add docker files

C'est le maître des clefs
Pour vous, je vais faire une exception
2022-11-15 19:51:21 +00:00 · 2022-11-15 20:49:57 +01:00 · 2022-11-15 20:04:38 +01:00 · 2022-11-15 20:02:54 +01:00 · 2022-11-15 20:01:37 +01:00
12 changed files with 256 additions and 13 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1 @@
+.git*
--- a/.env.dist
+++ b/.env.dist
@ -0,0 +1 @@
+DOCKER_SERVICE_80_TAGS=urlprefix-zeg1jeux.${APP_DOMAIN}
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
+.env
 cache/
 tests/
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+MYOS                            ?= ../myos
+MYOS_REPOSITORY                 ?= https://github.com/aynicos/myos
+-include $(MYOS)/make/include.mk
+$(MYOS):
+	-@git clone $(MYOS_REPOSITORY) $(MYOS)
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -0,0 +1,95 @@
+FROM seblucas/alpine-nginx-php as dist
+LABEL maintainer aynic.os <support+docker@asycn.io>
+ARG DOCKER_BUILD_DIR
+ARG DOCKER_MACHINE=x86_64
+ARG DOCKER_SYSTEM=Linux
+
+RUN apk upgrade --no-cache \
+ && apk add --no-cache \
+    bash \
+    ca-certificates \
+    gettext \
+    libc6-compat \
+    libsodium \
+    make \
+    py3-gpgme \
+    py3-pip
+
+ARG IPFS_VERSION=0.16.0
+
+RUN { OS="$(echo ${DOCKER_SYSTEM} |awk '{print tolower($0)}')"; \
+    ARCH="$(echo ${DOCKER_MACHINE})"; \
+    wget -qO - https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.${OS}.${ARCH}.tar.xz \
+     |tar --strip-components 1 -C /usr/local/bin -xJf - shellcheck-stable/shellcheck; } \
+ && { ARCH="$(echo ${DOCKER_MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
+    wget -qO - https://github.com/ipfs/kubo/releases/download/v${IPFS_VERSION}/kubo_v${IPFS_VERSION}_${OS}-${ARCH}.tar.gz \
+     |tar --strip-components 1 -C /usr/local/bin -xzf - kubo/ipfs; } \
+ && mkdir -p /usr/local/lib/shellspec \
+ && wget -qO - https://github.com/shellspec/shellspec/archive/refs/heads/master.tar.gz \
+     |tar --strip-components 1 -C /usr/local/lib/shellspec -xzf - \
+ && ln -s /usr/local/lib/shellspec/shellspec /usr/local/bin/shellspec
+
+RUN apk add --no-cache --virtual .build-deps \
+    build-base \
+    cargo \
+    libffi-dev \
+    openssl-dev \
+    py3-wheel \
+    python3-dev \
+    swig \
+ && mkdir -p /usr/local/src/jaklis \
+ && wget -qO - https://git.p2p.legal/axiom-team/jaklis/archive/master.tar.gz \
+     |tar --strip-components 1 -C /usr/local/src/jaklis -xzf - \
+ && pip3 install -r /usr/local/src/jaklis/requirements.txt \
+ && ln -s /usr/local/src/jaklis/jaklis.py /usr/local/bin/jaklis \
+ && chmod 0755 /usr/local/bin/jaklis \
+ && /usr/local/bin/jaklis --help >/dev/null \
+ && mkdir -p /usr/local/src/dpgpid \
+ && wget -qO - https://git.p2p.legal/aya/dpgpid/archive/master.tar.gz \
+     |tar --strip-components 1 -C /usr/local/src/dpgpid -xzf - \
+ && pip3 install -r /usr/local/src/dpgpid/requirements.txt \
+ && ln -s /usr/local/src/dpgpid/keygen /usr/local/bin/keygen \
+ && chmod 0755 /usr/local/bin/keygen \
