diff --git a/8.4/alpine3.19/Dockerfile b/8.4/alpine3.19/Dockerfile deleted file mode 100644 index bc68a1f..0000000 --- a/8.4/alpine3.19/Dockerfile +++ /dev/null @@ -1,85 +0,0 @@ -# -# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh". -# -# PLEASE DO NOT EDIT IT DIRECTLY. -# - -FROM python:3.12-alpine3.19 - -# runtime dependencies -RUN set -eux; \ - addgroup --gid 1000 satosa; \ - adduser -D -G satosa --uid 1000 satosa; \ - apk add --no-cache \ - bash \ - jq \ - libxml2-utils \ - openssl \ - xmlsec \ - ; \ - pip install --no-cache-dir \ - yq \ - ; - -ENV SATOSA_VERSION 8.4.0 -RUN set -eux; \ - apk add --no-cache --virtual .build-deps \ - bluez-dev \ - bzip2-dev \ - cargo \ - coreutils \ - dpkg-dev dpkg \ - expat-dev \ - findutils \ - gcc \ - gdbm-dev \ - libc-dev \ - libffi-dev \ - libnsl-dev \ - libtirpc-dev \ - linux-headers \ - make \ - musl-dev \ - ncurses-dev \ - openssl-dev \ - pax-utils \ - python3-dev \ - readline-dev \ - sqlite-dev \ - tcl-dev \ - tk \ - tk-dev \ - util-linux-dev \ - xz-dev \ - zlib-dev \ - ; \ - pip install --no-cache-dir \ - satosa==${SATOSA_VERSION} \ - ; \ - find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - | fgrep -v libgcc_s- \ - | fgrep -v libc.so \ - | xargs -rt apk add --no-network --virtual .satosa-rundeps \ - ; \ - apk del --no-network .build-deps; \ - mkdir /etc/satosa; \ - chown -R satosa:satosa /etc/satosa - -# example configuration -RUN set -eux; \ - python -c 'import urllib.request; urllib.request.urlretrieve("https://github.com/IdentityPython/SATOSA/archive/refs/tags/v'${SATOSA_VERSION%%[a-z]*}'.tar.gz","/tmp/satosa.tgz")'; \ - mkdir /usr/share/satosa; \ - tar --extract --directory /usr/share/satosa --strip-components=1 --file /tmp/satosa.tgz SATOSA-${SATOSA_VERSION%%[a-z]*}/example/; \ - rm /tmp/satosa.tgz - -WORKDIR /etc/satosa - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 8080 -USER satosa:satosa -CMD ["gunicorn","-b0.0.0.0:8080","satosa.wsgi:app"] diff --git a/8.4/bookworm/docker-entrypoint.sh b/8.4/bookworm/docker-entrypoint.sh deleted file mode 100755 index a2f5144..0000000 --- a/8.4/bookworm/docker-entrypoint.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -# usage: file_env VAR [DEFAULT] -# e.g.: file_env 'XYZ_PASSWORD' 'example' -# (will allow for "$XYZ_PASSWORD_FILE" to fill in the value of -# "$XYZ_PASSWORD" from a file, especially for Docker's secrets -# feature) -function file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another -# script -function _is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# usage: _make_conffile DEST_FILE YQ_FILTER -# e.g.: _make_conffile proxy_conf.yaml -# (if DEST_FILE does not exist, create it from the config example, -# passing it through YQ_FILTER) -function _make_conffile() { - if [ -f "$1" ]; then return; fi - mkdir -p "$(dirname "$1")" - case "$1" in - *.json) - jq "${2:-.}" "/usr/share/satosa/example/$1.example" > "$1" - ;; - *.xml) - xq -x "${2:-.}" "/usr/share/satosa/example/$1.example" > "$1" - ;; - *.yaml | *.yml) - yq -y "${2:-.}" "/usr/share/satosa/example/$1.example" > "$1" - ;; - *) - jq -r "${2}" -n > "$1" - ;; - esac -} - -# usage: _make_selfsigned DEST_FILE COMMON_NAME -# e.g.: _make_selfsigned https -# (if DEST_FILE.crt and DEST_FILE.key does not exist, generate a new -# key pair; COMMON_NAME is optional and defaults to the hostname part -# of $BASE_URL) -function _make_selfsigned() { - if [ ! -f "$1.crt" -a ! -f "$1.key" ]; then - openssl req -batch -x509 -nodes -days 3650 -newkey rsa:2048 \ - -keyout "$1.key" -out "$1.crt" \ - -subj "/CN=${2:-${HOSTNAME}}" - fi -} - -# load various settings used throughout the script -function docker_setup_env() { - file_env BASE_URL https://example.com - file_env STATE_ENCRYPTION_KEY $(python -c 'import random, string; print("".join(random.sample(string.ascii_letters+string.digits,32)))') - file_env SAML2_BACKEND_DISCO_SRV https://service.seamlessaccess.org/ds/ - file_env SAML2_BACKEND_CERT '' - file_env SAML2_BACKEND_KEY '' - file_env SAML2_FRONTEND_CERT '' - file_env SAML2_FRONTEND_KEY '' - export HOSTNAME="$(echo "${BASE_URL}" | sed -E -e 's/https?:\/\///')" -} - -# configure SATOSA initially as an SP-to-IdP proxy using Signet's -# SAMLtest.ID testing service -function docker_create_config() { - _make_conffile proxy_conf.yaml ' - .BASE = $ENV.BASE_URL - | .STATE_ENCRYPTION_KEY = $ENV.STATE_ENCRYPTION_KEY - | .FRONTEND_MODULES = [ "plugins/frontends/saml2_frontend.yaml", "plugins/frontends/ping_frontend.yaml" ] - ' - - _make_conffile internal_attributes.yaml ' - del(.hash, .user_id_from_attrs, .user_id_to_attr) - ' - - _make_conffile plugins/backends/saml2_backend.yaml ' - del(.config.acr_mapping, .config.idp_blacklist_file, .config.sp_config.metadata.local) - | .config.disco_srv = $ENV.SAML2_BACKEND_DISCO_SRV - | .config.sp_config.metadata.remote = [{ "url": "https://samltest.id/saml/idp" }] - ' - if [ -n "${SAML2_BACKEND_CERT}" -a -n "${SAML2_BACKEND_KEY}" ]; then - _make_conffile backend.crt '$ENV.SAML2_BACKEND_CERT' - _make_conffile backend.key '$ENV.SAML2_BACKEND_KEY' - else - _make_selfsigned backend - fi - - _make_conffile plugins/frontends/saml2_frontend.yaml ' - del(.config.idp_config.metadata.local) - | .config.idp_config.metadata.remote = [{ "url": "https://samltest.id/saml/sp" }] - ' - _make_conffile plugins/frontends/ping_frontend.yaml - - if [ -n "${SAML2_FRONTEND_CERT}" -a -n "${SAML2_FRONTEND_KEY}" ]; then - _make_conffile frontend.crt '$ENV.SAML2_FRONTEND_CERT' - _make_conffile frontend.key '$ENV.SAML2_FRONTEND_KEY' - else - _make_selfsigned frontend - fi - - _make_conffile plugins/microservices/static_attributes.yaml -} - -function docker_pprint_metadata() { - if [ \( ! -f backend.key \) -o \( ! -f backend.crt \) -o -f backend.xml -o -f frontend.xml ]; then return; fi - - # use the SAML2 backend keymat to temporarily sign the generated metadata - touch backend.xml frontend.xml - satosa-saml-metadata proxy_conf.yaml backend.key backend.crt - - echo -----BEGIN SAML2 BACKEND METADATA----- - xq -x 'del(."ns0:EntityDescriptor"."ns1:Signature")' backend.xml | tee backend.xml.new - echo -----END SAML2 BACKEND METADATA----- - - echo -----BEGIN SAML2 FRONTEND METADATA----- - xq -x 'del(."ns0:EntityDescriptor"."ns1:Signature")' frontend.xml | tee frontend.xml.new - echo -----END SAML2 FRONTEND METADATA----- - - mv backend.xml.new backend.xml - mv frontend.xml.new frontend.xml -} - -function _main() { - # if the first arg looks like a flag, assume it's for Gunicorn - if [ "${1:0:1}" = '-' ]; then - set -- gunicorn "$@" - fi - - if [ "$1" = 'gunicorn' ]; then - docker_setup_env - docker_create_config - docker_pprint_metadata - exec "$@" - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/8.4/bookworm/Dockerfile b/8.5/bookworm/Dockerfile similarity index 96% rename from 8.4/bookworm/Dockerfile rename to 8.5/bookworm/Dockerfile index 9bcedf6..13c0b68 100644 --- a/8.4/bookworm/Dockerfile +++ b/8.5/bookworm/Dockerfile @@ -4,7 +4,7 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # -FROM python:3.12-slim-bookworm +FROM python:3.13-slim-bookworm # runtime dependencies RUN set -eux; \ @@ -21,7 +21,7 @@ RUN set -eux; \ yq \ ; -ENV SATOSA_VERSION 8.4.0 +ENV SATOSA_VERSION 8.5.1 RUN set -eux; \ savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ diff --git a/8.4/alpine3.19/docker-entrypoint.sh b/8.5/bookworm/docker-entrypoint.sh similarity index 100% rename from 8.4/alpine3.19/docker-entrypoint.sh rename to 8.5/bookworm/docker-entrypoint.sh diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh index 517a595..83232a0 100755 --- a/generate-stackbrew-library.sh +++ b/generate-stackbrew-library.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail declare -A aliases=( - [8.4]='8 latest' + [8.5]='8 latest' ) self="$(basename "$BASH_SOURCE")" diff --git a/versions.json b/versions.json index 41929de..6c895b7 100644 --- a/versions.json +++ b/versions.json @@ -1,10 +1,9 @@ { - "8.4": { - "python_version": "3.12", + "8.5": { + "python_version": "3.13", "variants": [ - "bookworm", - "alpine3.19" + "bookworm" ], - "version": "8.4.0" + "version": "8.5.1" } }