From dbb91cbe5b1e6312d9f2f5ef3289842052c29ac3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sun, 12 Jul 2020 17:44:40 +0200 Subject: [PATCH 01/44] replace master with dev --- .github/workflows/docker-publish.yml | 24 +++++++++--------------- CHANGELOG.md | 1 + readme.md | 16 ++++++++-------- 3 files changed, 18 insertions(+), 23 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index ef92ef7..f598ec0 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -2,11 +2,11 @@ name: Docker on: schedule: - - cron: '0 1 * * *' + - cron: "0 1 * * *" pull_request: - branches: master + branches: dev push: - branches: master + branches: dev tags: - v* @@ -18,8 +18,7 @@ jobs: steps: - uses: actions/checkout@v2 - - - name: Prepare + - name: Prepare id: prepare run: | DOCKER_IMAGE=sarasmiseth/prosody @@ -46,30 +45,25 @@ jobs: id: buildx uses: crazy-max/ghaction-docker-buildx@v3.1.0 - - - name: Docker Buildx (build) + - name: Docker Buildx (build) run: | docker buildx build --output "type=image,push=false" ${{ steps.prepare.outputs.buildx_args }} - - - name: Docker Login + - name: Docker Login if: success() && github.event_name != 'pull_request' env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} run: | echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin - - - name: Docker Buildx (push) + - name: Docker Buildx (push) if: success() && github.event_name != 'pull_request' run: | docker buildx build --output "type=image,push=true" ${{ steps.prepare.outputs.buildx_args }} - - - name: Docker Check Manifest + - name: Docker Check Manifest if: always() && github.event_name != 'pull_request' run: | docker run --rm mplatform/mquery ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }} - - - name: Clear + - name: Clear if: always() && github.event_name != 'pull_request' run: | rm -f ${HOME}/.docker/config.json diff --git a/CHANGELOG.md b/CHANGELOG.md index a10c92e..9739c85 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Changelog ## Unreleased +* Replace "master" with "dev". ## v1.1.0 diff --git a/readme.md b/readme.md index 59a8541..9f0e227 100644 --- a/readme.md +++ b/readme.md @@ -1,6 +1,6 @@ # Prosody XMPP Docker image -![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=master) +![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=dev) [![docker image](https://images.microbadger.com/badges/image/sarasmiseth/prosody:latest.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) [![docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) [![docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) @@ -172,12 +172,12 @@ Inspect logs: ```docker-compose logs -f```. -| Tag | Description | -| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/master) in the master branch. | -| nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/master) in the master branch. It gets rebuild every night. | -| latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). | -| *vX.Y.Z* | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). | +| Tag | Description | +| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| edge | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. | +| nightly | This tag points to the latest version build from the newest [commit](https://github.com/SaraSmiseth/prosody/commits/dev) in the dev branch. It gets rebuild every night. | +| latest | This tag points to the latest version build from the latest commit that is tagged in git. See [releases](https://github.com/SaraSmiseth/prosody/releases). | +| *vX.Y.Z* | There is a tag for each [release](https://github.com/SaraSmiseth/prosody/releases). | ### Configuration @@ -195,7 +195,7 @@ Inspect logs: ```docker-compose logs -f```. | **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | | **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | | **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | -| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | +| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | #### DNS From a5c6d5ecefb0a6659b2ea421adcf195ca8cbae71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 9 Sep 2020 17:24:56 +0200 Subject: [PATCH 02/44] update prosody to version 0.11.6 --- CHANGELOG.md | 6 ++++++ Dockerfile | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9739c85..a2ebbb2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ # Changelog ## Unreleased + +* Nothing yet + +## v1.1.1 + +* Updated to Prosody version [0.11.6](https://blog.prosody.im/prosody-0.11.6-released/). * Replace "master" with "dev". ## v1.1.0 diff --git a/Dockerfile b/Dockerfile index fcedc52..fe52a34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,9 +15,9 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ENV PROSODY_VERSION 0.11.5 +ENV PROSODY_VERSION 0.11.6 ENV PROSODY_DOWNLOAD_URL https://prosody.im/downloads/source/prosody-${PROSODY_VERSION}.tar.gz -ENV PROSODY_DOWNLOAD_SHA1 fbe27d3203671a6ecd5ba8233dc4c113fd76cd2e +ENV PROSODY_DOWNLOAD_SHA1 3c24f3faf7735c570213da74eba6343c3afdf50d ENV LUAROCKS_VERSION 3.3.1 RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev make unzip' \ From fd21384bdf1fc5efd743d03eaf9708387cc53e9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 18 Sep 2020 16:26:15 +0200 Subject: [PATCH 03/44] Make 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes #4 --- CHANGELOG.md | 2 +- conf.d/04-server_contact_info.cfg.lua | 12 +++++----- docker-entrypoint.sh | 6 +++++ readme.md | 32 ++++++++++++++++----------- 4 files changed, 32 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2ebbb2..67e5145 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Unreleased -* Nothing yet +* Made 04-server_contact_info.cfg.lua configurable with ENV variables. See [#4](https://github.com/SaraSmiseth/prosody/issues/4). ## v1.1.1 diff --git a/conf.d/04-server_contact_info.cfg.lua b/conf.d/04-server_contact_info.cfg.lua