hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-19 20:09:16 +00:00
Code Issues Projects Releases Wiki Activity

nextcloud: sha512 checksum

Browse Source
This commit is contained in:
Wonderfall 2017-02-23 12:29:33 +01:00
parent 40b9ac7dc7
commit f85c390281
14 changed files with 5 additions and 433 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
nextcloud/11.0-fix/Dockerfile
View File

@ -1,119 +0,0 @@
FROM alpine:edge
ARG NEXTCLOUD_VERSION=11.0.1
ARG GNU_LIBICONV_VERSION=1.15
ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A"
ENV UID=991 GID=991 \
UPLOAD_MAX_SIZE=10G \
APC_SHM_SIZE=128M \
OPCACHE_MEM_SIZE=128 \
CRON_PERIOD=15m \
CRON_MEMORY_LIMIT=1g \
TZ=Etc/UTC \
DB_TYPE=sqlite3 \
DOMAIN=localhost
RUN echo "@testing http://alpinelinux.org.ua/vaka/testing" >> /etc/apk/repositories \
&& wget http://alpinelinux.org.ua/vaka/valery.kartel%40gmail.com-5476f68b.rsa.pub -O /etc/apk/keys/valery.kartel@gmail.com-5476f68b.rsa.pub \
&& BUILD_DEPS=" \
gnupg \
tar \
build-base \
autoconf \
automake \
libtool \
samba-dev" \
&& apk -U upgrade && apk add \
${BUILD_DEPS} \
nginx \
s6 \
libressl \
ca-certificates \
libsmbclient \
samba-client \
su-exec \
tzdata \
php7.1@testing \
php7.1-fpm@testing \
php7.1-intl@testing \
php7.1-mbstring@testing \
php7.1-curl@testing \
php7.1-gd@testing \
php7.1-mcrypt@testing \
php7.1-opcache@testing \
php7.1-json@testing \
php7.1-session@testing \
php7.1-pdo@testing \
php7.1-dom@testing \
php7.1-ctype@testing \
php7.1-pdo_mysql@testing \
php7.1-pdo_pgsql@testing \
php7.1-pgsql@testing \
php7.1-pdo_sqlite@testing \
php7.1-sqlite3@testing \
php7.1-zlib@testing \
php7.1-zip@testing \
php7.1-xmlreader@testing \
php7.1-xml@testing \
php7.1-xmlwriter@testing \
php7.1-posix@testing \
php7.1-openssl@testing \
php7.1-ldap@testing \
php7.1-ftp@testing \
php7.1-pcntl@testing \
php7.1-exif@testing \
php7.1-pear@testing \
php7.1-dev@testing \
&& sed -i "$ s|\-n||g" /usr/bin/pecl && pecl install smbclient apcu redis \
&& cd /tmp && wget -q http://ftp.gnu.org/pub/gnu/libiconv/libiconv-${GNU_LIBICONV_VERSION}.tar.gz \
&& tar xzf libiconv-${GNU_LIBICONV_VERSION}.tar.gz && cd libiconv-${GNU_LIBICONV_VERSION} \
&& ./configure --prefix=/usr/local \
&& make && make install && libtool --finish /usr/local/lib && cd /tmp \
&& wget -q http://is1.php.net/get/php-7.1.1.tar.gz/from/this/mirror -O php7.1.tar.gz \
&& tar xzf php7.1.tar.gz && cd /tmp/php-7.1.1/ext/iconv && phpize7.1 \
&& ./configure --with-iconv=/usr/local --with-php-config=/usr/bin/php-config7.1 \
&& make && cp modules/iconv.so /usr/lib/php7.1/modules && cd /tmp \
&& echo "extension=iconv.so" > /etc/php7.1/conf.d/00_iconv.ini \
&& echo "extension=smbclient.so" > /etc/php7.1/conf.d/00_smbclient.ini \
&& echo "extension=redis.so" > /etc/php7.1/conf.d/redis.ini \
&& sed -i 's|;session.save_path = "/tmp"|session.save_path = "/data/session"|g' /etc/php7.1/php.ini \
&& mkdir /nextcloud \
&& NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha256 \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.asc \
&& wget -q https://nextcloud.com/nextcloud.asc \
&& echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \
&& CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \
&& if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \
&& gpg --import nextcloud.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \
&& tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \
&& apk del ${BUILD_DEPS} php7.1-pear php7.1-dev \
&& rm -rf /var/cache/apk/* /tmp/* /root/.gnupg
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7.1/php-fpm.conf
COPY opcache.ini /etc/php7.1/conf.d/00_opcache.ini
COPY apcu.ini /etc/php7.1/conf.d/apcu.ini
COPY run.sh /usr/local/bin/run.sh
COPY setup.sh /usr/local/bin/setup.sh
COPY occ /usr/local/bin/occ
COPY s6.d /etc/s6.d
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /data /config /apps2
EXPOSE 8888
LABEL description="A server software for creating file hosting services" \
nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" \
maintainer="Wonderfall <wonderfall@targaryen.house>"
CMD ["run.sh"]

