From 6a820395d0833d81f285463248db8d51a0525839 Mon Sep 17 00:00:00 2001 From: thespad Date: Fri, 20 Dec 2024 20:46:29 +0000 Subject: [PATCH] Rebase to 3.21 --- .github/workflows/external_trigger.yml | 4 ++-- Dockerfile | 4 ++-- Dockerfile.aarch64 | 4 ++-- Jenkinsfile | 3 +-- README.md | 6 ++++++ jenkins-vars.yml | 3 +-- readme-vars.yml | 4 ++-- .../s6-rc.d/init-syslog-ng-config/run | 6 ++++-- root/etc/s6-overlay/s6-rc.d/log-syslog-ng/run | 20 ++++++++++++++----- root/etc/s6-overlay/s6-rc.d/svc-syslog-ng/run | 9 +++++++-- 10 files changed, 42 insertions(+), 21 deletions(-) diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 580924e..86d70b7 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -23,7 +23,7 @@ jobs: echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY echo "> External trigger running off of main branch. To disable this trigger, add \`syslog-ng_main\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY - EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:'"syslog-ng"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') echo "Type is \`alpine_repo\`" >> $GITHUB_STEP_SUMMARY if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then @@ -96,7 +96,7 @@ jobs: if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then echo "Version \`${EXT_RELEASE}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 - elif [[ $(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"syslog-ng"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]; then + elif [[ $(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"syslog-ng"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://') != "${EXT_RELEASE}" ]]; then echo "New version \`${EXT_RELEASE}\` found; but not all arch repos updated yet; exiting" >> $GITHUB_STEP_SUMMARY FAILURE_REASON="New version ${EXT_RELEASE} for syslog-ng tag latest is detected, however not all arch repos are updated yet. Will try again later." curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, diff --git a/Dockerfile b/Dockerfile index 751f729..927907e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 ARG BUILD_DATE ARG VERSION @@ -11,7 +11,7 @@ LABEL maintainer="thespad" RUN \ echo "**** install packages ****" && \ if [ -z ${SYSLOG_NG_VERSION+x} ]; then \ - SYSLOG_NG_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + SYSLOG_NG_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:syslog-ng$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ fi && \ apk add -U --upgrade --no-cache \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 75e763b..4e2dbf4 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20 +FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 ARG BUILD_DATE ARG VERSION @@ -11,7 +11,7 @@ LABEL maintainer="thespad" RUN \ echo "**** install packages ****" && \ if [ -z ${SYSLOG_NG_VERSION+x} ]; then \ - SYSLOG_NG_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.20/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp \ + SYSLOG_NG_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.21/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp \ && awk '/^P:syslog-ng$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \ fi && \ apk add -U --upgrade --no-cache \ diff --git a/Jenkinsfile b/Jenkinsfile index 02ac8b1..d280edd 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -27,8 +27,7 @@ pipeline { DEV_DOCKERHUB_IMAGE = 'lsiodev/syslog-ng' PR_DOCKERHUB_IMAGE = 'lspipepr/syslog-ng' DIST_IMAGE = 'alpine' - DIST_TAG = '3.20' - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.20/main/' + DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.21/main/' DIST_REPO_PACKAGES = 'syslog-ng' MULTIARCH = 'true' CI='true' diff --git a/README.md b/README.md index 472ad96..9d36cd7 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,10 @@ More info at [syslog-ng](https://www.syslog-ng.com/technical-documents/list/sysl This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -133,6 +137,7 @@ Containers are configured using parameters passed at runtime (such as those abov | `-v /config` | Stores config and application files | | `-v /var/log` | Stores logs collected by the syslog-ng service | | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) @@ -296,6 +301,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **20.12.24:** - Rebase to Alpine 3.21. * **24.09.24:** - Add opt to log to stdout. * **24.05.24:** - Rebase to Alpine 3.20. * **31.01.24:** - Rebase to Alpine 3.19. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index fec6841..e4bc927 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -15,8 +15,7 @@ repo_vars: - DEV_DOCKERHUB_IMAGE = 'lsiodev/syslog-ng' - PR_DOCKERHUB_IMAGE = 'lspipepr/syslog-ng' - DIST_IMAGE = 'alpine' - - DIST_TAG = '3.20' - - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.20/main/' + - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.21/main/' - DIST_REPO_PACKAGES = 'syslog-ng' - MULTIARCH = 'true' - CI='true' diff --git a/readme-vars.yml b/readme-vars.yml index f978bee..e154a24 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -11,8 +11,6 @@ project_blurb_optional_extras_enabled: false available_architectures: - {arch: "{{ arch_x86_64 }}", tag: "latest"} - {arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"} -# development version -development_versions: false # container parameters common_param_env_vars_enabled: true param_container_name: "{{ project_name }}" @@ -31,6 +29,7 @@ param_ports: - {external_port: "601", internal_port: "6601/tcp", port_desc: "Syslog TCP"} - {external_port: "6514", internal_port: "6514/tcp", port_desc: "Syslog TLS"} readonly_supported: true +nonroot_supported: true # application setup block app_setup_block_enabled: true app_setup_block: | @@ -85,6 +84,7 @@ init_diagram: | "syslog-ng:latest" <- Base Images # changelog changelogs: + - {date: "20.12.24:", desc: "Rebase to Alpine 3.21."} - {date: "24.09.24:", desc: "Add opt to log to stdout."} - {date: "24.05.24:", desc: "Rebase to Alpine 3.20."} - {date: "31.01.24:", desc: "Rebase to Alpine 3.19."} diff --git a/root/etc/s6-overlay/s6-rc.d/init-syslog-ng-config/run b/root/etc/s6-overlay/s6-rc.d/init-syslog-ng-config/run index 7d3b5df..3808d4d 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-syslog-ng-config/run +++ b/root/etc/s6-overlay/s6-rc.d/init-syslog-ng-config/run @@ -32,5 +32,7 @@ cat <<-EOF EOF fi -lsiown -R abc:abc \ - /config +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + lsiown -R abc:abc \ + /config +fi diff --git a/root/etc/s6-overlay/s6-rc.d/log-syslog-ng/run b/root/etc/s6-overlay/s6-rc.d/log-syslog-ng/run index 07d62f9..515176b 100755 --- a/root/etc/s6-overlay/s6-rc.d/log-syslog-ng/run +++ b/root/etc/s6-overlay/s6-rc.d/log-syslog-ng/run @@ -1,10 +1,20 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -if [[ "${LOG_TO_STDOUT,,}" == "true" ]]; then - exec \ - s6-setuidgid abc s6-log +.* 1 +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + if [[ "${LOG_TO_STDOUT,,}" == "true" ]]; then + exec \ + s6-setuidgid abc s6-log +.* 1 + else + exec \ + s6-setuidgid abc s6-log n30 s10000000 S30000000 T !"gzip -nq9" /config/log/ + fi else - exec \ - s6-setuidgid abc s6-log n30 s10000000 S30000000 T !"gzip -nq9" /config/log/ + if [[ "${LOG_TO_STDOUT,,}" == "true" ]]; then + exec \ + s6-log +.* 1 + else + exec \ + s6-log n30 s10000000 S30000000 T !"gzip -nq9" /config/log/ + fi fi diff --git a/root/etc/s6-overlay/s6-rc.d/svc-syslog-ng/run b/root/etc/s6-overlay/s6-rc.d/svc-syslog-ng/run index 1674698..f0d756e 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-syslog-ng/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-syslog-ng/run @@ -1,5 +1,10 @@ #!/usr/bin/with-contenv bash # shellcheck shell=bash -exec 2>&1 \ - s6-setuidgid abc /usr/sbin/syslog-ng -F -f /config/syslog-ng.conf --persist-file /config/syslog-ng.persist --pidfile=/config/syslog-ng.pid --control=/config/syslog-ng.ctl --stderr --no-caps +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + exec 2>&1 \ + s6-setuidgid abc /usr/sbin/syslog-ng -F -f /config/syslog-ng.conf --persist-file /config/syslog-ng.persist --pidfile=/config/syslog-ng.pid --control=/config/syslog-ng.ctl --stderr --no-caps +else + exec 2>&1 \ + /usr/sbin/syslog-ng -F -f /config/syslog-ng.conf --persist-file /config/syslog-ng.persist --pidfile=/config/syslog-ng.pid --control=/config/syslog-ng.ctl --stderr --no-caps +fi