fossilfranv/monica
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use gpg sign to check content (#13)

Browse Source
This commit is contained in:
Alexis Saettler 2020-05-15 21:04:26 +02:00 committed by GitHub
parent a01ff8e203
commit 3df6c3ab71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 114 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Dockerfile-alpine.template
View File

@ -104,20 +104,32 @@ RUN set -ex; \
WORKDIR /var/www/html WORKDIR /var/www/html
# Define Monica version and expected SHA512 signature # Define Monica version
ENV MONICA_VERSION %%VERSION%% ENV MONICA_VERSION %%VERSION%%
ENV MONICA_SHA512 %%SHA512%%
RUN set -ex; \ RUN set -ex; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
bzip2 \ bzip2 \
gnupg \
; \ ; \
\ \
curl -fsSL -o monica.tar.bz2 "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.tar.bz2"; \ for ext in tar.bz2 tar.bz2.asc; do \
echo "$MONICA_SHA512 monica.tar.bz2" | sha512sum -c -; \ curl -fsSL -o monica-${MONICA_VERSION}.$ext "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.$ext"; \
done; \
\ \
tar -xf monica.tar.bz2 -C /var/www/html --strip-components=1; \ GPGKEY='BDAB0D0D36A00466A2964E85DE15667131EA6018'; \
rm monica.tar.bz2; \ export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver ipv4.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keys.gnupg.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPGKEY"; \
gpg --batch --verify monica-${MONICA_VERSION}.tar.bz2.asc monica-${MONICA_VERSION}.tar.bz2; \
\
tar -xf monica-${MONICA_VERSION}.tar.bz2 -C /var/www/html --strip-components=1; \
\
gpgconf --kill all; \
rm -r "$GNUPGHOME" monica-${MONICA_VERSION}.tar.bz2 monica-${MONICA_VERSION}.tar.bz2.asc; \
\ \
cp /var/www/html/.env.example /var/www/html/.env; \ cp /var/www/html/.env.example /var/www/html/.env; \
chown -R www-data:www-data /var/www/html; \ chown -R www-data:www-data /var/www/html; \

33
Dockerfile-debian.template
View File

@ -115,22 +115,41 @@ RUN set -ex; \
WORKDIR /var/www/html WORKDIR /var/www/html
# Define Monica version and expected SHA512 signature # Define Monica version
ENV MONICA_VERSION %%VERSION%% ENV MONICA_VERSION %%VERSION%%
ENV MONICA_SHA512 %%SHA512%%
%%APACHE_DOCUMENT%% %%APACHE_DOCUMENT%%
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \
gnupg \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\ \
curl -fsSL -o monica.tar.bz2 "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.tar.bz2"; \ for ext in tar.bz2 tar.bz2.asc; do \
echo "$MONICA_SHA512 monica.tar.bz2" | sha512sum -c -; \ curl -fsSL -o monica-${MONICA_VERSION}.$ext "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.$ext"; \
done; \
\ \
tar -xf monica.tar.bz2 -C /var/www/html --strip-components=1; \ GPGKEY='BDAB0D0D36A00466A2964E85DE15667131EA6018'; \
rm monica.tar.bz2; \ export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver ipv4.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keys.gnupg.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPGKEY"; \
gpg --batch --verify monica-${MONICA_VERSION}.tar.bz2.asc monica-${MONICA_VERSION}.tar.bz2; \
\
tar -xf monica-${MONICA_VERSION}.tar.bz2 -C /var/www/html --strip-components=1; \
\
gpgconf --kill all; \
rm -r "$GNUPGHOME" monica-${MONICA_VERSION}.tar.bz2 monica-${MONICA_VERSION}.tar.bz2.asc; \
\ \
cp /var/www/html/.env.example /var/www/html/.env; \ cp /var/www/html/.env.example /var/www/html/.env; \
chown -R www-data:www-data /var/www/html chown -R www-data:www-data /var/www/html; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY entrypoint.sh \ COPY entrypoint.sh \
queue.sh \ queue.sh \

