From 8322b5966fd6cfde080eda3aca5eb1b25fb73f69 Mon Sep 17 00:00:00 2001 From: Markus Opolka Date: Wed, 15 Jul 2020 09:57:32 +0200 Subject: [PATCH 1/3] Refactor Entrypoint - Simpler creation of config.php - Debug can now be set - Encryption Keys are now supported --- 3.0/apache/entrypoint.sh | 100 ++++++++++++++++++++++++----------- 3.0/fpm-alpine/entrypoint.sh | 100 ++++++++++++++++++++++++----------- 3.0/fpm/entrypoint.sh | 100 ++++++++++++++++++++++++----------- 4.0/apache/entrypoint.sh | 100 ++++++++++++++++++++++++----------- 4.0/fpm-alpine/entrypoint.sh | 100 ++++++++++++++++++++++++----------- 4.0/fpm/entrypoint.sh | 100 ++++++++++++++++++++++++----------- 6 files changed, 414 insertions(+), 186 deletions(-) diff --git a/3.0/apache/entrypoint.sh b/3.0/apache/entrypoint.sh index 5f7b9a8..3aea074 100755 --- a/3.0/apache/entrypoint.sh +++ b/3.0/apache/entrypoint.sh @@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} DB_USERNAME=${DB_USERNAME:-'limesurvey'} DB_PASSWORD=${DB_PASSWORD:-} +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + ADMIN_USER=${ADMIN_USER:-'admin'} ADMIN_NAME=${ADMIN_NAME:-'admin'} ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} -ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} PUBLIC_URL=${PUBLIC_URL:-} URL_FORMAT=${URL_FORMAT:-'path'} +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi # Check if database is available if [ -z "$DB_SOCK" ]; then @@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then done fi - -# Check if already provisioned +# Check if config already provisioned if [ -f application/config/config.php ]; then echo 'Info: config.php already provisioned' else @@ -39,60 +54,83 @@ else if [ "$DB_TYPE" = 'mysql' ]; then echo 'Info: Using MySQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8mb4'} - cp application/config/config-sample-mysql.php application/config/config.php fi if [ "$DB_TYPE" = 'pgsql' ]; then echo 'Info: Using PostgreSQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8'} - cp application/config/config-sample-pgsql.php application/config/config.php fi - # Set Database config if [ ! -z "$DB_SOCK" ]; then echo 'Info: Using unix socket' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='unix_socket' else echo 'Info: Using TCP connection' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='host' fi - sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php - sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php - sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php - sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php - - # Set URL config - sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php - - # Set Public URL if [ -z "$PUBLIC_URL" ]; then echo 'Info: Setting PublicURL' - sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => true, + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + fi +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi # Check if LimeSurvey database is provisioned echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' php application/commands/console.php updatedb - if [ $? -eq 0 ]; then echo 'Info: Database already provisioned' else - # Check if DB_PASSWORD is set - if [ -z "$DB_PASSWORD" ]; then - echo >&2 'Error: Missing DB_PASSWORD' - exit 1 - fi - - # Check if DB_PASSWORD is set - if [ -z "$ADMIN_PASSWORD" ]; then - echo >&2 'Error: Missing ADMIN_PASSWORD' - exit 1 - fi - echo '' echo 'Running console.php install' php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL diff --git a/3.0/fpm-alpine/entrypoint.sh b/3.0/fpm-alpine/entrypoint.sh index 5f7b9a8..3aea074 100755 --- a/3.0/fpm-alpine/entrypoint.sh +++ b/3.0/fpm-alpine/entrypoint.sh @@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} DB_USERNAME=${DB_USERNAME:-'limesurvey'} DB_PASSWORD=${DB_PASSWORD:-} +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + ADMIN_USER=${ADMIN_USER:-'admin'} ADMIN_NAME=${ADMIN_NAME:-'admin'} ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} -ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} PUBLIC_URL=${PUBLIC_URL:-} URL_FORMAT=${URL_FORMAT:-'path'} +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi # Check if database is available if [ -z "$DB_SOCK" ]; then @@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then done fi - -# Check if already provisioned +# Check if config already provisioned if [ -f application/config/config.php ]; then echo 'Info: config.php already provisioned' else @@ -39,60 +54,83 @@ else if [ "$DB_TYPE" = 'mysql' ]; then echo 'Info: Using MySQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8mb4'} - cp application/config/config-sample-mysql.php application/config/config.php fi if [ "$DB_TYPE" = 'pgsql' ]; then echo 'Info: Using PostgreSQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8'} - cp