From 5b6084aad68ff5a617f4f8be8610f87993369090 Mon Sep 17 00:00:00 2001 From: qo-op Date: Mon, 9 Jan 2023 20:13:24 +0000 Subject: [PATCH] fix certbot version --- docker/certbot/Dockerfile | 41 +++++++++++++++++++++++++-------------- make/apps/def.build.mk | 2 +- make/apps/docker.mk | 1 + make/apps/myos/setup.mk | 2 +- stack/host/acme.mk | 2 +- stack/host/host.mk | 2 +- 6 files changed, 31 insertions(+), 19 deletions(-) diff --git a/docker/certbot/Dockerfile b/docker/certbot/Dockerfile index c4dc47f..ea9afae 100644 --- a/docker/certbot/Dockerfile +++ b/docker/certbot/Dockerfile @@ -1,47 +1,58 @@ -# FROM certbot/certbot:latest as dist -FROM python:3.8-alpine as dist +FROM python:3.11-alpine as dist LABEL maintainer aynic.os ARG DOCKER_BUILD_DIR +ARG CERTBOT_VERSION=1.32.0 # RUN pip install \ RUN apk --no-cache add --virtual .build-deps \ + augeas-dev \ build-base \ libffi-dev \ && pip install \ - certbot \ + acme==$CERTBOT_VERSION \ + certbot==$CERTBOT_VERSION \ +# certbot-apache \ certbot-dns-azure \ # certbot-dns-bunny \ -# certbot-dns-clouddns \ + certbot-dns-clouddns \ certbot-dns-cloudflare \ -# certbot-dns-cloudxns \ + certbot-dns-cloudxns \ certbot-dns-digitalocean \ -# certbot-dns-dnsmadeeasy \ -# certbot-dns-dnsimple \ + certbot-dns-dnsmadeeasy \ + certbot-dns-dnsimple \ # certbot-dns-gehirn \ -# certbot-dns-godaddy \ + certbot-dns-godaddy \ certbot-dns-google \ certbot-dns-infomaniak \ # certbot-dns-inwx \ certbot-dns-ispconfig \ -# certbot-dns-lightsail \ + certbot-dns-lightsail \ certbot-dns-linode \ -# certbot-dns-luadns \ -# certbot-dns-njalla \ + certbot-dns-luadns \ + certbot-dns-njalla \ # certbot-dns-nsone \ certbot-dns-ovh \ certbot-dns-rfc2136 \ certbot-dns-route53 \ # certbot-dns-sakuracloud \ certbot-dns-standalone \ -# certbot-dns-yandexcloud \ + certbot-dns-yandexcloud \ # certbot-ext-auth future \ + certbot-nginx \ certbot-plugin-gandi \ certbot-s3front \ -# certbot_dns_duckdns \ -# certbot_dns_porkbun \ + certbot_dns_duckdns \ + certbot_dns_porkbun \ # letsencrypt-pritunl \ # letsencrypt-proxmox \ - && apk del .build-deps + && runDeps="$( \ + scanelf --needed --nobanner --recursive /usr \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk del .build-deps \ + && apk add --no-cache --virtual .run-deps $runDeps COPY ${DOCKER_BUILD_DIR}/certbot-renew /etc/periodic/daily/ COPY ${DOCKER_BUILD_DIR}/docker-entrypoint.sh /docker-entrypoint.sh diff --git a/make/apps/def.build.mk b/make/apps/def.build.mk index 275e2f4..47bc066 100644 --- a/make/apps/def.build.mk +++ b/make/apps/def.build.mk @@ -3,7 +3,7 @@ BUILD_DATE ?= $(shell TZ=UTC date "+%Y%m%dT%H%M%SZ" 2>/dev/ BUILD_DESCRIPTION ?= Lot of Love BUILD_DOCUMENTATION ?= $(APP_REPOSITORY_URL)$(if $(wildcard README.md),/blob/$(COMMIT)/README.md) BUILD_ENV_VARS ?= APP BRANCH BUILD_DATE BUILD_STATUS COMMIT DEPLOY_HOOK_URL ENV UID USER VERSION -BUILD_LABEL_VARS ?= org.label-schema.% org.opencontainers.% os.my.% +BUILD_LABEL_VARS ?= org.opencontainers.% os.my.% BUILD_LABEL_ARGS ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),$(var)='$($(var))')) BUILD_LICENSE ?= GPL-3.0 BUILD_NAME ?= $(COMPOSE_SERVICE_NAME)-$(BUILD_SERVICE) diff --git a/make/apps/docker.mk b/make/apps/docker.mk index c40459a..6642f1e 100644 --- a/make/apps/docker.mk +++ b/make/apps/docker.mk @@ -221,6 +221,7 @@ docker-run: # target docker-run-%: Call docker-run with image % and command ARGS .PHONY: docker-run-% +docker-run-%: DOCKER_RUN_OPTIONS += -it docker-run-%: docker-build-% $(eval command := $(ARGS)) $(eval path := $(patsubst %/,%,$*)) diff --git a/make/apps/myos/setup.mk b/make/apps/myos/setup.mk index dd5bc81..61123a0 100644 --- a/make/apps/myos/setup.mk +++ b/make/apps/myos/setup.mk @@ -41,7 +41,7 @@ endif .PHONY: setup-ufw setup-ufw: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME) setup-ufw: DOCKER_RUN_NETWORK := -setup-ufw: DOCKER_RUN_OPTIONS := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host +setup-ufw: DOCKER_RUN_OPTIONS := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host --restart always setup-ufw: ifeq ($(SETUP_UFW),true) $(call app-install,$(SETUP_UFW_REPOSITORY)) diff --git a/stack/host/acme.mk b/stack/host/acme.mk index 9ea7ae0..858f21f 100644 --- a/stack/host/acme.mk +++ b/stack/host/acme.mk @@ -1,3 +1,3 @@ ENV_VARS += HOST_ACME_POST_HOOK HOST_ACME_PRE_HOOK -HOST_ACME_DOMAIN_PATH_VALID ?= $$(echo $${DOMAIN_PATH:-} |awk "'"/^[0-9a-z_\-\.\+\/]+@[0-9a-z_\-\.]+\.[a-z0-9_\-\.\+\/]+$$/"'") +HOST_ACME_DOMAIN_PATH_VALID ?= $$(echo $${DOMAIN_PATH:-} |awk "'"/^[0-9a-z_\-\.\+\/]+@[0-9a-z\-]+\.[a-z0-9_\-\.\+\/]+$$/"'") HOST_ACME_POST_HOOK ?= [ "$(HOST_ACME_DOMAIN_PATH_VALID)" ] && cp fullchain.cer /host/certs/$${domain}-cert.pem 2>/dev/null && cp $${domain}.key /host/certs/$${domain}-key.pem diff --git a/stack/host/host.mk b/stack/host/host.mk index dca2c99..c00b0d3 100644 --- a/stack/host/host.mk +++ b/stack/host/host.mk @@ -94,7 +94,7 @@ host-certbot-staging: host-docker-build-certbot # target host-docker-build-%: Build % docker .PHONY: host-docker-build-% host-docker-build-%: - $(call docker-build,docker/$*,host/$*:$(DOCKER_IMAGE_TAG)) + $(call docker-build,docker/$*,$(HOST_DOCKER_REPOSITORY)/$*:$(DOCKER_IMAGE_TAG)) # target host-docker-rebuild-%: Rebuild % docker .PHONY: host-docker-rebuild-%