33
apache/Dockerfile
View File

@ -122,24 +122,43 @@ RUN set -ex; \
WORKDIR /var/www/html WORKDIR /var/www/html
# Define Monica version and expected SHA512 signature # Define Monica version
ENV MONICA_VERSION v2.17.0 ENV MONICA_VERSION v2.17.0
ENV MONICA_SHA512 9e208f3aee15eb8ffcd33aa834fc2a4c07ef3396234132d76e2563e0c17c596e5f505aa6527625b13be1f564f8583c4bbd2a54c44d26f8e9c8418d9636c8720b
ENV APACHE_DOCUMENT_ROOT /var/www/html/public ENV APACHE_DOCUMENT_ROOT /var/www/html/public
RUN set -eu; sed -ri -e "s!/var/www/html!${APACHE_DOCUMENT_ROOT}!g" /etc/apache2/sites-available/*.conf; \ RUN set -eu; sed -ri -e "s!/var/www/html!${APACHE_DOCUMENT_ROOT}!g" /etc/apache2/sites-available/*.conf; \
sed -ri -e "s!/var/www/!${APACHE_DOCUMENT_ROOT}!g" /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf sed -ri -e "s!/var/www/!${APACHE_DOCUMENT_ROOT}!g" /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \
gnupg \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\ \
curl -fsSL -o monica.tar.bz2 "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.tar.bz2"; \ for ext in tar.bz2 tar.bz2.asc; do \
echo "$MONICA_SHA512 monica.tar.bz2" | sha512sum -c -; \ curl -fsSL -o monica-${MONICA_VERSION}.$ext "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.$ext"; \
done; \
\ \
tar -xf monica.tar.bz2 -C /var/www/html --strip-components=1; \ GPGKEY='BDAB0D0D36A00466A2964E85DE15667131EA6018'; \
rm monica.tar.bz2; \ export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver ipv4.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keys.gnupg.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPGKEY"; \
gpg --batch --verify monica-${MONICA_VERSION}.tar.bz2.asc monica-${MONICA_VERSION}.tar.bz2; \
\
tar -xf monica-${MONICA_VERSION}.tar.bz2 -C /var/www/html --strip-components=1; \
\
gpgconf --kill all; \
rm -r "$GNUPGHOME" monica-${MONICA_VERSION}.tar.bz2 monica-${MONICA_VERSION}.tar.bz2.asc; \
\ \
cp /var/www/html/.env.example /var/www/html/.env; \ cp /var/www/html/.env.example /var/www/html/.env; \
chown -R www-data:www-data /var/www/html chown -R www-data:www-data /var/www/html; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY entrypoint.sh \ COPY entrypoint.sh \
queue.sh \ queue.sh \

24
fpm-alpine/Dockerfile
View File

@ -111,20 +111,32 @@ RUN set -ex; \
WORKDIR /var/www/html WORKDIR /var/www/html
# Define Monica version and expected SHA512 signature # Define Monica version
ENV MONICA_VERSION v2.17.0 ENV MONICA_VERSION v2.17.0
ENV MONICA_SHA512 9e208f3aee15eb8ffcd33aa834fc2a4c07ef3396234132d76e2563e0c17c596e5f505aa6527625b13be1f564f8583c4bbd2a54c44d26f8e9c8418d9636c8720b
RUN set -ex; \ RUN set -ex; \
apk add --no-cache --virtual .fetch-deps \ apk add --no-cache --virtual .fetch-deps \
bzip2 \ bzip2 \
gnupg \
; \ ; \
\ \
curl -fsSL -o monica.tar.bz2 "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.tar.bz2"; \ for ext in tar.bz2 tar.bz2.asc; do \
echo "$MONICA_SHA512 monica.tar.bz2" | sha512sum -c -; \ curl -fsSL -o monica-${MONICA_VERSION}.$ext "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.$ext"; \
done; \
\ \
tar -xf monica.tar.bz2 -C /var/www/html --strip-components=1; \ GPGKEY='BDAB0D0D36A00466A2964E85DE15667131EA6018'; \
rm monica.tar.bz2; \ export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver ipv4.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keys.gnupg.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPGKEY"; \
gpg --batch --verify monica-${MONICA_VERSION}.tar.bz2.asc monica-${MONICA_VERSION}.tar.bz2; \
\
tar -xf monica-${MONICA_VERSION}.tar.bz2 -C /var/www/html --strip-components=1; \
\
gpgconf --kill all; \
rm -r "$GNUPGHOME" monica-${MONICA_VERSION}.tar.bz2 monica-${MONICA_VERSION}.tar.bz2.asc; \
\ \
cp /var/www/html/.env.example /var/www/html/.env; \ cp /var/www/html/.env.example /var/www/html/.env; \
chown -R www-data:www-data /var/www/html; \ chown -R www-data:www-data /var/www/html; \