application/config/config-sample-pgsql.php application/config/config.php fi - # Set Database config if [ ! -z "$DB_SOCK" ]; then echo 'Info: Using unix socket' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='unix_socket' else echo 'Info: Using TCP connection' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='host' fi - sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php - sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php - sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php - sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php - - # Set URL config - sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php - - # Set Public URL if [ -z "$PUBLIC_URL" ]; then echo 'Info: Setting PublicURL' - sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => true, + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + fi +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi # Check if LimeSurvey database is provisioned echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' php application/commands/console.php updatedb - if [ $? -eq 0 ]; then echo 'Info: Database already provisioned' else - # Check if DB_PASSWORD is set - if [ -z "$DB_PASSWORD" ]; then - echo >&2 'Error: Missing DB_PASSWORD' - exit 1 - fi - - # Check if DB_PASSWORD is set - if [ -z "$ADMIN_PASSWORD" ]; then - echo >&2 'Error: Missing ADMIN_PASSWORD' - exit 1 - fi - echo '' echo 'Running console.php install' php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL diff --git a/3.0/fpm/entrypoint.sh b/3.0/fpm/entrypoint.sh index 5f7b9a8..3aea074 100755 --- a/3.0/fpm/entrypoint.sh +++ b/3.0/fpm/entrypoint.sh @@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} DB_USERNAME=${DB_USERNAME:-'limesurvey'} DB_PASSWORD=${DB_PASSWORD:-} +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + ADMIN_USER=${ADMIN_USER:-'admin'} ADMIN_NAME=${ADMIN_NAME:-'admin'} ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} -ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} PUBLIC_URL=${PUBLIC_URL:-} URL_FORMAT=${URL_FORMAT:-'path'} +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi # Check if database is available if [ -z "$DB_SOCK" ]; then @@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then done fi - -# Check if already provisioned +# Check if config already provisioned if [ -f application/config/config.php ]; then echo 'Info: config.php already provisioned' else @@ -39,60 +54,83 @@ else if [ "$DB_TYPE" = 'mysql' ]; then echo 'Info: Using MySQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8mb4'} - cp application/config/config-sample-mysql.php application/config/config.php fi if [ "$DB_TYPE" = 'pgsql' ]; then echo 'Info: Using PostgreSQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8'} - cp application/config/config-sample-pgsql.php application/config/config.php fi - # Set Database config if [ ! -z "$DB_SOCK" ]; then echo 'Info: Using unix socket' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='unix_socket' else echo 'Info: Using TCP connection' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='host' fi - sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php - sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php - sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php - sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php - - # Set URL config - sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php - - # Set Public URL if [ -z "$PUBLIC_URL" ]; then echo 'Info: Setting PublicURL' - sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => true, + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + fi +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi # Check if LimeSurvey database is provisioned echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' php application/commands/console.php updatedb - if [ $? -eq 0 ]; then echo 'Info: Database already provisioned' else - # Check if DB_PASSWORD is set - if [ -z "$DB_PASSWORD" ]; then - echo >&2 'Error: Missing DB_PASSWORD' - exit 1 - fi - - # Check if DB_PASSWORD is set - if [ -z "$ADMIN_PASSWORD" ]; then - echo >&2 'Error: Missing ADMIN_PASSWORD' - exit 1 - fi - echo '' echo 'Running console.php install' php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL diff --git a/4.0/apache/entrypoint.sh b/4.0/apache/entrypoint.sh index 5f7b9a8..3aea074 100755 --- a/4.0/apache/entrypoint.sh +++ b/4.0/apache/entrypoint.sh @@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} DB_USERNAME=${DB_USERNAME:-'limesurvey'} DB_PASSWORD=${DB_PASSWORD:-} +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + ADMIN_USER=${ADMIN_USER:-'admin'} ADMIN_NAME=${ADMIN_NAME:-'admin'} ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} -ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} PUBLIC_URL=${PUBLIC_URL:-} URL_FORMAT=${URL_FORMAT:-'path'} +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi # Check if database is available if [ -z "$DB_SOCK" ]; then @@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then done fi - -# Check if already provisioned +# Check if config already provisioned if [ -f application/config/config.php ]; then echo 'Info: config.php already provisioned' else @@ -39,60 +54,83 @@ else if [ "$DB_TYPE" = 'mysql' ]; then echo 'Info: Using MySQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8mb4'} - cp application/config/config-sample-mysql.php application/config/config.php fi if [ "$DB_TYPE" = 'pgsql' ]; then echo 'Info: Using PostgreSQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8'} - cp application/config/config-sample-pgsql.php application/config/config.php fi - # Set Database config if [ ! -z "$DB_SOCK" ]; then echo 'Info: Using unix socket' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='unix_socket' else echo 'Info: Using TCP connection' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='host' fi - sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php - sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php - sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php - sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php - - # Set URL config - sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php - - # Set Public URL if [ -z "$PUBLIC_URL" ]; then echo 'Info: Setting PublicURL' - sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => true, + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + fi +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi # Check if LimeSurvey database is provisioned echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' php application/commands/console.php updatedb - if [ $? -eq 0 ]; then echo 'Info: Database already provisioned' else - # Check if DB_PASSWORD is set - if [ -z "$DB_PASSWORD" ]; then - echo >&2 'Error: Missing DB_PASSWORD' - exit 1 - fi - - # Check if DB_PASSWORD is set - if [ -z "$ADMIN_PASSWORD" ]; then - echo >&2 'Error: Missing ADMIN_PASSWORD' - exit 1 - fi - echo '' echo 'Running console.php install' php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL diff --git a/4.0/fpm-alpine/entrypoint.sh b/4.0/fpm-alpine/entrypoint.sh index 5f7b9a8..3aea074 100755 --- a/4.0/fpm-alpine/entrypoint.sh +++ b/4.0/fpm-alpine/entrypoint.sh @@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} DB_USERNAME=${DB_USERNAME:-'limesurvey'} DB_PASSWORD=${DB_PASSWORD:-} +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + ADMIN_USER=${ADMIN_USER:-'admin'} ADMIN_NAME=${ADMIN_NAME:-'admin'} ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} -ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} PUBLIC_URL=${PUBLIC_URL:-} URL_FORMAT=${URL_FORMAT:-'path'} +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi # Check if database is available if [ -z "$DB_SOCK" ]; then @@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then done fi - -# Check if already provisioned +# Check if config already provisioned if [ -f application/config/config.php ]; then echo 'Info: config.php already provisioned' else @@ -39,60 +54,83 @@ else if [ "$DB_TYPE" = 'mysql' ]; then echo 'Info: Using MySQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8mb4'} - cp application/config/config-sample-mysql.php application/config/config.php fi if [ "$DB_TYPE" = 'pgsql' ]; then echo 'Info: Using PostgreSQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8'} - cp application/config/config-sample-pgsql.php application/config/config.php fi - # Set Database config if [ ! -z "$DB_SOCK" ]; then echo 'Info: Using unix socket' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='unix_socket' else echo 'Info: Using TCP connection' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='host' fi - sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php - sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php - sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php - sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php - - # Set URL config - sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php - - # Set Public URL if [ -z "$PUBLIC_URL" ]; then echo 'Info: Setting PublicURL' - sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => true, + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + fi +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi # Check if LimeSurvey database is provisioned echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' php application/commands/console.php updatedb - if [ $? -eq 0 ]; then echo 'Info: Database already provisioned' else - # Check if DB_PASSWORD is set - if [ -z "$DB_PASSWORD" ]; then - echo >&2 'Error: Missing DB_PASSWORD' - exit 1 - fi - - # Check if DB_PASSWORD is set - if [ -z "$ADMIN_PASSWORD" ]; then - echo >&2 'Error: Missing ADMIN_PASSWORD' - exit 1 - fi - echo '' echo 'Running console.php install' php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL diff --git a/4.0/fpm/entrypoint.sh b/4.0/fpm/entrypoint.sh index 5f7b9a8..3aea074 100755 --- a/4.0/fpm/entrypoint.sh +++ b/4.0/fpm/entrypoint.sh @@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} DB_USERNAME=${DB_USERNAME:-'limesurvey'} DB_PASSWORD=${DB_PASSWORD:-} +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + ADMIN_USER=${ADMIN_USER:-'admin'} ADMIN_NAME=${ADMIN_NAME:-'admin'} ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} -ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} PUBLIC_URL=${PUBLIC_URL:-} URL_FORMAT=${URL_FORMAT:-'path'} +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi # Check if database is available if [ -z "$DB_SOCK" ]; then @@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then done fi - -# Check if already provisioned +# Check if config already provisioned if [ -f application/config/config.php ]; then echo 'Info: config.php already provisioned' else @@ -39,60 +54,83 @@ else if [ "$DB_TYPE" = 'mysql' ]; then echo 'Info: Using MySQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8mb4'} - cp application/config/config-sample-mysql.php application/config/config.php fi if [ "$DB_TYPE" = 'pgsql' ]; then echo 'Info: Using PostgreSQL configuration' DB_CHARSET=${DB_CHARSET:-'utf8'} - cp application/config/config-sample-pgsql.php application/config/config.php fi - # Set Database config if [ ! -z "$DB_SOCK" ]; then echo 'Info: Using unix socket' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='unix_socket' else echo 'Info: Using TCP connection' - sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php + DB_CONNECT='host' fi - sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php - sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php - sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php - sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php - - # Set URL config - sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php - - # Set Public URL if [ -z "$PUBLIC_URL" ]; then echo 'Info: Setting PublicURL' - sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => true, + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + fi +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi # Check if LimeSurvey database is provisioned echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' php application/commands/console.php updatedb - if [ $? -eq 0 ]; then echo 'Info: Database already provisioned' else - # Check if DB_PASSWORD is set - if [ -z "$DB_PASSWORD" ]; then - echo >&2 'Error: Missing DB_PASSWORD' - exit 1 - fi - - # Check if DB_PASSWORD is set - if [ -z "$ADMIN_PASSWORD" ]; then - echo >&2 'Error: Missing ADMIN_PASSWORD' - exit 1 - fi - echo '' echo 'Running console.php install' php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL From e2998e2076d26421681702dcfb8e13245061c002 Mon Sep 17 00:00:00 2001 From: Markus Opolka Date: Wed, 15 Jul 2020 10:12:17 +0200 Subject: [PATCH 2/3] Update README --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 6af5e37..e8885e7 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,16 @@ To change to LimeSurvey configuration, you can mount a Volume into the Container **Hint**: If this configuration is present before the installation, the LimeSurvey Web Installer will not run automatically. +## Data Encryption + +LimeSurvey 4 supports data encryption, this image give you these options: + +* Provide a security.php file directly (volume) +* Provide encryption keys for the security.php file (environment variables) +* Provide nothing and get a non-persistent security.php file + +For further details on the settings see: https://manual.limesurvey.org/Data_encryption + # Environment Variables | Parameter | Description | @@ -70,6 +80,11 @@ To change to LimeSurvey configuration, you can mount a Volume into the Container | ADMIN_PASSWORD | Initial LimeSurvey Admin Password | | PUBLIC_URL | Public URL for public scripts | | URL_FORMAT | URL Format. path or get | +| DEBUG | Debug level (0, 1, 2). Default: 0 | +| DEBUG_SQL | SQL Debug level (0, 1, 2). Default 0 | +| ENCRYPT_KEYPAIR | Data encryption keypair | +| ENCRYPT_PUBLIC_KEY | Data encryption public key | +| ENCRYPY_SECRET_KEY | Data encryption secret key | For further details on the settings see: https://manual.limesurvey.org/Optional_settings#Advanced_Path_Settings From bf3e4b03787ce07251b61264789b1d9988182457 Mon Sep 17 00:00:00 2001 From: Markus Opolka Date: Thu, 16 Jul 2020 18:35:51 +0200 