+ && /usr/local/bin/keygen --help >/dev/null \
+ && rm -rf /root/.cache \
+ && apk del --no-network .build-deps \
+ && find ./lib -type f -executable -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \
+     |tr ',' '\n' \
+     |sort -u \
+     |awk 'system("[ -e /lib/"$1" -o -e /usr/lib/"$1" -o -e ./lib/python'"${PYTHON_RELEASE}"'/site-packages/*/"$1" ]") == 0 { next } { print "so:" $1 }' \
+     |xargs -rt apk add --no-cache
+
+RUN sed -i 's/^}/       location \/ { index index.php; }\n}/' /etc/nginx/http.d/default.conf
+
+FROM dist as master
+ARG DOCKER_BUILD_DIR
+ARG DOCKER_GID
+ARG SHELL=/bin/bash
+ARG UID
+ARG USER
+ENV UID=${UID}
+ENV GID=${UID}
+ENV USER=nginx
+
+# If we provide a numeric UID
+RUN [ "$UID" -eq "$UID" ] 2>/dev/null \
+# Remove user with $UID if it is not our $USER
+ && if [ "$(getent passwd $UID |awk -F: '{print $1}')" != "$USER" ]; then \
+      sed -i '/^'$(getent passwd $UID |awk -F: '{print $1}')':x:'$UID':/d' /etc/passwd; \
+      sed -i '/^'$(getent group $GID |awk -F: '{print $1}')':x:'$GID':/d' /etc/group; \
+    fi \
+# Force $UID if our $USER already exists
+ && sed -i 's/^'$USER':x:[0-9]\+:[0-9]\+:/'$USER':x:'$UID':'$GID':/' /etc/passwd \
+ && sed -i 's/^'$USER':x:[0-9]\+:/'$USER':x:'$GID':/' /etc/group \
+# Create $USER if it does not exist
+ && if [ "$(getent passwd $UID)" = "" ]; then \
+      echo "$USER:x:$UID:$GID::/home/$USER:$SHELL" >> /etc/passwd; \
+      echo "$USER:\!:$(($(date +%s) / 60 / 60 / 24)):0:99999:7:::" >> /etc/shadow; \
+      echo "$USER:x:$GID:" >> /etc/group; \
+    fi \
+ && mkdir -p /home/$USER \
+ && chown $UID:$GID /home/$USER \
+ || true
+
+ENV SHELL=${SHELL}
+WORKDIR /var/www
--- a/docker/docker-compose.app.yml
+++ b/docker/docker-compose.app.yml
@ -0,0 +1,22 @@
+version: '3.6'
+
+services:
+  docker:
+    environment:
+    - ENV=${ENV}
+    - SHELL=${DOCKER_SHELL}
+    labels:
+    - SERVICE_80_CHECK_HTTP=/
+    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-docker-80
+    - SERVICE_80_TAGS=${DOCKER_SERVICE_80_TAGS}
+    networks:
+    - private
+    - public
+
+networks:
+  private:
+    external: true
+    name: ${DOCKER_NETWORK_PRIVATE}
+  public:
+    external: true
+    name: ${DOCKER_NETWORK_PUBLIC}
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -0,0 +1,34 @@
+version: '3.6'
+
+services:
+  docker:
+    build:
+      args:
+      - DOCKER_BUILD_DIR=docker
+      - GID=${GID}
+      - IPFS_VERSION=${IPFS_VERSION:-0.16.0}
+      - UID=${UID}
+      - USER=${USER}
+      context: ../
+      dockerfile: docker/Dockerfile
+    ports:
+    - 80
+    restart: always
+    volumes:
+    - ipfs:${HOME}/.ipfs:cached,ro
+    - data:/var/www:delegated
+    working_dir: /var/www
+
+volumes:
+  ipfs:
+    driver: local
+    driver_opts:
+      type: none
+      device: ${HOME}/.ipfs
+      o: bind
+  data:
+    driver: local
+    driver_opts:
+      type: none
+      device: ${APP_DIR:-.}
+      o: bind
--- a/lib/Fred.class.php
+++ b/lib/Fred.class.php
@ -25,7 +25,7 @@ class Fred {
 		
