diff --git a/alpinelinux/Dockerfile b/alpinelinux/Dockerfile index 41a3ea7..25a76e6 100644 --- a/alpinelinux/Dockerfile +++ b/alpinelinux/Dockerfile @@ -3,13 +3,14 @@ FROM alpine:latest as acmesh_artifacts # os related operations below: RUN apk -U --no-cache upgrade -RUN apk add --no-cache curl gzip tar +RUN apk add --no-cache curl gzip tar util-linux xz # Set ARGS ARG acmesh_version=master ARG acmesh_link="https://github.com/acmesh-official/acme.sh/archive/${acmesh_version}.tar.gz" ARG acmesh_artifacts_dir=/opt/acmesh -ARG s6_overlay_version=2.2.0.3 +ARG s6_artifacts_dir=/opt/s6 +ARG s6_overlay_version=3.0.0.2-2 # Download and place acme.sh inside the container RUN mkdir -p "${acmesh_artifacts_dir}" \ @@ -18,18 +19,36 @@ RUN mkdir -p "${acmesh_artifacts_dir}" \ && rm -rf "/tmp/acmesh-${acmesh_version}.tar.gz" \ && "${acmesh_artifacts_dir}"/acme.sh --help -# Download and install s6-overlay-builder -ADD https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-amd64-installer /tmp/ -RUN chmod +x /tmp/s6-overlay-amd64-installer +# Download s6-overlay artifacts and checksum files +RUN mkdir -p ${s6_artifacts_dir} \ + && CPU_ARCH=$(lscpu | grep Architecture | cut -f2 -d":" | xargs) \ + && echo "CPU ARCH is: ${CPU_ARCH}" \ + && curl --fail --location --remote-header-name --output "/tmp/s6-overlay-noarch.tar.xz" \ + https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-noarch-${s6_overlay_version}.tar.xz \ + && curl --fail --location --remote-header-name --output "/tmp/s6-overlay-noarch.tar.xz.sha256" \ + https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-noarch-${s6_overlay_version}.tar.xz.sha256 \ + && curl --fail --location --remote-header-name --output "/tmp/s6-overlay.tar.xz" \ + https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-${CPU_ARCH}-${s6_overlay_version}.tar.xz \ + && curl --fail --location --remote-header-name --output "/tmp/s6-overlay.tar.xz.sha256" \ + https://github.com/just-containers/s6-overlay/releases/download/v${s6_overlay_version}/s6-overlay-${CPU_ARCH}-${s6_overlay_version}.tar.xz.sha256 + +# Perform checksum on s6-overlay artifacts +RUN echo "$(cat /tmp/s6-overlay-noarch.tar.xz.sha256 | cut -f1 -d" ") /tmp/s6-overlay-noarch.tar.xz" | sha256sum -cs +RUN echo "$(cat /tmp/s6-overlay.tar.xz.sha256 | cut -f1 -d" ") /tmp/s6-overlay.tar.xz" | sha256sum -cs + +# Extract s6-overlay artifacts +RUN tar -C ${s6_artifacts_dir} --xz --extract --preserve-permissions --file /tmp/s6-overlay-noarch.tar.xz \ + && tar -C ${s6_artifacts_dir} --xz --extract --preserve-permissions --file /tmp/s6-overlay.tar.xz FROM alpine:latest ARG acmesh_artifacts_dir=/opt/acmesh ARG auto_upgrade=0 ARG acme_working_dir=/usr/lib/acmesh +ARG s6_artifacts_dir=/opt/s6 COPY --from=acmesh_artifacts "$acmesh_artifacts_dir" "$acmesh_artifacts_dir" -COPY --from=acmesh_artifacts "/tmp/s6-overlay-amd64-installer" "/tmp/s6-overlay-amd64-installer" +COPY --from=acmesh_artifacts "$s6_artifacts_dir" "/" # Set runtime variables ENV LE_WORKING_DIR="$acme_working_dir" @@ -49,10 +68,7 @@ RUN apk add --no-cache bash wget curl git openssl shadow socat \ && apk -U --no-cache upgrade \ && cd "$acmesh_artifacts_dir" || exit \ && ./acme.sh --install --no-cron --no-profile --auto-upgrade 0 \ - && chmod -R +x "$LE_WORKING_DIR" \ - # install s6-overlay - && /tmp/s6-overlay-amd64-installer / \ - && rm -rf /tmp/s6-overlay-amd64-installer + && chmod -R +x "$LE_WORKING_DIR" COPY root/ / diff --git a/alpinelinux/root/etc/cont-init.d/01-adduser.sh b/alpinelinux/root/etc/cont-init.d/01-adduser.sh old mode 100644 new mode 100755 index 2ad4c97..9eb0472 --- a/alpinelinux/root/etc/cont-init.d/01-adduser.sh +++ b/alpinelinux/root/etc/cont-init.d/01-adduser.sh @@ -1,6 +1,7 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash +export PATH=$PATH:/usr/sbin/ # s6 3.0.0.2 doesn't set PATH properly set -eu if [[ $EUID -ne 