Skip to content

Commit

Permalink
Bump version and fix bugs
Browse files Browse the repository at this point in the history
Changes:
- Bump to version 2.4.187
- Fix error when not disabling ipv6 or ssl redirect
- Enable ztsd php extension
- Catch when .env file is not created
  • Loading branch information
ostefano committed Mar 8, 2024
1 parent 6f8dd83 commit fe531d5
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 28 deletions.
8 changes: 5 additions & 3 deletions core/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,11 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim" as php-build
php-pear \
librdkafka-dev \
libsimdjson-dev \
libzstd-dev \
git \
&& apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*

RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl channel-update pecl.php.net && pecl install ssdeep && pecl install rdkafka && pecl install simdjson
RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl channel-update pecl.php.net && pecl install ssdeep && pecl install rdkafka && pecl install simdjson && pecl install zstd
RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && \
cd php-ext-brotli && phpize && ./configure && make && make install

Expand Down Expand Up @@ -174,6 +175,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
librdkafka1 \
libbrotli1 \
libsimdjson5 \
libzstd1 \
# Unsure we need these
zip unzip \
# Require for advanced an unattended configuration
Expand All @@ -185,7 +187,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels

# PHP: install prebuilt libraries, then install the app's PHP deps
COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/"]
COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/zstd.so", "/usr/lib/php/${PHP_VER}/"]

# Do an early chown to limit image size
COPY --from=python-build --chown=www-data:www-data --chmod=0550 /var/www/MISP /var/www/MISP
Expand All @@ -194,7 +196,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"

# Gather these in one layer, only act on actual directories under /etc/php/
RUN <<-EOF
set -- "ssdeep" "rdkafka" "brotli" "simdjson"
set -- "ssdeep" "rdkafka" "brotli" "simdjson" "zstd"
for mod in "$@"; do
for dir in /etc/php/*/; do
echo "extension=${mod}.so" > "${dir}mods-available/${mod}.ini"
Expand Down
44 changes: 25 additions & 19 deletions core/files/entrypoint_nginx.sh
Original file line number Diff line number Diff line change
Expand Up @@ -210,34 +210,40 @@ init_nginx() {
# Testing for files also test for links, and generalize better to mounted files
if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then
echo "... enabling port 80 redirect"
if [[ "$DISABLE_IPV6" = "true" ]]; then
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-available/misp80
else
sed -i "s/# listen \[/listen \[" /etc/nginx/sites-available/misp80
fi
if [[ "$DISABLE_SSL_REDIRECT" = "true" ]]; then
sed -i "s/[^#] return / # return /" /etc/nginx/sites-available/misp80
sed -i "s/# include /include /" /etc/nginx/sites-available/misp80
else
sed -i "s/[^#] include / # include /" /etc/nginx/sites-available/misp80
sed -i "s/# return /return /" /etc/nginx/sites-available/misp80
fi
ln -s /etc/nginx/sites-available/misp80 /etc/nginx/sites-enabled/misp80
else
echo "... port 80 already configured"
echo "... port 80 already enabled"
fi
if [[ "$DISABLE_IPV6" = "true" ]]; then
echo "... disabling IPv6 on port 80"
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-enabled/misp80
else
echo "... enabling IPv6 on port 80"
sed -i "s/# listen \[/listen \[/" /etc/nginx/sites-enabled/misp80
fi
if [[ "$DISABLE_SSL_REDIRECT" = "true" ]]; then
echo "... disabling SSL redirect"
sed -i "s/[^#] return / # return /" /etc/nginx/sites-enabled/misp80
sed -i "s/# include /include /" /etc/nginx/sites-enabled/misp80
else
echo "... enabling SSL redirect"
sed -i "s/[^#] include / # include /" /etc/nginx/sites-enabled/misp80
sed -i "s/# return /return /" /etc/nginx/sites-enabled/misp80
fi

# Testing for files also test for links, and generalize better to mounted files
if [[ ! -f "/etc/nginx/sites-enabled/misp443" ]]; then
echo "... enabling port 443"
if [[ "$DISABLE_IPV6" = "true" ]]; then
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-available/misp443
else
sed -i "s/# listen \[/listen \[" /etc/nginx/sites-available/misp443
fi
ln -s /etc/nginx/sites-available/misp443 /etc/nginx/sites-enabled/misp443
else
echo "... port 443 already configured"
echo "... port 443 already enabled"
fi
if [[ "$DISABLE_IPV6" = "true" ]]; then
echo "... disabling IPv6 on port 443"
sed -i "s/[^#] listen \[/ # listen \[/" /etc/nginx/sites-enabled/misp443
else
echo "... enabling IPv6 on port 443"
sed -i "s/# listen \[/listen \[/" /etc/nginx/sites-enabled/misp443
fi

if [[ ! -f /etc/nginx/certs/cert.pem || ! -f /etc/nginx/certs/key.pem ]]; then
Expand Down
8 changes: 4 additions & 4 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@ services:
build:
context: core/.
args:
- CORE_TAG=${CORE_TAG}
- CORE_TAG=${CORE_TAG:?Missing .env file, see README.md for instructions}
- CORE_COMMIT=${CORE_COMMIT}
- PHP_VER=${PHP_VER}
- PHP_VER=${PHP_VER:?Missing .env file, see README.md for instructions}
- PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
- PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
- PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
Expand Down Expand Up @@ -120,9 +120,9 @@ services:
build:
context: modules/.
args:
- MODULES_TAG=${MODULES_TAG}
- MODULES_TAG=${MODULES_TAG:?Missing .env file, see README.md for instructions}
- MODULES_COMMIT=${MODULES_COMMIT}
- LIBFAUP_COMMIT=${LIBFAUP_COMMIT}
- LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions}
environment:
- "REDIS_BACKEND=redis"
depends_on:
Expand Down
4 changes: 2 additions & 2 deletions template.env
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
# Build-time variables
##

CORE_TAG=v2.4.186
MODULES_TAG=v2.4.186
CORE_TAG=v2.4.187
MODULES_TAG=v2.4.187
PHP_VER=20190902
LIBFAUP_COMMIT=3a26d0a

Expand Down

0 comments on commit fe531d5

Please sign in to comment.