33
fpm/Dockerfile
View File

@ -122,22 +122,41 @@ RUN set -ex; \
WORKDIR /var/www/html WORKDIR /var/www/html
# Define Monica version and expected SHA512 signature # Define Monica version
ENV MONICA_VERSION v2.17.0 ENV MONICA_VERSION v2.17.0
ENV MONICA_SHA512 9e208f3aee15eb8ffcd33aa834fc2a4c07ef3396234132d76e2563e0c17c596e5f505aa6527625b13be1f564f8583c4bbd2a54c44d26f8e9c8418d9636c8720b
RUN set -ex; \ RUN set -ex; \
fetchDeps=" \
gnupg \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\ \
curl -fsSL -o monica.tar.bz2 "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.tar.bz2"; \ for ext in tar.bz2 tar.bz2.asc; do \
echo "$MONICA_SHA512 monica.tar.bz2" | sha512sum -c -; \ curl -fsSL -o monica-${MONICA_VERSION}.$ext "https://github.com/monicahq/monica/releases/download/${MONICA_VERSION}/monica-${MONICA_VERSION}.$ext"; \
done; \
\ \
tar -xf monica.tar.bz2 -C /var/www/html --strip-components=1; \ GPGKEY='BDAB0D0D36A00466A2964E85DE15667131EA6018'; \
rm monica.tar.bz2; \ export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver ipv4.pool.sks-keyservers.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keys.gnupg.net --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPGKEY" \
|| gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPGKEY"; \
gpg --batch --verify monica-${MONICA_VERSION}.tar.bz2.asc monica-${MONICA_VERSION}.tar.bz2; \
\
tar -xf monica-${MONICA_VERSION}.tar.bz2 -C /var/www/html --strip-components=1; \
\
gpgconf --kill all; \
rm -r "$GNUPGHOME" monica-${MONICA_VERSION}.tar.bz2 monica-${MONICA_VERSION}.tar.bz2.asc; \
\ \
cp /var/www/html/.env.example /var/www/html/.env; \ cp /var/www/html/.env.example /var/www/html/.env; \
chown -R www-data:www-data /var/www/html chown -R www-data:www-data /var/www/html; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY entrypoint.sh \ COPY entrypoint.sh \
queue.sh \ queue.sh \

2
update.sh
View File

@ -72,7 +72,6 @@ declare -A pecl_versions=(
version="$(curl -fsSL 'https://api.github.com/repos/monicahq/monica/releases/latest' | jq -r '.tag_name')" version="$(curl -fsSL 'https://api.github.com/repos/monicahq/monica/releases/latest' | jq -r '.tag_name')"
commit="$(curl -fsSL 'https://api.github.com/repos/monicahq/monica/tags' | jq -r 'map(select(.name | contains ("'$version'"))) | .[].commit.sha')" commit="$(curl -fsSL 'https://api.github.com/repos/monicahq/monica/tags' | jq -r 'map(select(.name | contains ("'$version'"))) | .[].commit.sha')"
sha512="$(curl -fsSL "https://github.com/monicahq/monica/releases/download/$version/monica-$version.sha512" | grep monica-$version.tar.bz2 | awk '{ print $1 }')"
set -x set -x
@ -88,7 +87,6 @@ for variant in apache fpm fpm-alpine; do
s#%%LABEL%%#'"$label"'#; s#%%LABEL%%#'"$label"'#;
s/%%VERSION%%/'"$version"'/; s/%%VERSION%%/'"$version"'/;
s/%%COMMIT%%/'"$commit"'/; s/%%COMMIT%%/'"$commit"'/;
s/%%SHA512%%/'"$sha512"'/;
s/%%CMD%%/'"${cmd[$variant]}"'/; s/%%CMD%%/'"${cmd[$variant]}"'/;
s#%%APACHE_DOCUMENT%%#'"${document[$variant]}"'#; s#%%APACHE_DOCUMENT%%#'"${document[$variant]}"'#;
s/%%APCU_VERSION%%/'"${pecl_versions[APCu]}"'/; s/%%APCU_VERSION%%/'"${pecl_versions[APCu]}"'/;