diff --git a/Dockerfile b/Dockerfile index 9c1f697..571c5c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,30 @@ -FROM alpine:edge AS builder +ARG PYTHON_VERSION=3.11.9 -ARG VERSION -ARG CHECKSUM +FROM python:${PYTHON_VERSION}-alpine AS builder -ARG PYTHON_VERSION=3.11 +ARG VERSION=6.4.0 +ARG CHECKSUM=da7676ea7836022faef3b733e2b0431d0237ffec3796a0a5460e6a94a1c0cdd5 + +ARG CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 RUN apk add --no-cache build-base libffi-dev perl zlib-dev diffutils libstdc++ gcompat \ - bash wget py3-cffi py3-zope-interface + bash wget py3-cffi py3-zope-interface py3-cryptography RUN wget -O duoauthproxy.tgz https://dl.duosecurity.com/duoauthproxy-${VERSION}-src.tgz RUN echo "${CHECKSUM} duoauthproxy.tgz" | sha256sum -c RUN tar xzf duoauthproxy.tgz WORKDIR duoauthproxy-${VERSION}-src -RUN mkdir -p duoauthproxy-build/usr/local/lib/python${PYTHON_VERSION}/ -RUN cp -R /usr/lib/python3.11/site-packages duoauthproxy-build/usr/local/lib/python${PYTHON_VERSION}/ +RUN mkdir -p duoauthproxy-build/usr/local/lib/python${PYTHON_VERSION%.*}/ +RUN cp -R /usr/lib/python${PYTHON_VERSION%.*}/site-packages duoauthproxy-build/usr/local/lib/python${PYTHON_VERSION%.*}/ RUN sed -i '/$(CFFI) \\/d' Makefile RUN sed -i '/$(ZOPE_INTERFACE) \\/d' Makefile +RUN sed -i '/$(CRYPTOGRAPHY) \\/d' Makefile RUN make RUN LD_PRELOAD=libgcompat.so.0 duoauthproxy-build/install --install-dir /app --service-user nobody --log-group nobody --create-init-script no --enable-selinux=no -RUN rm -rf /app/usr/local/lib/python${PYTHON_VERSION}/test +RUN rm -rf /app/usr/local/lib/python${PYTHON_VERSION%.*}/test RUN chown -R nobody:nobody /app/conf FROM alpine:edge +ARG CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 WORKDIR /app RUN apk add --no-cache libgcc libffi-dev gcompat su-exec USER 0:0 diff --git a/build.sh b/build.sh index fd903fa..25a8776 100755 --- a/build.sh +++ b/build.sh @@ -19,6 +19,6 @@ docker buildx create --use --name builder docker buildx inspect --bootstrap builder docker buildx install -docker buildx build --cache-to=type=local,dest=cache,mode=max --build-arg VERSION --build-arg CHECKSUM --platform "linux/${ARCH}" -t "${REGISTRY_IMAGE}:${ARCH/\//}" . +docker buildx build --cache-to=type=local,dest=cache,mode=max --build-arg VERSION --build-arg CHECKSUM --build-arg PYTHON_VERSION --platform "linux/${ARCH}" -t "${REGISTRY_IMAGE}:${ARCH/\//}" . echo "${TOKEN}" | docker login -u "${USERNAME}" --password-stdin ${REGISTRY} -docker buildx build --push --cache-from=type=local,src=cache --build-arg VERSION --build-arg CHECKSUM --platform "linux/${ARCH}" -t "${REGISTRY_IMAGE}:${ARCH/\//}" . +docker buildx build --push --cache-from=type=local,src=cache --build-arg VERSION --build-arg CHECKSUM --build-arg PYTHON_VERSION --platform "linux/${ARCH}" -t "${REGISTRY_IMAGE}:${ARCH/\//}" . diff --git a/build.template.yml b/build.template.yml index 82f4ff7..5136881 100644 --- a/build.template.yml +++ b/build.template.yml @@ -22,7 +22,7 @@ variables: - name: docker:dind command: ["--experimental"] script: - - VERSION=$LATEST CHECKSUM=$CHECKSUM ./build.sh + - VERSION=$LATEST CHECKSUM=$CHECKSUM PYTHON_VERSION=$PYTHON_VERSION ./build.sh build:amd64: extends: .build-template diff --git a/check.sh b/check.sh index 328de52..7f10612 100755 --- a/check.sh +++ b/check.sh @@ -13,12 +13,16 @@ else INFO=$(curl https://duo.com/docs/checksums | grep 'https://dl.duosecurity.com/duoauthproxy' | grep 'src.tgz' | rev | cut -d'>' -f1 | rev) CHECKSUM=$(echo "$INFO" | cut -d' ' -f1) LATEST=$(echo "$INFO" | cut -d'-' -f2) + PYTHON_VERSION=$(curl https://duo.com/docs/authproxy-notes | grep -Eo 'Python to \d+.\d+.\d+' | head -n1 | rev | cut -d' ' -f1 | rev) echo "Latest: ${LATEST}" + echo "Checksum: ${CHECKSUM}" + echo "Python Version: ${PYTHON_VERSION}" fi if [[ (-n "${LATEST}" && "${LATEST}" != "${EXISTING}") ]]; then mv build.template.yml build.yml sed -i "s \$CHECKSUM ${CHECKSUM} g" 'build.yml' sed -i "s \$LATEST ${LATEST} g" 'build.yml' + sed -i "s \$PYTHON_VERSION ${PYTHON_VERSION} g" 'build.yml' echo "Building..." fi