From 55d2e36df5eb001c6a4e0eaf1577f1d25349d707 Mon Sep 17 00:00:00 2001 From: TheSpad Date: Sun, 23 Oct 2022 14:28:38 +0100 Subject: [PATCH] Rebase sqlitebrowser to 3.16, migrate to s6v3 --- .github/workflows/external_trigger.yml | 2 +- Dockerfile | 9 +++++++-- Dockerfile.aarch64 | 9 +++++++-- Dockerfile.armhf | 9 +++++++-- Jenkinsfile | 4 ++-- README.md | 5 +++++ jenkins-vars.yml | 4 ++-- readme-vars.yml | 4 ++++ .../init-config-end/dependencies.d/init-openboxcopy | 0 .../s6-rc.d/init-openboxcopy/dependencies.d/init-config | 0 .../s6-rc.d/init-openboxcopy/run} | 3 ++- root/etc/s6-overlay/s6-rc.d/init-openboxcopy/type | 1 + root/etc/s6-overlay/s6-rc.d/init-openboxcopy/up | 1 + .../s6-overlay/s6-rc.d/user/contents.d/init-openboxcopy | 0 14 files changed, 39 insertions(+), 12 deletions(-) create mode 100644 root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-openboxcopy create mode 100644 root/etc/s6-overlay/s6-rc.d/init-openboxcopy/dependencies.d/init-config rename root/etc/{cont-init.d/56-openboxcopy => s6-overlay/s6-rc.d/init-openboxcopy/run} (78%) mode change 100644 => 100755 create mode 100644 root/etc/s6-overlay/s6-rc.d/init-openboxcopy/type create mode 100644 root/etc/s6-overlay/s6-rc.d/init-openboxcopy/up create mode 100644 root/etc/s6-overlay/s6-rc.d/user/contents.d/init-openboxcopy diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index e46cec4..727b6e2 100755 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -18,7 +18,7 @@ jobs: fi echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SQLITEBROWSER_MASTER\". ****" echo "**** Retrieving external version ****" - EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:'"sqlitebrowser"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then echo "**** Can't retrieve external version, exiting ****" diff --git a/Dockerfile b/Dockerfile index 3669a54..fccbc3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-rdesktop-web:alpine +FROM ghcr.io/linuxserver/baseimage-rdesktop-web:3.16 # set version label ARG BUILD_DATE @@ -12,8 +12,12 @@ ENV TITLE=SQLiteBrowser RUN \ echo "**** install packages ****" && \ + if [ -z ${SQLITEB_VERSION+x} ]; then \ + SQLITEB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + && awk '/^P:sqlitebrowser$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ + fi && \ apk add --no-cache \ - sqlitebrowser && \ + sqlitebrowser==${SQLITEB_VERSION} && \ echo "**** cleanup ****" && \ rm -rf \ /tmp/* @@ -23,4 +27,5 @@ COPY /root / # ports and volumes EXPOSE 3000 + VOLUME /config diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index d54ede5..33df6c0 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-rdesktop-web:arm64v8-alpine +FROM ghcr.io/linuxserver/baseimage-rdesktop-web:arm64v8-3.16 # set version label ARG BUILD_DATE @@ -12,8 +12,12 @@ ENV TITLE=SQLiteBrowser RUN \ echo "**** install packages ****" && \ + if [ -z ${SQLITEB_VERSION+x} ]; then \ + SQLITEB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + && awk '/^P:sqlitebrowser$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ + fi && \ apk add --no-cache \ - sqlitebrowser && \ + sqlitebrowser==${SQLITEB_VERSION} && \ echo "**** cleanup ****" && \ rm -rf \ /tmp/* @@ -23,4 +27,5 @@ COPY /root / # ports and volumes EXPOSE 3000 + VOLUME /config diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 7dcf9d2..0324110 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-rdesktop-web:arm32v7-alpine +FROM ghcr.io/linuxserver/baseimage-rdesktop-web:arm32v7-3.16 # set version label ARG BUILD_DATE @@ -12,8 +12,12 @@ ENV TITLE=SQLiteBrowser RUN \ echo "**** install packages ****" && \ + if [ -z ${SQLITEB_VERSION+x} ]; then \ + SQLITEB_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + && awk '/^P:sqlitebrowser$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ + fi && \ apk add --no-cache \ - sqlitebrowser && \ + sqlitebrowser==${SQLITEB_VERSION} && \ echo "**** cleanup ****" && \ rm -rf \ /tmp/* @@ -23,4 +27,5 @@ COPY /root / # ports and volumes EXPOSE 3000 + VOLUME /config diff --git a/Jenkinsfile b/Jenkinsfile index ae8d390..bf033ae 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,8 +25,8 @@ pipeline { DEV_DOCKERHUB_IMAGE = 'lsiodev/sqlitebrowser' PR_DOCKERHUB_IMAGE = 'lspipepr/sqlitebrowser' DIST_IMAGE = 'alpine' - DIST_TAG = '3.15' - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.15/community/' + DIST_TAG = '3.16' + DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.16/community/' DIST_REPO_PACKAGES = 'sqlitebrowser' MULTIARCH='true' CI='true' diff --git a/README.md b/README.md index 7ee3d93..72bf58d 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,8 @@ services: sqlitebrowser: image: lscr.io/linuxserver/sqlitebrowser:latest container_name: sqlitebrowser + security_opt: + - seccomp:unconfined #optional environment: - PUID=1000 - PGID=1000 @@ -93,6 +95,7 @@ services: ```bash docker run -d \ --name=sqlitebrowser \ + --security-opt seccomp=unconfined `#optional` \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Europe/London \ @@ -113,6 +116,7 @@ Container images are configured using parameters passed at runtime (such as thos | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London. | | `-v /config` | Users home directory in the container, stores program settings and potentially dump files. | +| `--security-opt seccomp=unconfined` | For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. | ## Environment variables from files (Docker secrets) @@ -223,6 +227,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **23.10.22:** - Rebase to Alpine 3.16, migrate to s6v3. * **16.02.22:** - Rebase to Alpine. * **20.01.21:** - Remove Wireshark reference. * **29.07.20:** - Initial release. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index a0ae331..60eca85 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -15,8 +15,8 @@ repo_vars: - DEV_DOCKERHUB_IMAGE = 'lsiodev/sqlitebrowser' - PR_DOCKERHUB_IMAGE = 'lspipepr/sqlitebrowser' - DIST_IMAGE = 'alpine' - - DIST_TAG = '3.15' - - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.15/community/' + - DIST_TAG = '3.16' + - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.16/community/' - DIST_REPO_PACKAGES = 'sqlitebrowser' - MULTIARCH='true' - CI='true' diff --git a/readme-vars.yml b/readme-vars.yml index b9b76b9..9c50be5 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -29,6 +29,9 @@ param_volumes: param_usage_include_ports: true param_ports: - { external_port: "3000", internal_port: "3000", port_desc: "Sqlitebrowser desktop gui." } +opt_security_opt_param: true +opt_security_opt_param_vars: + - { run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker." } # application setup block app_setup_block_enabled: true @@ -40,6 +43,7 @@ app_setup_block: | # changelog changelogs: + - { date: "23.10.22:", desc: "Rebase to Alpine 3.16, migrate to s6v3." } - { date: "16.02.22:", desc: "Rebase to Alpine." } - { date: "20.01.21:", desc: "Remove Wireshark reference." } - { date: "29.07.20:", desc: "Initial release." } diff --git a/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-openboxcopy b/root/etc/s6-overlay/s6-rc.d/init-config-end/dependencies.d/init-openboxcopy new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/dependencies.d/init-config b/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/dependencies.d/init-config new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/cont-init.d/56-openboxcopy b/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/run old mode 100644 new mode 100755 similarity index 78% rename from root/etc/cont-init.d/56-openboxcopy rename to root/etc/s6-overlay/s6-rc.d/init-openboxcopy/run index f22df65..e7504d5 --- a/root/etc/cont-init.d/56-openboxcopy +++ b/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/run @@ -1,7 +1,8 @@ #!/usr/bin/with-contenv bash # default file copies first run -[[ ! -f /config/.config/openbox/menu.xml ]] && \ +if [[ ! -f /config/.config/openbox/menu.xml ]]; then mkdir -p /config/.config/openbox && \ cp /defaults/menu.xml /config/.config/openbox/menu.xml && \ chown -R abc:abc /config/.config +fi diff --git a/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/type b/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/type new file mode 100644 index 0000000..3d92b15 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/up b/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/up new file mode 100644 index 0000000..c5a506f --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/init-openboxcopy/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-openboxcopy/run \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-openboxcopy b/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-openboxcopy new file mode 100644 index 0000000..e69de29