From cbd5bd5f6b92da6ae6544361b7f07133c6cacc63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois?= Date: Tue, 31 Oct 2023 15:07:39 +0100 Subject: [PATCH] Compile depollueur in Dockerfile (postfix + sympa) --- dockers/postfix/Dockerfile | 63 ++++++++++++++- dockers/postfix/build.sh | 5 -- dockers/sympa/Dockerfile | 157 +++++++++++++++++++++++++------------ dockers/sympa/build.sh | 5 -- 4 files changed, 166 insertions(+), 64 deletions(-) diff --git a/dockers/postfix/Dockerfile b/dockers/postfix/Dockerfile index beae3bd..3be41a8 100644 --- a/dockers/postfix/Dockerfile +++ b/dockers/postfix/Dockerfile @@ -1,3 +1,57 @@ +# tow stage building +# 1) install compiler and compile filter +# 2) copy filter and install postfix +# Doxkerfile patern from https://vsupalov.com/cache-docker-build-dependencies-without-volume-mounting/ +FROM docker.io/mailserver/docker-mailserver:11.3.1 as intermediate_postfix + +######################################## +# APT local cache +# work around because COPY failed if no source file +COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] / +RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true +RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \ + -e "s/deb.debian.org/${APT_MIRROR_DEBIAN}/g" \ + -e "s/security.debian.org/${APT_MIRROR_DEBIAN_SECURITY}/g" \ + -e "s/archive.ubuntu.com/${APT_MIRROR_UBUNTU}/g" \ + -e "s/security.ubuntu.com/${APT_MIRROR_UBUNTU_SECURITY}/g" \ + /etc/apt/sources.list; fi + +######################################## +RUN apt-get update +RUN apt-get -y autoremove +RUN apt-get install -y locales locales-all +RUN sed -i '/fr_FR.UTF-8/s/^# //g' /etc/locale.gen && locale-gen +ENV LC_ALL fr_FR.UTF-8 +ENV LANG fr_FR.UTF-8 +ENV LANGUAGE fr_FR:fr +RUN update-locale LANG=fr_FR.UTF-8 + +RUN apt-get -y install rsyslog apt-utils apg gawk altermime +RUN apt-get -y install libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev +#RUN apt-get -y install emacs elpa-php-mode +RUN apt-get -y install vim nano mailutils bsd-mailx procps dos2unix + +# creation du user filter,son repertoire home, copie des fichiers +RUN mkdir /home/filter ; useradd -d /home/filter filter ; chown filter /home/filter +########## >>> ce qui suit va être jetté +RUN apt-get install -y --fix-missing doxygen dos2unix git \ + build-essential make g++ libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev libssl-dev +WORKDIR /home/ +RUN git clone https://git.kaz.bzh/KAZ/depollueur.git +WORKDIR /home/depollueur/ +RUN make +########## <<< on ne garde que le répertoire ci-dessous +RUN cp build/out/* /home/filter/ +RUN cp src/bash/* /home/filter/ + +########################################################################## +# ###################################################################### # +# # # # +# # On jette tous ce qui est au-dessus pour ne garder que /home/filter # # +# # # # +# ###################################################################### # +########################################################################## + FROM docker.io/mailserver/docker-mailserver:11.3.1 ######################################## @@ -29,17 +83,20 @@ RUN apt-get -y install vim nano mailutils bsd-mailx procps dos2unix # creation du user filter,son repertoire home, copie des fichiers RUN mkdir /home/filter ; useradd -d /home/filter filter ; chown filter /home/filter -COPY dockers/postfix/filter/* /home/filter/ +########## >>> On fait excatement la même chose que la première fois * +########## pour profiter du cahe des couche de docker +COPY --from=intermediate_postfix /home/filter /home/filter +########## <<< mais cette fois on n'installe pas le compilo RUN chown filter /home/filter/*; chmod 755 /home/filter/* # creation du repertoire filter et application des bons droits pour le filtre -RUN touch /var/log/mail/filter.log ; chown filter /var/log/mail/filter.log ; chmod 777 /var/log/mail/filter.log +RUN mkdir -p /var/log/mail; touch /var/log/mail/filter.log ; chown filter /var/log/mail/filter.log ; chmod 777 /var/log/mail/filter.log RUN mkdir -p /var/spool/filter ; chmod 775 /var/spool/filter ; chown filter /var/spool/filter RUN mkdir -p /var/log/mail/pb ; chmod a+rwx /var/log/mail/pb RUN sed -i '5i/var/log/mail/filter.log' /etc/logrotate.d/rsyslog # modif des fichiers de postfix -RUN cat /home/filter/master.cf.update >>/etc/postfix/master.cf +RUN cp /home/filter/master.cf.update /etc/postfix/master.cf RUN sed -i -e 's/reject_rbl_client bl.spamcop.net$//g' /etc/postfix/main.cf RUN awk -i inplace 'BEGIN {cp=0} /127.0.0.1:10025/ {cp=1} /content_filter=/ {if (cp) gsub("content_filter=.*", "content_filter=filter:dummy"); print $0; cp=0; next} {print}' /etc/postfix/master.cf diff --git a/dockers/postfix/build.sh b/dockers/postfix/build.sh index 7a8a4d1..ccf6418 100755 --- a/dockers/postfix/build.sh +++ b/dockers/postfix/build.sh @@ -4,13 +4,8 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars -"${KAZ_BIN_DIR}/installDepollueur.sh" - printKazMsg "\n *** Création du Dockerfile Postfix" cd "${KAZ_ROOT}" -mkdir -p dockers/postfix/filter/ -rsync -a git/depollueur/src/bash/* git/depollueur/build/out/* dockers/postfix/filter/ - docker build -t postfixkaz . -f dockers/postfix/Dockerfile diff --git a/dockers/sympa/Dockerfile b/dockers/sympa/Dockerfile index 3e32283..d2228b4 100644 --- a/dockers/sympa/Dockerfile +++ b/dockers/sympa/Dockerfile @@ -7,6 +7,60 @@ # Fanch janvier 2022 # migration en bullseye, tentative de rendre générique +# François le 31 octobre 2023 +# tow stage building +# 1) install compiler and compile filter +# 2) copy filter and install postfix +# Doxkerfile patern from https://vsupalov.com/cache-docker-build-dependencies-without-volume-mounting/ +FROM debian:bullseye as intermediate_sympa + +######################################## +# APT local cache +# work around because COPY failed if no source file +COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] / +RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true +RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \ + -e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \ + -e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \ + -e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \ + -e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \ + /etc/apt/sources.list; fi + +######################################## +RUN apt-get update \ + && apt-get install -y locales locales-all \ + && sed -i '/fr_FR.UTF-8/s/^# //g' /etc/locale.gen && locale-gen +ENV LC_ALL fr_FR.UTF-8 +ENV LANG fr_FR.UTF-8 +ENV LANGUAGE fr_FR:fr +RUN update-locale LANG=fr_FR.UTF-8 \ + && echo sympa >/etc/hostname + +RUN apt-get -y install libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev +#RUN apt-get -y install emacs elpa-php-mode +RUN apt-get -y install procps dos2unix + +# creation du user filter,son repertoire home, copie des fichiers +RUN mkdir /home/filter ; useradd -d /home/filter filter ; chown filter /home/filter +########## >>> ce qui suit va être jetté +RUN apt-get install -y --fix-missing doxygen dos2unix git \ + build-essential make g++ libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev libssl-dev +WORKDIR /home/ +RUN git clone https://git.kaz.bzh/KAZ/depollueur.git +WORKDIR /home/depollueur/ +RUN make +########## <<< on ne garde que le répertoire ci-dessous +RUN cp build/out/* /home/filter/ +RUN cp src/bash/* /home/filter/ + +########################################################################## +# ###################################################################### # +# # # # +# # On jette tous ce qui est au-dessus pour ne garder que /home/filter # # +# # # # +# ###################################################################### # +########################################################################## + FROM debian:bullseye ######################################## @@ -15,67 +69,68 @@ FROM debian:bullseye COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] / RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \ - -e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \ - -e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \ - -e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \ - -e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \ - /etc/apt/sources.list; fi + -e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \ + -e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \ + -e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \ + -e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \ + /etc/apt/sources.list; fi ######################################## RUN apt-get update \ - && apt-get install -y locales locales-all \ - && sed -i '/fr_FR.UTF-8/s/^# //g' /etc/locale.gen && locale-gen + && apt-get install -y locales locales-all \ + && sed -i '/fr_FR.UTF-8/s/^# //g' /etc/locale.gen && locale-gen ENV LC_ALL fr_FR.UTF-8 ENV LANG fr_FR.UTF-8 ENV LANGUAGE fr_FR:fr RUN update-locale LANG=fr_FR.UTF-8 \ - && echo sympa >/etc/hostname + && echo sympa >/etc/hostname + +RUN apt-get -y install libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev +#RUN apt-get -y install emacs elpa-php-mode +RUN apt-get -y install procps dos2unix + +# creation du user filter,son repertoire home, copie des fichiers +RUN mkdir /home/filter ; useradd -d /home/filter filter ; chown filter /home/filter +########## >>> On fait excatement la même chose que la première fois * +########## pour profiter du cahe des couche de docker +COPY --from=intermediate_sympa /home/filter /home/filter +########## <<< mais cette fois on n'installe pas le compilo +RUN chown filter /home/filter/*; chmod 755 /home/filter/* + +# creation du repertoire filter et application des bons droits pour le filtre +RUN mkdir -p /var/log/mail; touch /var/log/mail/filter.log ; chown filter /var/log/mail/filter.log ; chmod 777 /var/log/mail/filter.log +RUN mkdir -p /var/spool/filter ; chmod 775 /var/spool/filter ; chown filter /var/spool/filter +RUN mkdir -p /var/log/mail/pb ; chmod a+rwx /var/log/mail/pb COPY dockers/sympa/config/sympa.preseed /tmp/sympa.preseed RUN debconf-set-selections < /tmp/sympa.preseed \ - && apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends sympa apache2 postfix supervisor anacron spawn-fcgi libapache2-mod-fcgid apg curl libboost-program-options-dev libboost-system-dev libboost-filesystem-dev \ - \ - && a2enmod rewrite ssl proxy_fcgi \ - && a2ensite default-ssl \ - && a2enconf sympa-soap \ - \ - && sed \ + && apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends sympa apache2 postfix supervisor anacron spawn-fcgi libapache2-mod-fcgid apg curl \ + && a2enmod rewrite ssl proxy_fcgi \ + && a2ensite default-ssl \ + && a2enconf sympa-soap \ + \ + && sed \ -e 's%SSLCertificateKeyFile\s.*$%SSLCertificateKeyFile ENVKEY%g' \ -e 's%SSLCertificateFile\s.*$%SSLCertificateFile ENVCERT%g' \ -i /etc/apache2/sites-available/default-ssl.conf \ - && sed \ + && sed \ -e '/ServerName/a Redirect / https://MAILNAME.DOMAINNAME/' \ -i /etc/apache2/sites-available/000-default.conf \ - && echo '\n \n\n' > /var/www/html/index.html \ - && sed -e 's%ScriptAlias.*%ProxyPass "/wws" "fcgi://localhost:8442/"%' -i /etc/apache2/conf-enabled/sympa.conf \ - && sed -e 's%ScriptAlias.*%ProxyPass "/sympasoap" "fcgi://localhost:8443/"%' -i /etc/apache2/conf-enabled/sympa-soap.conf - - -# creation du user filter,son repertoire home, copie des fichiers pour faire fonctionner le shrinker -RUN mkdir /home/filter && useradd -d /home/filter filter && chown filter /home/filter -COPY dockers/sympa/filter/* /home/filter/ -RUN chown filter /home/filter/* && chmod 755 /home/filter/* - -# creation du repertoire de log filter et application des bons droits pour le filtre -RUN mkdir -p /var/log/mail \ - && touch /var/log/mail/filter.log \ - && chown filter /var/log/mail/filter.log \ - && chmod 777 /var/log/mail/filter.log \ - && mkdir -p /var/spool/filter \ - && chmod 775 /var/spool/filter \ - && chown filter /var/spool/filter + && echo '\n \n\n' > /var/www/html/index.html \ + && sed -e 's%ScriptAlias.