 		if (empty($page1)) {

-			throw Exception("J'ai pas pû récupérer la putain de première page.");
+			throw new Exception("J'ai pas pû récupérer la putain de première page.");
 		}

 		preg_match("`url='([^']+)'`isU", $page1, $matches);
@ -38,7 +38,7 @@ class Fred {

 		if (empty($page2)) {

-			throw Exception("J'ai pas pû récupérer la putain de deuxième page.");
+			throw new Exception("J'ai pas pû récupérer la putain de deuxième page.");
 		}

 		preg_match("`url='.*/ipns/([^']+)'`isU", $page2, $matches);
@ -64,7 +64,7 @@ class Fred {

 		if (empty($page1)) {

-			throw Exception("J'ai pas pû récupérer la putain de première page.");
+			throw new Exception("J'ai pas pû récupérer la putain de première page.");
 		}

 		// echo '<pre>'; var_dump(htmlspecialchars($page1)); echo '</pre>';
@ -86,7 +86,7 @@ class Fred {

 		if (empty($page2)) {

-			throw Exception("J'ai pas pû récupérer la putain de deuxième page.");
+			throw new Exception("J'ai pas pû récupérer la putain de deuxième page.");
 		}
 		
 		// echo '<pre>'; var_dump(htmlspecialchars($page2)); echo '</pre>';
@ -124,7 +124,7 @@ class Fred {

 		if (empty($page1)) {

-			throw Exception("J'ai pas pû récupérer la putain de première page.");
+			throw new Exception("J'ai pas pû récupérer la putain de première page.");
 		}

 		// die('<pre>' . htmlspecialchars($page1) . '</pre>');
@ -163,7 +163,7 @@ class Fred {

 		if (empty($page2)) {

-			throw Exception("J'ai pas pû récupérer la putain de deuxième page.");
+			throw new Exception("J'ai pas pû récupérer la putain de deuxième page.");
 		}

 		preg_match("`url='.*/user/([^']+)/'`isU", $page2, $matches);
--- a/lib/Jaklis.class.php
+++ b/lib/Jaklis.class.php
@ -15,12 +15,14 @@ class Jaklis {

 	private $msgLimit = 15;

+	private $pubsecDir = __DIR__ .'/../cache/pubsec/';
+
 	private $userPubsecPath;


 	public function __construct ($userPubkey, $mode = 'local') {

-		$this->userPubsecPath = __DIR__ .'/../cache/pubsec/'. $userPubkey .'.dunikey';
+		$this->userPubsecPath = $this->pubsecDir . $userPubkey .'.dunikey';

 		if ($this->mode != 'local') {

@ -32,11 +34,17 @@ class Jaklis {

 		if ($this->mode = 'local') {

-			return [
+			try {

-				$this->getInboundMessages(), 
-				$this->getOutboundMessages()
-			];
+				$msg_in  = $this->getInboundMessages();
+				$msg_out = $this->getOutboundMessages();
+
+			} catch (Exception $errMsg) {
+
+				throw new Exception($errMsg);
+			}
+
+			return [$msg_in, $msg_out];

 		} else {

@ -57,6 +65,11 @@ class Jaklis {
 		$result_code=null;
 		exec($cmd, $output, $result_code);

+		if (empty($output)) {
+
+			throw new Exception('Jaklis marche pô pour les messages entrants.');
+		}
+
 		$json = implode("\n", $output);

 		// echo '<p>' . $cmd . '</p>';
@ -83,6 +96,11 @@ class Jaklis {
 		$result_code=null;
 		exec($cmd, $output, $result_code);

+		if (empty($output)) {
+
+			throw new Exception('Jaklis marche pô pour les messages sortants.');
+		}
+
 		$json = implode("\n", $output);

 		// echo '<p>' . $cmd . '</p>';
--- a/lib/Keygen.class.php
+++ b/lib/Keygen.class.php
@ -2,9 +2,65 @@

 class Keygen {
 	
+	private $keygenPath = __DIR__ . '/../vendors/keygen/keygen';
+
+	private $pubsecDir = __DIR__ .'/../cache/pubsec/';
+
+	private $userPubsecPath;
+
 	public function __construct () {

