Add a Dockerfile for the main nivlheim (api) image

.github/workflows/ci.yaml

@@ -21,55 +21,33 @@ jobs:
         ports:
           - 5432:5432
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Guix cache
-        uses: actions/cache@v2
-        with:
-          # Note: /gnu/store may exceed the limit of 5GiB, so don't
-          # cache it.  TODO: Selective caching with 'guix archive'?
-          path: |
-            ~/.cache/guix
-          key: guix-cache-${{ github.sha }}
-          restore-keys: |
-            guix-cache-
-      - name: Read channels.scm
-        run: |
-          echo "CHANNELS<<EOF" >> $GITHUB_ENV
-          cat ci/channels.scm >> $GITHUB_ENV
-          echo EOF >> $GITHUB_ENV
-      - name: Install Guix
-        uses: PromyLOPH/guix-install-action@v1
-        with:
-          channels: "${{ env.CHANNELS }}"
-      - name: Build Nivlheim
-        run: |
-          guix build -m manifest.scm
-      - name: Start the server
-        run: |
-          guix shell -m manifest.scm -- nivlheim &
-        env:
-          NIVLHEIM_PGHOST: localhost
-          NIVLHEIM_PGUSER: nivlheim
-          NIVLHEIM_PGPASSWORD: postgres
-          NIVLHEIM_PGDATABASE: nivlheim
-          NIVLHEIM_PGSSLMODE: disable
-      - name: Test API
-        run: |
-          # Give the server some time to initialize.
-          sleep 5
-          curl http://localhost:4040/api/v2/status
-      - name: Pack container image
-        run: |
-          guix pack -f docker --root=nivlheim-image.tar.gz \
-            --entry-point=bin/nivlheim \
-            -S /etc/profile=etc/profile \
-            -m manifest.scm
-      - name: Upload artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: nivlheim-image.tar.gz
-          path: nivlheim-image.tar.gz
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Run Go tests
+      run: |
+        cd server/service
+        go test -v
+      env:
+        NIVLHEIM_PGHOST: localhost
+        NIVLHEIM_PGUSER: nivlheim
+        NIVLHEIM_PGPASSWORD: postgres
+        NIVLHEIM_PGDATABASE: nivlheim
+        NIVLHEIM_PGSSLMODE: disable
+    - name: Docker build
+      run: |
+        VERSION=`cat VERSION`
+        if [[ "$GITHUB_REF_NAME" != "master" ]]; then
+          VERSION="$VERSION-$GITHUB_REF_NAME"
+        fi
+        echo "version=$VERSION"
+        docker build --file ci/docker/api_Dockerfile --tag nivlheim:latest --build-arg version=$VERSION server/service
+    - name: Docker save
+      run: docker save nivlheim | gzip > nivlheim-image.tar.gz
+    - name: Upload artifact
+      uses: actions/upload-artifact@v2
+      with:
+        name: nivlheim-image.tar.gz
+        path: nivlheim-image.tar.gz
 
   buildwww:
     name: Build httpd+cgi image

VERSION

@@ -1 +1 @@
-2.7.13
+2.7.14

ci/docker/api_Dockerfile

@@ -0,0 +1,29 @@
+## Build
+FROM golang:buster AS build
+ARG version
+
+WORKDIR /app
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY *.go ./
+COPY ./database ./database
+COPY ./utility ./utility
+
+RUN go build -o /nivlheim -ldflags "-X main.version=${version:-UNDEFINED}"
+
+## Deploy
+FROM ubuntu:latest
+MAINTAINER [email protected]
+LABEL [email protected]
+LABEL description="Main Nivlheim server exposing API"
+
+EXPOSE 4040
+
+WORKDIR /
+
+RUN apt-get update -qq && apt-get install -yqq ca-certificates
+COPY --from=build /nivlheim /nivlheim
+
+ENTRYPOINT ["/nivlheim"]

client/nivlheim_client

@@ -67,7 +67,7 @@ my $NAME    = 'nivlheim_client';
 my $AUTHOR  = 'Øyvind Hagberg';
 my $CONTACT = '[email protected]';
 my $RIGHTS  = 'USIT/IT-DRIFT/GD/GID, University of Oslo, Norway';
-my $VERSION = '2.7.13';
+my $VERSION = '2.7.14';
 
 # Usage text
 my $USAGE = <<"END_USAGE";

client/windows/nivlheim_client.ps1

@@ -31,7 +31,7 @@ param(
 	[bool]$nosleep = $false
 )
 
-Set-Variable version -option Constant -value "2.7.13"
+Set-Variable version -option Constant -value "2.7.14"
 Set-Variable useragent -option Constant -value "NivlheimPowershellClient/$version"
 Set-PSDebug -strict
 Set-StrictMode -version "Latest"	# http://technet.microsoft.com/en-us/library/hh849692.aspx

debian/changelog

@@ -1,3 +1,9 @@
+nivlheim (2.7.14-1) buster; urgency=low
+
+  * Upstream changes, no changes in the client
+
+ -- Øyvind Hagberg <[email protected]>  Fri, 16 Sep 2022 15:59:00 +0200
+
 nivlheim (2.7.13-1) buster; urgency=low
 