*%ProxyPass "/wws" "fcgi://localhost:8442/"%' -i /etc/apache2/conf-enabled/sympa.conf \ + && sed -e 's%ScriptAlias.*%ProxyPass "/sympasoap" "fcgi://localhost:8443/"%' -i /etc/apache2/conf-enabled/sympa-soap.conf # pour le confort : modif du .bashrc de root RUN sed -i 's/# alias/alias/g' /root/.bashrc \ - && sed -i 's/# export/export/g' /root/.bashrc \ - && sed -i 's/# eval/eval/g' /root/.bashrc + && sed -i 's/# export/export/g' /root/.bashrc \ + && sed -i 's/# eval/eval/g' /root/.bashrc COPY dockers/sympa/config/supervisord.conf /etc/supervisord.conf RUN touch /var/log/sympa.log \ - && chmod 640 /var/log/sympa.log \ - && echo "local1.* -/var/log/sympa.log" >>/etc/rsyslog.conf + && chmod 640 /var/log/sympa.log \ + && echo "local1.* -/var/log/sympa.log" >>/etc/rsyslog.conf # configuration de postfix COPY dockers/sympa/config/transport /etc/postfix/ @@ -84,30 +139,30 @@ RUN bash /tmp/postfix.sh # # modif des fichiers de postfix pour filter RUN cat /home/filter/master.cf.update >>/etc/postfix/master.cf \ - && sed -i 's/^\(smtp .*smtpd\)$/\1\n\t-o content_filter=filter:dummy/' /etc/postfix/master.cf + && sed -i 's/^\(smtp .*smtpd\)$/\1\n\t-o content_filter=filter:dummy/' /etc/postfix/master.cf # pour qu'admin@kaz.bzh recoivent les mails d'anomalie RUN echo "root: ADMIN_EMAIL" >> /etc/aliases \ - && postalias hash:/etc/aliases + && postalias hash:/etc/aliases # Configuration de sympa RUN echo aliases_program postalias >>/etc/sympa/sympa/sympa.conf \ - && echo sendmail /usr/sbin/sendmail >>/etc/sympa/sympa/sympa.conf \ - && echo soap_url /sympasoap >>/etc/sympa/sympa/sympa.conf \ - && cp /usr/share/doc/sympa/examples/script/sympa_soap_client.pl.gz /usr/lib/sympa/bin/ \ - && gunzip /usr/lib/sympa/bin/sympa_soap_client.pl.gz \ - && chmod +x /usr/lib/sympa/bin/sympa_soap_client.pl \ - && chown sympa:sympa /usr/lib/sympa/lib/sympa/* \ - && chmod u+s /usr/lib/sympa/lib/sympa/* + && echo sendmail /usr/sbin/sendmail >>/etc/sympa/sympa/sympa.conf \ + && echo soap_url /sympasoap >>/etc/sympa/sympa/sympa.conf \ + && cp /usr/share/doc/sympa/examples/script/sympa_soap_client.pl.gz /usr/lib/sympa/bin/ \ + && gunzip /usr/lib/sympa/bin/sympa_soap_client.pl.gz \ + && chmod +x /usr/lib/sympa/bin/sympa_soap_client.pl \ + && chown sympa:sympa /usr/lib/sympa/lib/sympa/* \ + && chmod u+s /usr/lib/sympa/lib/sympa/* COPY dockers/sympa/config/aliases.sympa.postfix /etc/sympa/aliases.sympa.postfix COPY dockers/sympa/config/trusted_applications.conf /etc/sympa/trusted_applications.conf RUN postconf "alias_maps = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix,hash:/etc/mail/sympa/aliases" \ - && postconf "alias_database = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix" \ - && postalias hash:/etc/sympa/aliases.sympa.postfix \ - && usermod -a -G sympa postfix + && postconf "alias_database = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix" \ + && postalias hash:/etc/sympa/aliases.sympa.postfix \ + && usermod -a -G sympa postfix COPY dockers/sympa/config/postfix-wrapper.sh /usr/local/bin/ RUN chmod a+x /usr/local/bin/postfix-wrapper.sh diff --git a/dockers/sympa/build.sh b/dockers/sympa/build.sh index 0545d5d..cd467a0 100755 --- a/dockers/sympa/build.sh +++ b/dockers/sympa/build.sh @@ -4,12 +4,7 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd) . "${KAZ_ROOT}/bin/.commonFunctions.sh" setKazVars -"${KAZ_BIN_DIR}/installDepollueur.sh" - printKazMsg "\n *** Création du Dockerfile Sympa" cd "${KAZ_ROOT}" -mkdir -p dockers/postfix/filter/ -rsync -a git/depollueur/src/bash/* git/depollueur/build/out/* dockers/sympa/filter/ -#TODO copier les lib depuis le git ce qui permet de faire les commandes de link et copy dans le Dockerfile docker build --no-cache -t sympakaz . -f dockers/sympa/Dockerfile