4
nextcloud/11.0-fix/apcu.ini
View File

@ -1,4 +0,0 @@
extension=apcu.so
apc.enabled=1
apc.shm_size=<APC_SHM_SIZE>
apc.ttl=7200

113
nextcloud/11.0-fix/nginx.conf
View File

@ -1,113 +0,0 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /tmp/ngx_error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
proxy_temp_path /tmp/proxy 1 2;
uwsgi_temp_path /tmp/uwsgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
gzip off;
server {
listen 8888;
root /nextcloud;
client_max_body_size <UPLOAD_MAX_SIZE>;
fastcgi_buffers 64 4K;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 1200;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
}

2
nextcloud/11.0-fix/occ
View File

@ -1,2 +0,0 @@
#!/bin/sh
su-exec $UID:$GID php7.1 /nextcloud/occ $@

8
nextcloud/11.0-fix/opcache.ini
View File

@ -1,8 +0,0 @@
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE>
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=5413
opcache.revalidate_freq=60

18
nextcloud/11.0-fix/php-fpm.conf
View File

@ -1,18 +0,0 @@
[global]
daemonize = no
[www]
listen = /tmp/php-fpm.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 6
chdir = /
request_terminate_timeout = 0
env[PATH] = /usr/local/bin:/usr/bin:/bin
php_admin_value[post_max_size] = <UPLOAD_MAX_SIZE>
php_admin_value[upload_max_filesize] = <UPLOAD_MAX_SIZE>
php_admin_value[max_execution_time] = 10800
php_admin_value[max_input_time] = 3600
php_admin_value[expose_php] = Off

45
nextcloud/11.0-fix/run.sh
View File

@ -1,45 +0,0 @@
#!/bin/sh
sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf /etc/php7.1/php-fpm.conf \
-e "s/<APC_SHM_SIZE>/$APC_SHM_SIZE/g" /etc/php7.1/conf.d/apcu.ini \
-e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /etc/php7.1/conf.d/00_opcache.ini \
-e "s/<CRON_MEMORY_LIMIT>/$CRON_MEMORY_LIMIT/g" /etc/s6.d/cron/run \
-e "s/<CRON_PERIOD>/$CRON_PERIOD/g" /etc/s6.d/cron/run
# Put the configuration and apps into volumes
ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null
ln -sf /apps2 /nextcloud &>/dev/null
mv nextcloud fix && mv fix nextcloud # fix strange bug
# Create folder for php sessions if not exists
if [ ! -d /data/session ]; then
mkdir -p /data/session;
fi
echo "Updating permissions..."
for dir in /nextcloud /data /config /apps2 /etc/nginx /etc/php7.1 /var/log /var/lib/nginx /tmp /etc/s6.d; do
if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then
echo "Updating permissions in $dir..."
chown -R $UID:$GID $dir
else
echo "Permissions in $dir are correct."
fi
done
echo "Done updating permissions."
if [ ! -f /config/config.php ]; then
# New installation, run the setup
/usr/local/bin/setup.sh
else
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
occ maintenance:mode --off
echo "...which seemed to work."
fi
fi
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

3
nextcloud/11.0-fix/s6.d/.s6-svscan/finish
View File

@ -1,3 +0,0 @@
#!/bin/sh
exit 0

6
nextcloud/11.0-fix/s6.d/cron/run
View File

@ -1,6 +0,0 @@
#!/bin/sh
while true; do
php7.1 -d memory_limit=<CRON_MEMORY_LIMIT> -f /nextcloud/cron.php
sleep <CRON_PERIOD>
done