   * Upstream changes

server/service/accessControlKeys.go

@@ -5,12 +5,12 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"nivlheim/utility"
 	"strings"
 	"sync"
 	"time"
 
 	"github.com/lib/pq"
-	"github.com/unioslo/nivlheim/server/service/utility"
 )
 
 type APIkey string

server/service/api_grep.go

@@ -111,7 +111,7 @@ outer:
 
 		// Possibly filter out hosts with undetermined hostnames
 		if config.HideUnknownHosts {
-			if _,ok := certfp2hostname[certfp]; !ok {
+			if _, ok := certfp2hostname[certfp]; !ok {
 				continue
 			}
 		}

server/service/api_host.go

@@ -4,11 +4,11 @@ import (
 	"database/sql"
 	"fmt"
 	"net/http"
+	"nivlheim/utility"
 	"regexp"
 	"time"
 
 	"github.com/lib/pq"
-	"github.com/unioslo/nivlheim/server/service/utility"
 )
 
 type apiMethodHost struct {

server/service/api_hostlist.go

@@ -106,7 +106,7 @@ func (vars *apiMethodHostList) ServeGET(w http.ResponseWriter, req *http.Request
 	temp := make([]string, 0, len(apiHostListStandardFields))
 	for _, f := range apiHostListStandardFields {
 		if f.expression != "" {
-			temp = append(temp, f.expression + " AS " + f.columnName)
+			temp = append(temp, f.expression+" AS "+f.columnName)
 		} else {
 			temp = append(temp, f.columnName)
 		}

server/service/api_hostlist_post.go

@@ -8,10 +8,9 @@ import (
 	"io/ioutil"
 	"log"
 	"net/http"
+	"nivlheim/utility"
 	"strings"
 	"time"
-
-	"github.com/unioslo/nivlheim/server/service/utility"
 )
 
 var apiHostListWritableFields = map[string]string{

server/service/api_hostlist_test.go

@@ -236,12 +236,12 @@ func TestApiMethodHostList(t *testing.T) {
 		},
 		// Regression tests for a bug (See GitHub issue #151)
 		{
-			methodAndPath:  "GET /api/v2/hostlist?fields=hostname,os,duck&ipAddress=129.240.98.*",
-			expectStatus:   http.StatusOK,
+			methodAndPath: "GET /api/v2/hostlist?fields=hostname,os,duck&ipAddress=129.240.98.*",
+			expectStatus:  http.StatusOK,
 		},
 		{
-			methodAndPath:  "GET /api/v2/hostlist?fields=hostname,os&ipAddress=129.240.98.*",
-			expectStatus:   http.StatusOK,
+			methodAndPath: "GET /api/v2/hostlist?fields=hostname,os&ipAddress=129.240.98.*",
+			expectStatus:  http.StatusOK,
 		},
 	}
 
@@ -281,32 +281,32 @@ func TestApiMethodHostList(t *testing.T) {
 }
 
 func TestHideUnknownHosts(t *testing.T) {
-    if os.Getenv("NOPOSTGRES") != "" {
-        t.Log("No Postgres, skipping test")
-        return
-    }
+	if os.Getenv("NOPOSTGRES") != "" {
+		t.Log("No Postgres, skipping test")
+		return
+	}
 
 	db := getDBconnForTesting(t)
-    defer db.Close()
-    _, err := db.Exec("INSERT INTO hostinfo(certfp,hostname,ipaddr,os_edition) VALUES" +
-        "('1111','foo.bar.no','1.1.1.1','workstation')," +
-        "('2222',null,'2.2.2.2','workstation')")
-    if err != nil {
-        t.Error(err)
-    }
+	defer db.Close()
+	_, err := db.Exec("INSERT INTO hostinfo(certfp,hostname,ipaddr,os_edition) VALUES" +
+		"('1111','foo.bar.no','1.1.1.1','workstation')," +
+		"('2222',null,'2.2.2.2','workstation')")
+	if err != nil {
+		t.Error(err)
+	}
 
 	testsWhenOptionOff := []apiCall{
 		{
 			methodAndPath: "GET /api/v2/hostlist?fields=hostname",
 			expectStatus:  http.StatusOK,
-			expectJSON: `[{"hostname":"2.2.2.2"},{"hostname":"foo.bar.no"}]`,
+			expectJSON:    `[{"hostname":"2.2.2.2"},{"hostname":"foo.bar.no"}]`,
 		},
 	}
 	testsWhenOptionOn := []apiCall{
 		{
 			methodAndPath: "GET /api/v2/hostlist?fields=hostname",
 			expectStatus:  http.StatusOK,
-			expectJSON: `[{"hostname":"foo.bar.no"}]`,
+			expectJSON:    `[{"hostname":"foo.bar.no"}]`,
 		},
 	}
 

server/service/api_keys.go

@@ -7,13 +7,13 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"nivlheim/utility"
 	"regexp"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/lib/pq"
-	"github.com/unioslo/nivlheim/server/service/utility"
 )
 
