From c0ee2ed05a5ecb15d5ca13848f89ff38f0a8cf56 Mon Sep 17 00:00:00 2001 From: Pedro Sanders Date: Sat, 19 Oct 2024 23:18:33 -0400 Subject: [PATCH] fix(startup): undo changes that caused regression in startup script --- .gitignore | 1 + .scripts/convert-to-p12.sh | 16 ++++++------ .scripts/generate-certs.sh | 2 ++ .scripts/init-postgres.sh | 2 +- Dockerfile | 50 +++++++++++++++++++------------------ etc/certs/signaling.p12 | Bin 2502 -> 0 bytes mods/edgeport/Dockerfile | 12 ++++----- package.json | 2 +- 8 files changed, 46 insertions(+), 39 deletions(-) delete mode 100644 etc/certs/signaling.p12 diff --git a/.gitignore b/.gitignore index cedab0ea1..d178f8118 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,7 @@ bin .project ${sys:DATA} *.log +.certs # User-specific stuff: .idea/workspace.xml diff --git a/.scripts/convert-to-p12.sh b/.scripts/convert-to-p12.sh index 53054ed82..79459146e 100755 --- a/.scripts/convert-to-p12.sh +++ b/.scripts/convert-to-p12.sh @@ -1,27 +1,29 @@ #!/bin/sh -certPath=${1:-"."} # if $1 is not passed, use current directory +set -e + +certPath=${1:-"."} serverCrt="$certPath/server.crt" serverKey="$certPath/server.key" -caCrt="$certPath/ca.crt" # Path to the Certificate Authority certificate +caCrt="$certPath/ca.crt" pkcs12File="$certPath/signaling.p12" -pkcs12Password=${2:-"changeme"} # if $2 is not passed, use "changeme" +pkcs12Password=${2:-"changeme"} mkdir -p $certPath -# Check if server.crt and server.key files exist if [ ! -f "$serverCrt" ] || [ ! -f "$serverKey" ]; then echo "server.crt or server.key files not found. Generating certificates..." - . "$(dirname "$0")/generate-certs.sh" $certPath + . "$(dirname "$0")/generate-certs.sh" "$certPath" fi -# Check if ca.crt file exists to create a full chain of certificates if [ -f "$caCrt" ]; then echo "ca.crt file found. Creating a full chain of certificates..." cat $serverCrt $caCrt > "$certPath/fullchain.crt" openssl pkcs12 -export -in "$certPath/fullchain.crt" -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcs12Password else - openssl pkcs12 -export -in $serverCrt -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcsPassword + openssl pkcs12 -export -in $serverCrt -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcs12Password fi +openssl pkcs12 -info -in "$pkcs12File" -noout -passin pass:"$pkcs12Password" # Verifies the keystore + echo "PKCS12 keystore has been created at $pkcs12File" diff --git a/.scripts/generate-certs.sh b/.scripts/generate-certs.sh index 4c10e6a7c..3e0d6f476 100755 --- a/.scripts/generate-certs.sh +++ b/.scripts/generate-certs.sh @@ -1,5 +1,7 @@ #!/bin/sh +set -e + basepath=${1:-"."