = "\).*#\1'"${POSTSRSD_SECRET_PATH}\"#" \
 
+         /etc/postsrsd/postsrsd.conf
 
+VOLUME ${POSTSRSD_SECRET_DIR_PATH}
 
 
 USER postsrsd
 
-
 
-VOLUME /etc/postsrsd/secrets
 
-
 
-# https://github.com/roehling/postsrsd/blob/1.6/postsrsd.c#L342
 
-ENV SRS_DOMAIN change-me.tld
 
-ENV SRS_SECRET /etc/postsrsd/secrets/list
 
-
 
-# forward SRS lookup
 
-EXPOSE 10001/tcp
 
-# reverse SRS lookup
 
-EXPOSE 10002/tcp
 
-
 
-# > Cannot open file with secret: /etc/postsrsd/secrets/list
 
+ENV POSTSRSD_SECRET_PATH=${POSTSRSD_SECRET_PATH}
 
+EXPOSE 10003/tcp
 
 CMD set -x; \
 
-    if [ ! -f "$SRS_SECRET" ]; \
 
-        then tr -dc '1-9a-zA-Z' < /dev/random | head -c 32 > "$SRS_SECRET"; \
 
+    if [ ! -s "$POSTSRSD_SECRET_PATH" ]; then \
 
+      tr -dc '1-9a-zA-Z' < /dev/random | head -c 32 > "$POSTSRSD_SECRET_PATH"; \
 
     fi \
 
-    && postsrsd -l0.0.0.0 -e
 
+    && exec postsrsd