0 ]]; then diff --git a/alpinelinux/root/etc/cont-init.d/10-create-dirs.sh b/alpinelinux/root/etc/cont-init.d/10-create-dirs.sh old mode 100644 new mode 100755 index a1e20a1..c0d7c36 --- a/alpinelinux/root/etc/cont-init.d/10-create-dirs.sh +++ b/alpinelinux/root/etc/cont-init.d/10-create-dirs.sh @@ -1,4 +1,4 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash # This cont-init script is responsible for creating the directory structure required diff --git a/alpinelinux/root/etc/cont-init.d/20-set-logging.sh b/alpinelinux/root/etc/cont-init.d/20-set-logging.sh old mode 100644 new mode 100755 index d819b95..601bd0e --- a/alpinelinux/root/etc/cont-init.d/20-set-logging.sh +++ b/alpinelinux/root/etc/cont-init.d/20-set-logging.sh @@ -1,4 +1,4 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash # This cont-init will only be applied if ACMESH_DAEMON is set to "1" which implies @@ -11,7 +11,7 @@ if [ -v ACMESH_DAEMON ] && [[ $ACMESH_DAEMON == "1" ]]; then echo "** Setting up logging for daemon" if ! [ -v S6_LOGGING_SCRIPT ]; then - printf "n30 s10000000 S15000000 T !'gzip -nq9'" >/var/run/s6/container_environment/S6_LOGGING_SCRIPT + printf 'n30 s10000000 S15000000 T !"gzip -nq9"' >/var/run/s6/container_environment/S6_LOGGING_SCRIPT fi mkdir -p "$LE_LOG_DIR" diff --git a/alpinelinux/root/etc/cont-init.d/98-set-permissions.sh b/alpinelinux/root/etc/cont-init.d/98-set-permissions.sh index 5cf82b6..9760bad 100755 --- a/alpinelinux/root/etc/cont-init.d/98-set-permissions.sh +++ b/alpinelinux/root/etc/cont-init.d/98-set-permissions.sh @@ -1,4 +1,4 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash # This cont-init script is responsible for setting the correct permissions on files diff --git a/alpinelinux/root/etc/cont-init.d/99-set-services.sh b/alpinelinux/root/etc/cont-init.d/99-set-services.sh old mode 100644 new mode 100755 index d2eaef9..8ed3f41 --- a/alpinelinux/root/etc/cont-init.d/99-set-services.sh +++ b/alpinelinux/root/etc/cont-init.d/99-set-services.sh @@ -1,4 +1,4 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash # This cont-init script will remove the service directory if the daemon is not being diff --git a/alpinelinux/root/etc/services.d/acmesh-renewal/log/run b/alpinelinux/root/etc/services.d/acmesh-renewal/log/run index 1a39a19..c494cbb 100755 --- a/alpinelinux/root/etc/services.d/acmesh-renewal/log/run +++ b/alpinelinux/root/etc/services.d/acmesh-renewal/log/run @@ -1,4 +1,4 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash # This service script sets up logging service to capture stdin logs diff --git a/alpinelinux/root/etc/services.d/acmesh-renewal/run b/alpinelinux/root/etc/services.d/acmesh-renewal/run index 2ef10da..d239b5e 100755 --- a/alpinelinux/root/etc/services.d/acmesh-renewal/run +++ b/alpinelinux/root/etc/services.d/acmesh-renewal/run @@ -1,4 +1,4 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash set -eu diff --git a/alpinelinux/root/usr/local/bin/acme.sh b/alpinelinux/root/usr/bin/acme.sh similarity index 81% rename from alpinelinux/root/usr/local/bin/acme.sh rename to alpinelinux/root/usr/bin/acme.sh index 85bcbc4..298852e 100755 --- a/alpinelinux/root/usr/local/bin/acme.sh +++ b/alpinelinux/root/usr/bin/acme.sh @@ -1,4 +1,4 @@ -#!/bin/bash -ue +#!/command/with-contenv bash LOCKFILE="$LE_CONFIG_HOME/run.lock" diff --git a/alpinelinux/root/usr/local/bin/acmesh-renewal.sh b/alpinelinux/root/usr/bin/acmesh-renewal.sh similarity index 98% rename from alpinelinux/root/usr/local/bin/acmesh-renewal.sh rename to alpinelinux/root/usr/bin/acmesh-renewal.sh index 37a85fa..aeafe31 100755 --- a/alpinelinux/root/usr/local/bin/acmesh-renewal.sh +++ b/alpinelinux/root/usr/bin/acmesh-renewal.sh @@ -1,4 +1,4 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash # This service script is the acme.sh renewal daemon that performs the renewal check