} # if $1 is not passed, use current directory mkdir -p $basepath diff --git a/.scripts/init-postgres.sh b/.scripts/init-postgres.sh index 47ef29deb..fa66a7a9d 100644 --- a/.scripts/init-postgres.sh +++ b/.scripts/init-postgres.sh @@ -5,5 +5,5 @@ set -e # This scripts initializes the postgres database initdb /var/lib/postgresql/data pg_ctl start -D /var/lib/postgresql/data -npx prisma@5.9.1 migrate deploy --schema=/service/schema.prisma +npx prisma migrate deploy --schema=/service/schema.prisma pg_ctl stop -D /var/lib/postgresql/data \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 7e21d5b05..8083fb92e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,21 +26,21 @@ RUN chmod +x heplify ## FROM alpine:3.19 AS runner -ARG PKCS12_PASSWORD=changeme -ARG POSTGRES_USER=postgres -ARG POSTGRES_PASSWORD=postgres +ARG PKCS12_PASSWORD="changeme" +ARG POSTGRES_USER="postgres" +ARG POSTGRES_PASSWORD="postgres" ARG CA_CERT_SUBJECT="/CN=Self Signed CA" ARG SERVER_CERT_SUBJECT="/CN=localhost" -ARG PRISMA_VERSION=5.9.1 -ARG DATABASE_URL=postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/routr +ARG PRISMA_VERSION="5.9.1" +ARG DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/routr" ENV PKCS12_PASSWORD=$PKCS12_PASSWORD \ - PATH_TO_CERTS=/etc/routr/certs \ - USER=fonoster \ + PATH_TO_CERTS="/etc/routr/certs" \ + USER="fonoster" \ GID=5000 \ UID=5000 \ - JAVA_HOME=/service/jre \ - EDGEPORT_RUNNER=/service/edgeport.sh \ + JAVA_HOME="/service/jre" \ + EDGEPORT_RUNNER="/service/edgeport.sh" \ TLS_ON=false \ VERIFY_CLIENT_CERT=false \ CA_CERT_SUBJECT=$CA_CERT_SUBJECT \ @@ -48,24 +48,25 @@ ENV PKCS12_PASSWORD=$PKCS12_PASSWORD \ DATABASE_URL=$DATABASE_URL \ IGNORE_LOOPBACK_FROM_LOCALNETS=true \ PRISMA_VERSION=$PRISMA_VERSION \ - START_INTERNAL_DB=true + START_INTERNAL_DB=true \ + LOG4J2="/etc/routr/log4j2.yaml" WORKDIR /service COPY mods/edgeport/edgeport.sh . COPY mods/edgeport/libs libs +COPY mods/pgdata/schema.prisma . +COPY mods/pgdata/migrations migrations +COPY mods/edgeport/etc/log4j2.yaml /etc/routr/log4j2.yaml COPY etc/edgeport.yaml config/edgeport.yaml -COPY config/log4j2.yaml mods/edgeport/etc/log4j2.yaml COPY .scripts/convert-to-p12.sh . COPY .scripts/generate-certs.sh . +COPY .scripts/init-postgres.sh . COPY --from=builder /work/dist dist COPY --from=builder /work/node_modules node_modules COPY --from=builder /work/package.json . COPY --from=builder /work/jre jre COPY --from=builder /work/heplify /usr/local/bin/ -COPY .scripts/init-postgres.sh . -COPY mods/pgdata/schema.prisma . -COPY mods/pgdata/migrations migrations RUN apk add --no-cache libcap nodejs npm openssl postgresql sed sngrep su-exec tini \ && npm install -g prisma@${PRISMA_VERSION} \ @@ -74,25 +75,26 @@ RUN apk add --no-cache libcap nodejs npm openssl postgresql sed sngrep su-exec t && adduser --disabled-password --gecos "" --ingroup ${USER} --home ${HOME} --uid ${UID} ${USER} \ && chown -R ${USER}:${USER} /service /etc/routr \ && chown -R postgres:postgres /var/lib/postgresql/data /run/postgresql /root/.npm \ - && chmod +x edgeport.sh convert-to-p12.sh init-postgres.sh \ + && chmod +x edgeport.sh convert-to-p12.sh init-postgres.sh generate-certs.sh \ && chmod 2777 /run/postgresql \ && setcap 'CAP_NET_RAW+eip' /usr/bin/sngrep \ && rm -rf /var/cache/apk/* /tmp/* \ - && rm -rf /root/.npm /root/.config /root/.cache /root/.local \ + && rm -rf /root/.npm /root/.config /root/.cache /root/.local package.json \ && apk del libcap # Re-mapping the signal from 143 to 0 ENTRYPOINT ["tini", "-v", "-e", "143", "--"] -CMD ["sh", "-c", "if [ \"$START_INTERNAL_DB\" = \"true\" ]; then \ +CMD ["/bin/sh", "-c", "if [ \"$START_INTERNAL_DB\" = \"true\" ]; then \ su-exec postgres /service/init-postgres.sh; \ su-exec postgres pg_ctl start -D /var/lib/postgresql/data --options='-h 0.0.0.0'; \ - fi && \ - DATABASE_URL=${DATABASE_URL} npx prisma@${PRISMA_VERSION} migrate deploy --schema=/service/schema.prisma && \ - su-exec $USER ./convert-to-p12.sh $PATH_TO_CERTS $PKCS12_PASSWORD && \ + fi; \ if [ -n \"$HEPLIFY_OPTIONS\" ]; then \ heplify $HEPLIFY_OPTIONS & \ - fi && \ - sed -i 's|keyStorePassword: .*|keyStorePassword: ${PKCS12_PASSWORD}|g' config/edgeport.yaml && \ - sed -i 's|trustStorePassword: .*|trustStorePassword: ${PKCS12_PASSWORD}|g' config/edgeport.yaml && \ - su-exec $USER node ./dist/runner"] + fi; \ + npx prisma migrate deploy --schema=/service/schema.prisma; \ + sed -i \"s|keyStorePassword:.*|keyStorePassword: $PKCS12_PASSWORD|g\" config/edgeport.yaml; \ + sed -i \"s|trustStorePassword:.*|trustStorePassword: $PKCS12_PASSWORD|g\" config/edgeport.yaml; \ + su-exec $USER ./convert-to-p12.sh $PATH_TO_CERTS $PKCS12_PASSWORD; \ + su-exec $USER node ./dist/runner" \ +] diff --git a/etc/certs/signaling.p12 b/etc/certs/signaling.p12 deleted file mode 100644 index 7167304b4f255526027970b0108b4dceaadf12da..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2502 zcmai$X*kr27sqGD%rK0GERlUQgy?4(Ya!dTd@OSo~^W%z!>1_Pa#_yif*Im2X&| zEpsXa!T@_9e{1n zbq>lCSI^cBh{hHm3LNpz?WED)Q%49>YueQ zYRag*r>nnPrwY?F=hkgM#)e?N>`Zl<5pEDjA_)pXXd_%Bxevv6~i#di>#Kj44(aE@X#UE|eSeeL~CM`HnzA~gF z%xLeCdGqcC&S<qWr*sBYt3GR-{A-yhnS7{t$D8$5?xQ$7-yKeM zjAAKTJuge*QeA97P*KE;L7=u@n_(eR0{u8330HiLyi=V4D=HJmPsqLeG5R9-OgYkS zIDE*d>yey}8Xu5UW$qx!{Za%q?Vxwe-Jz`Q%~e9XyU<;RJtZ`ZZIVdJJ0d{ar-NU&0yr^V|;KBMcF3KgjI=k`|O|( zdWzLruVVE4qz}Y+BM4w*)@aRnr|vRed%8>Ev-N3tLhq&*b%HXsVxpJz7w{O+gBa?