2
nextcloud/11.0-fix/s6.d/nginx/run
View File

@ -1,2 +0,0 @@
#!/bin/sh
exec nginx

2
nextcloud/11.0-fix/s6.d/php/run
View File

@ -1,2 +0,0 @@
#!/bin/sh
exec php-fpm7.1

109
nextcloud/11.0-fix/setup.sh
View File

@ -1,109 +0,0 @@
#!/bin/sh
# Nextcloud
##########################
#source setup/functions.sh # load our functions
#source /etc/mailinabox.conf # load global vars
CONFIGFILE=/config/config.php
# Create an initial configuration file.
instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1)
cat > $CONFIGFILE <<EOF;
<?php
\$CONFIG = array (
'datadirectory' => '/data',
"apps_paths" => array (
0 => array (
"path" => "/nextcloud/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => "/apps2",
"url" => "/apps2",
"writable" => true,
),
),
'memcache.local' => '\OC\Memcache\APCu',
'instanceid' => '$instanceid',
);
?>
EOF
# Create an auto-configuration file to fill in database settings
# when the install script is run. Make an administrator account
# here or else the install can't finish.
adminpassword=$(dd if=/dev/urandom bs=1 count=40 2>/dev/null | sha1sum | fold -w 30 | head -n 1)
cat > /nextcloud/config/autoconfig.php <<EOF;
<?php
\$AUTOCONFIG = array (
# storage/database
'directory' => '/data',
'dbtype' => '${DB_TYPE:-sqlite3}',
'dbname' => '${DB_NAME:-nextcloud}',
'dbuser' => '${DB_USER:-nextcloud}',
'dbpass' => '${DB_PASSWORD:-password}',
'dbhost' => '${DB_HOST:-nextcloud-db}',
'dbtableprefix' => 'oc_',
EOF
if [[ ! -z "$ADMIN_USER" ]]; then
cat >> /nextcloud/config/autoconfig.php <<EOF;
# create an administrator account with a random password so that
# the user does not have to enter anything on first load of ownCloud
'adminlogin' => '${ADMIN_USER}',
'adminpass' => '${ADMIN_PASSWORD}',
EOF
fi
cat >> /nextcloud/config/autoconfig.php <<EOF;
);
?>
EOF
echo "Starting automatic configuration..."
# Execute ownCloud's setup step, which creates the ownCloud database.
# It also wipes it if it exists. And it updates config.php with database
# settings and deletes the autoconfig.php file.
(cd /nextcloud; php7.1 index.php &>/dev/null)
echo "Automatic configuration finished."
# Update config.php.
# * trusted_domains is reset to localhost by autoconfig starting with ownCloud 8.1.1,
# so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so
# this will make sure it has the right value.
# * Some settings weren't included in previous versions of Mail-in-a-Box.
# * We need to set the timezone to the system timezone to allow fail2ban to ban
# users within the proper timeframe
# * We need to set the logdateformat to something that will work correctly with fail2ban
# Use PHP to read the settings file, modify it, and write out the new settings array.
CONFIG_TEMP=$(/bin/mktemp)
php7.1 <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $CONFIGFILE
<?php
include("/config/config.php");
//\$CONFIG['memcache.local'] = '\\OC\\Memcache\\Memcached';
\$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address
\$CONFIG['logtimezone'] = '$TZ';
\$CONFIG['logdateformat'] = 'Y-m-d H:i:s';
echo "<?php\n\\\$CONFIG = ";
var_export(\$CONFIG);
echo ";";
?>
EOF
sed -i "s/localhost/$DOMAIN/g" /config/config.php
chown -R $UID:$GID /config /data
# Enable/disable apps. Note that this must be done after the ownCloud setup.
# The firstrunwizard gave Josh all sorts of problems, so disabling that.
# user_external is what allows ownCloud to use IMAP for login. The contacts
# and calendar apps are the extensions we really care about here.
if [[ ! -z "$ADMIN_USER" ]]; then
occ app:disable firstrunwizard
fi

4
nextcloud/11.0/Dockerfile
View File

@ -80,11 +80,11 @@ RUN echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/r
&& mkdir /nextcloud \
&& NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha256 \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha512 \
&& wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.asc \
&& wget -q https://nextcloud.com/nextcloud.asc \
&& echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \
&& CHECKSUM_STATE=$(echo -n $(sha256sum -c ${NEXTCLOUD_TARBALL}.sha256) | tail -c 2) \
&& CHECKSUM_STATE=$(echo -n $(sha512sum -c ${NEXTCLOUD_TARBALL}.sha512) | tail -c 2) \
&& if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \
&& gpg --import nextcloud.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \

3
nextcloud/daily/Dockerfile
View File

@ -78,6 +78,9 @@ RUN echo "@testing https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/r
&& sed -i 's|;session.save_path = "/tmp"|session.save_path = "/data/session"|g' /etc/php7.1/php.ini \
&& mkdir /nextcloud \
&& wget -q https://download.nextcloud.com/server/daily/latest.tar.bz2 \
&& wget -q https://download.nextcloud.com/server/daily/latest.tar.bz2.sha256 \
&& CHECKSUM_STATE=$(echo -n $(sha256sum -c latest.tar.bz2.sha256 latest.tar.bz2) | tail -c 2) \
&& if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \
&& tar xjf latest.tar.bz2 --strip 1 -C /nextcloud \
&& apk del ${BUILD_DEPS} php7.1-pear php7.1-dev \
&& rm -rf /var/cache/apk/* /tmp/* /root/.gnupg