Subject: [PATCH 3/3] Change download of Limesurvey to curl - More secure than ADD - Makes better use of cache --- 3.0/apache/Dockerfile | 8 ++++---- 3.0/fpm-alpine/Dockerfile | 8 ++++---- 3.0/fpm/Dockerfile | 8 ++++---- 4.0/apache/Dockerfile | 9 +++++---- 4.0/fpm-alpine/Dockerfile | 8 ++++---- 4.0/fpm/Dockerfile | 8 ++++---- 6 files changed, 25 insertions(+), 24 deletions(-) diff --git a/3.0/apache/Dockerfile b/3.0/apache/Dockerfile index 1efe51a..4727cdb 100644 --- a/3.0/apache/Dockerfile +++ b/3.0/apache/Dockerfile @@ -58,13 +58,13 @@ RUN a2enmod headers rewrite remoteip; \ RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" # Download, unzip and chmod LimeSurvey from official GitHub repository -ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp +RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz RUN set -ex; \ - echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ - tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ - rm -f "/tmp/${version}.tar.gz" && \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ + rm -f "/tmp/limesurvey.tar.gz" && \ chown -R www-data:www-data /var/www/html COPY entrypoint.sh entrypoint.sh diff --git a/3.0/fpm-alpine/Dockerfile b/3.0/fpm-alpine/Dockerfile index b77daca..7f1724b 100644 --- a/3.0/fpm-alpine/Dockerfile +++ b/3.0/fpm-alpine/Dockerfile @@ -30,14 +30,14 @@ RUN set -ex; \ zip # Download, unzip and chmod of LimeSurvey -ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp +RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz RUN set -ex; \ - echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ - tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ \ - rm -rf "/tmp/${version}.tar.gz" \ + rm -rf "/tmp/limesurvey.tar.gz" \ /var/www/html/docs \ /var/www/html/tests \ /var/www/html/*.md && \ diff --git a/3.0/fpm/Dockerfile b/3.0/fpm/Dockerfile index 6b91d98..b670ba3 100644 --- a/3.0/fpm/Dockerfile +++ b/3.0/fpm/Dockerfile @@ -45,13 +45,13 @@ RUN set -ex; \ ENV LIMESURVEY_VERSION=$version # Download, unzip and chmod LimeSurvey from official GitHub repository -ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp +RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz RUN set -ex; \ - echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ - tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ - rm -f "/tmp/${version}.tar.gz" && \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ + rm -f "/tmp/limesurvey.tar.gz" && \ chown -R www-data:www-data /var/www/html EXPOSE 9000 diff --git a/4.0/apache/Dockerfile b/4.0/apache/Dockerfile index 37c2533..8b577b9 100644 --- a/4.0/apache/Dockerfile +++ b/4.0/apache/Dockerfile @@ -18,6 +18,7 @@ RUN set -ex; \ libpng-dev \ libpq-dev \ netcat \ + curl \ \ && apt-get -y autoclean; apt-get -y autoremove; \ rm -rf /var/lib/apt/lists/* @@ -58,13 +59,13 @@ RUN a2enmod headers rewrite remoteip; \ RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" # Download, unzip and chmod LimeSurvey from official GitHub repository -ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp +RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz RUN set -ex; \ - echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ - tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ - rm -f "/tmp/${version}.tar.gz" && \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ + rm -f "/tmp/limesurvey.tar.gz" && \ chown -R www-data:www-data /var/www/html COPY entrypoint.sh entrypoint.sh diff --git a/4.0/fpm-alpine/Dockerfile b/4.0/fpm-alpine/Dockerfile index 9d264ee..c09b399 100644 --- a/4.0/fpm-alpine/Dockerfile +++ b/4.0/fpm-alpine/Dockerfile @@ -31,14 +31,14 @@ RUN set -ex; \ zip # Download, unzip and chmod of LimeSurvey -ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp +RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz RUN set -ex; \ - echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ - tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ \ - rm -rf "/tmp/${version}.tar.gz" \ + rm -rf "/tmp/limesurvey.tar.gz" \ /var/www/html/docs \ /var/www/html/tests \ /var/www/html/*.md && \ diff --git a/4.0/fpm/Dockerfile b/4.0/fpm/Dockerfile index 6cb7cfc..02c948e 100644 --- a/4.0/fpm/Dockerfile +++ b/4.0/fpm/Dockerfile @@ -45,13 +45,13 @@ RUN set -ex; \ ENV LIMESURVEY_VERSION=$version # Download, unzip and chmod LimeSurvey from official GitHub repository -ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp +RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz RUN set -ex; \ - echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ - tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \ - rm -f "/tmp/${version}.tar.gz" && \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ + rm -f "/tmp/limesurvey.tar.gz" && \ chown -R www-data:www-data /var/www/html EXPOSE 9000