(_q8ued-VfYbu*HNQ617$RuiD9C}3?VwpDDd19sugeKAvRnG@ z2y_OEaIY-NAJ6}gYu}y2blJ%6vj^t5-*OCg?2eiDYZR9n8=zqNDA7t?OW9NOl^vc* zh!h!b@C7Th8c%hKVEq>F?HApF>sB7IAku(mh1T9TsqD(v%H0dcUv|~Jm&IT`@_F9h z*Twg3B-|uyOUF%<2hnHGt+bxI8cg4rm8`VZD8?e09_d+zDo;+)_JVf3K_v`IEb8zX zxy(RW;}?sSm3&(oP8l%j=mw{+TVjRlo@8z#ADk69nirC37!4K;Bd@L|D$C|*5SEh| zKWv&`^Jh`e;zR#~vbwb-ovG(=5e_po9FD~mKpGm24a?7~f$iLT^rNLWg;Q?Zw|piO zUyQc|P&06&l1~NKcAcLd4eIswko)$njjC1-*##+~(P>k9dAN;TD~QY3;B5of^Xjdults#-o z-M7eQ+bgsDzLEcgmb&%(@w}*&`?jNXqn@u6`cmlT8IDD4)W<;V)YZ*zm+~Ig>6__2 z!bx`H@3>tjd^F3LyqM-FSv;M*zO=a&zOH`JnBW*)p=;)Kj&CvcEU%Ot+kEqGS}s;1 zHse4PM1Q6!oM0t_#)@7&y5V}h;{HYpeZ)pb6fwsrYL7d`pjidVIVHI?DF9Nf&*M+r z!xzQq??gnzwLUTJF=?;;x@G!uylt>#{<;@3<4@C_N}jFodu!(4*5viO&ila*^|lpB zDEREh&aKIMw4n`sfuI7TI__8-*UFMlgbZ;+pkQJD<*T!Oe zY+CkT5EJ}cc?X!;-t60?Qw_b-4=r^3)=-&mN30LHy(sp;G_}D+14jdsjrTfJdMo5B z%`)v?c*J zGvgV03Xay7tUmb= zEdL<;PYd={yb^~rk2Mw6Uhlskbp-2pC6;oQc!H8WMZ5AAIXvy~IAoP9Eey*Y8tXKoDE$UU7DpT8Ff@nrI3 zI9uSj037>tNr;%=d{ki_)i6+TxokL(PAETm-^F7jch84U(Ak0=Ii4~gRvlh&A?Cx) zVYNi{=S?=>8U&yVz>p8hdE1&UxL`u%4k>ky!>L8xQY$o_=iKaw1t7EKJQmHs0A|aI zA<1OdL|2vXfOqm+S+T4E5jFZ*4lIIQnw|eN$PVNQas?4V zP9SfP@6QYf{~qCx=7h2jVN1fEZgRn3G4uL(idx-Ka32)70!RbQzdj%c7zTn0#yb!W t8Qx%pEIHMIIJP=)}+?DuwHM(F1?{ud;=ZomKl diff --git a/mods/edgeport/Dockerfile b/mods/edgeport/Dockerfile index 8cdf33151..46fdb303f 100644 --- a/mods/edgeport/Dockerfile +++ b/mods/edgeport/Dockerfile @@ -17,21 +17,21 @@ RUN apk add --no-cache --update g++ openjdk17-jdk \ ## FROM alpine:3.19 AS runner -ARG PKCS12_PASSWORD=changeme -ARG PATH_TO_CERTS=/etc/routr/certs -ARG PATH_TO_LOGS=/opt/routr/logs +ARG PKCS12_PASSWORD="changeme" +ARG PATH_TO_CERTS="/etc/routr/certs" +ARG PATH_TO_LOGS="/opt/routr/logs" ARG CA_CERT_SUBJECT="/CN=Self Signed CA" ARG SERVER_CERT_SUBJECT="/CN=localhost" ENV PKCS12_PASSWORD=$PKCS12_PASSWORD \ PATH_TO_CERTS=$PATH_TO_CERTS \ PATH_TO_LOGS=$PATH_TO_LOGS \ - CONFIG_PATH=/etc/routr/edgeport.yaml \ + CONFIG_PATH="/etc/routr/edgeport.yaml" \ CA_CERT_SUBJECT=$CA_CERT_SUBJECT \ SERVER_CERT_SUBJECT=$SERVER_CERT_SUBJECT \ IGNORE_LOOPBACK_FROM_LOCALNETS=true \ - LOG4J2=/etc/routr/log4j2.yaml \ - JAVA_HOME=/opt/routr/jre + LOG4J2="/etc/routr/log4j2.yaml" \ + JAVA_HOME="/opt/routr/jre" WORKDIR /opt/routr diff --git a/package.json b/package.json index 170879367..2a016654d 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "start:deps": "docker compose -f compose.dev.yaml up rtpengine redis postgres adminer -d", "stop:deps": "docker compose -f compose.dev.yaml down rtpengine redis postgres adminer", "db:migrate": "npx prisma migrate dev --schema ./mods/pgdata/schema.prisma --name changeme", - "generate:certs": "./.scripts/generate-certs.sh", + "generate:certs": "SERVER_CERT_SUBJECT='/CN=localhost' CA_CERT_SUBJECT='/CN=Self Signed CA' ./.scripts/generate-certs.sh .certs", "convert:certs": "./.scripts/convert-to-p12.sh && mv signaling.p12 etc/certs/", "transpile": "tsc", "make": "npm install && npm run build && npm run setup",