+	}

+	public function getG1Pub ($salt, $pepper) {
+
+		$salt = str_replace('"', '\"', $salt);
+		$pepper = str_replace('"', '\"', $pepper);
+
+		$cmd  = $this->keygenPath;
+		$cmd .= ' -f pubsec';
+		$cmd .= ' -t duniter';
+		$cmd .= ' "'. $salt .'"';
+		$cmd .= ' "'. $pepper .'"';
+
+		$output=null;
+		$result_code=null;
+		exec($cmd, $output, $result_code);
+
+		// die($cmd . '<br />'. print_r($output, true) . '<br />'. print_r($result_code, true));
+
+		if (empty($output) or empty($output[0])) {
+
+			throw new Exception('Keygen me calcule pas (la G1 pub)');
+		}
+
+		return $output[0];
+	}
+
+	public function generatePubsec ($salt, $pepper) {
+
+		$salt = str_replace('"', '\"', $salt);
+		$pepper = str_replace('"', '\"', $pepper);
+		
+		$userPubkey = $this->getG1Pub($salt, $pepper);
+
+		$cmd  = $this->keygenPath;
+		$cmd .= ' -f pubsec';
+		$cmd .= ' -t duniter';
+		$cmd .= ' "'. $salt .'"';
+		$cmd .= ' "'. $pepper .'"';
+		$cmd .= ' -o '. $this->pubsecDir . $userPubkey . '.dunikey';
+
+		$output=null;
+		$result_code=null;
+		exec($cmd, $output, $result_code);
+
+		// die($cmd . '<br />'. print_r($result_code, true));
+
+		if ($result_code != 0) {
+
+			throw new Exception('Keygen me calcule pas (la dunikey)');
+		}
 	}
 }

--- a/login.php
+++ b/login.php
@ -18,9 +18,10 @@ if (isset($_POST['salt'], $_POST['pepper'])) {
 	try {

 		$playerG1Id = $fred->donneMoiSaPutaindeG1Pub($_POST['salt'], $_POST['pepper']);
+		$keygen->generatePubsec($_POST['salt'], $_POST['pepper']);

 	} catch (Exception $errMsg) {
-		
+
 		ErrorsHandler::kaput($errMsg);
 	}

--- a/messenger.php
+++ b/messenger.php
@ -5,6 +5,7 @@ require_once('lib/Fred.class.php');
 require_once('lib/Messenger.class.php');
 require_once('lib/Gchange.class.php');
 require_once('lib/Jaklis.class.php');
+require_once('lib/ErrorsHandler.class.php');

 $gchange = new Gchange();
 $messenger = new Messenger($gchange);
@ -24,7 +25,15 @@ if (isset($_POST['message'], $_POST['to'])) {
 }

 // $msgIn = $jaklis->getInboundMessages('QP1VkfaFUMdHZmHgPMi7q5wJJHaQhZcEqs5A86NigKr');
-list($msgIn, $msgOut) = $jaklis->getMessages();
+try {
+
+	list($msgIn, $msgOut) = $jaklis->getMessages();
+
+} catch (Exception $errMsg) {
+
+	ErrorsHandler::kaput($errMsg);
+}
+
 // list($msgIn, $msgOut) = $fred->donneMoiSesPutainDeMessagesGchange($_SESSION['salt'], $_SESSION['pepper']);

 // echo '<pre>'; var_dump($msgIn); echo '</pre>';
Author	SHA1	Message	Date
Yann Autissier	4f1dad2ddd	add docker files	2022-11-15 19:51:21 +00:00
Boris	57f635e02f	C'est le maître des clefs	2022-11-15 20:49:57 +01:00
Boris	3d5f09c060	Pour vous, je vais faire une exception	2022-11-15 20:04:38 +01:00
Boris	363079c2e4	J'ère	2022-11-15 20:02:54 +01:00
Boris	ab14667900	Jaklis = Silkaj	2022-11-15 20:01:37 +01:00
				`@ -0,0 +1 @@`
				`DOCKER_SERVICE_80_TAGS=urlprefix-zeg1jeux.${APP_DOMAIN}`