 type apiMethodKeys struct {

server/service/api_search_test.go

@@ -113,37 +113,37 @@ func TestSearchCaseSensitivity(t *testing.T) {
 		// Test a search that returns ip address and hostname
 		{
 			methodAndPath: "GET /api/v2/search?q=night&fields=ipAddress,hostname",
-			expectStatus: http.StatusOK,
-			expectJSON: `[{"ipAddress":"` + ip2 + `","hostname":"`+hostname2+`"}]`,
+			expectStatus:  http.StatusOK,
+			expectJSON:    `[{"ipAddress":"` + ip2 + `","hostname":"` + hostname2 + `"}]`,
 		},
 		{
 			methodAndPath: "GET /api/v2/msearch?q1=night&fields=ipAddress,hostname",
-			expectStatus: http.StatusOK,
-			expectJSON: `[{"ipAddress":"` + ip2 + `","hostname":"`+hostname2+`"}]`,
+			expectStatus:  http.StatusOK,
+			expectJSON:    `[{"ipAddress":"` + ip2 + `","hostname":"` + hostname2 + `"}]`,
 		},
 		// A search that returns two hosts
 		{
 			methodAndPath: "GET /api/v2/search?q=sugar&fields=hostname",
-			expectStatus: http.StatusOK,
-			expectJSON: `[{"hostname":"`+hostname2+`"},{"hostname":"`+hostname+`"}]`,
+			expectStatus:  http.StatusOK,
+			expectJSON:    `[{"hostname":"` + hostname2 + `"},{"hostname":"` + hostname + `"}]`,
 		},
 		{
 			methodAndPath: "GET /api/v2/msearch?q1=sugar&fields=hostname",
-			expectStatus: http.StatusOK,
-			expectJSON: `[{"hostname":"`+hostname+`"},{"hostname":"`+hostname2+`"}]`,
+			expectStatus:  http.StatusOK,
+			expectJSON:    `[{"hostname":"` + hostname + `"},{"hostname":"` + hostname2 + `"}]`,
 		},
 		{
 			methodAndPath: "GET /api/v2/grep?q=sugar",
-			expectStatus: http.StatusOK,
-			expectContent: hostname2+":"+filename+":"+content2+"\n"+hostname+":"+filename+":"+content,
+			expectStatus:  http.StatusOK,
+			expectContent: hostname2 + ":" + filename + ":" + content2 + "\n" + hostname + ":" + filename + ":" + content,
 		},
 	}
 
 	// Run the tests
 	testAPIcalls(t, api, tests)
 
 	// Also run the tests with option HideUnknownHosts=true
-	config.HideUnknownHosts=true
+	config.HideUnknownHosts = true
 	// Add a host without a name, that shouldn't show up in the results
 	certfp3 := "CCCCCC"
 	_, err = db.Exec("INSERT INTO files(fileid,filename,certfp,content,ipaddr) "+
@@ -159,5 +159,5 @@ func TestSearchCaseSensitivity(t *testing.T) {
 	}
 	addFileToFastSearch(fileID+2, certfp3, filename, content)
 	testAPIcalls(t, api, tests)
-	config.HideUnknownHosts=false
+	config.HideUnknownHosts = false
 }

server/service/api_searchpage.go

@@ -107,7 +107,7 @@ func (vars *apiMethodSearchPage) ServeHTTP(w http.ResponseWriter, req *http.Requ
 	statement := "SELECT certfp FROM hostinfo"
 	whereAnd := "WHERE"
 	if !access.HasAccessToAllGroups() {
-		statement += " " + whereAnd + " ownergroup IN ("+access.GetGroupListForSQLWHERE()+")"
+		statement += " " + whereAnd + " ownergroup IN (" + access.GetGroupListForSQLWHERE() + ")"
 		whereAnd = "AND"
 	}
 	if config.HideUnknownHosts {

server/service/api_testHelpers.go

@@ -5,10 +5,9 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"nivlheim/utility"
 	"strings"
 	"testing"
-
-	"github.com/unioslo/nivlheim/server/service/utility"
 )
 
 type apiCall struct {

server/service/config.go

@@ -66,7 +66,7 @@ func updateConfig(config *Config, key string, value string) {
 // Options in the file must have the same name as fields in the struct,
 // disregarding upper/lowercase.
 // Options with names that aren't recognized are ignored.
-func UpdateConfigFromFile(config *Config, configFileName string) (error) {
+func UpdateConfigFromFile(config *Config, configFileName string) error {
 	// Open the config file
 	file, err := os.Open(configFileName)
 	if err != nil {

server/service/deleteOldCertificates.go

@@ -3,9 +3,8 @@ package main
 import (
 	"database/sql"
 	"log"
+	"nivlheim/utility"
 	"time"
-
-	"github.com/unioslo/nivlheim/server/service/utility"
 )
 
 type deleteOldCertificatesJob struct{}

server/service/deleteOldCertificates_test.go

@@ -1,10 +1,9 @@
 package main
 
 import (
+	"nivlheim/utility"
 	"os"
 	"testing"
-
-	"github.com/unioslo/nivlheim/server/service/utility"
 )
 
 func TestDeleteOldCertificates(t *testing.T) {