index a1f0d40..1aaf5fd 100644 --- a/conf.d/04-server_contact_info.cfg.lua +++ b/conf.d/04-server_contact_info.cfg.lua @@ -1,10 +1,10 @@ local domain = os.getenv("DOMAIN") contact_info = { - abuse = { "xmpp:abuse@" .. domain }; - admin = { "xmpp:admin@" .. domain }; - feedback = { "xmpp:feedback@" .. domain }; - sales = { "xmpp:sales@" .. domain }; - security = { "xmpp:security@" .. domain }; - support = { "xmpp:support@" .. domain }; + abuse = { os.getenv("SERVER_CONTACT_INFO_ABUSE") }; + admin = { os.getenv("SERVER_CONTACT_INFO_ADMIN") }; + feedback = { os.getenv("SERVER_CONTACT_INFO_FEEDBACK") }; + sales = { os.getenv("SERVER_CONTACT_INFO_SALES") }; + security = { os.getenv("SERVER_CONTACT_INFO_SECURITY") }; + support = { os.getenv("SERVER_CONTACT_INFO_SUPPORT") }; } diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4d614f7..350cf3e 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -24,6 +24,12 @@ export LOG_LEVEL=${LOG_LEVEL:-"info"} export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true} export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true} export S2S_SECURE_AUTH=${S2S_SECURE_AUTH:-true} +export SERVER_CONTACT_INFO_ABUSE=${SERVER_CONTACT_INFO_ABUSE:-"xmpp:abuse@$DOMAIN"} +export SERVER_CONTACT_INFO_ADMIN=${SERVER_CONTACT_INFO_ADMIN:-"xmpp:admin@$DOMAIN"} +export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedback@$DOMAIN"} +export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} +export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} +export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} export PROSODY_ADMINS=${PROSODY_ADMINS:-""} exec "$@" diff --git a/readme.md b/readme.md index 9f0e227..46f544e 100644 --- a/readme.md +++ b/readme.md @@ -183,19 +183,25 @@ Inspect logs: ```docker-compose logs -f```. #### Environment variables -| Variable | Description | Type | Default value | -| -------------------------- | ------------------------------------------------------------------------------------------------------- | ------------ | --------------------- | -| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | -| **DOMAIN** | domain | **required** | null | -| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | -| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | -| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | -| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | -| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | -| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | -| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | -| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | -| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | +| Variable | Description | Type | Default value | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | +| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | +| **DOMAIN** | domain | **required** | null | +| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | +| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | +| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | +| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | +| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | +| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | +| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | +| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | +| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" | +| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" | +| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | +| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | #### DNS From fb50f748ee484a54a63b2e42c26e6e17d95d7360 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 18 Sep 2020 18:53:33 +0200 Subject: [PATCH 04/44] Make 03-e2e-policy.cfg.lua configurable with ENV variables. --- CHANGELOG.md | 3 ++- conf.d/03-e2e-policy.cfg.lua | 6 +++--- docker-entrypoint.sh | 2 ++ readme.md | 2 ++ 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 67e5145..aa189ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,8 @@ ## Unreleased -* Made 04-server_contact_info.cfg.lua configurable with ENV variables. See [#4](https://github.com/SaraSmiseth/prosody/issues/4). +* Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). +* Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). ## v1.1.1 diff --git a/conf.d/03-e2e-policy.cfg.lua b/conf.d/03-e2e-policy.cfg.lua index ba094e5..c4f1053 100644 --- a/conf.d/03-e2e-policy.cfg.lua +++ b/conf.d/03-e2e-policy.cfg.lua @@ -1,7 +1,7 @@ -e2e_policy_chat = "required" -e2e_policy_muc = "required" +e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") +e2e_policy_muc = os.getenv("E2E_POLICY_MUC") e2e_policy_whitelist = {} e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server." e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server." e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server." -e2e_policy_message_required_muc = "For security reasons, OMEMO, OTR or PGP encryption is required for MUC on this server." \ No newline at end of file +e2e_policy_message_required_muc = "For security reasons, OMEMO, OTR or PGP encryption is required for MUC on this server." diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 350cf3e..a562226 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -20,6 +20,8 @@ export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"} export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"} export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"} export DOMAIN_PUBSUB=${DOMAIN_PUBSUB:-"pubsub.$DOMAIN"} +export E2E_POLICY_CHAT=${E2E_POLICY_CHAT:-"required"} +export E2E_POLICY_MUC=${E2E_POLICY_MUC:-"required"} export LOG_LEVEL=${LOG_LEVEL:-"info"} export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true} export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true} diff --git a/readme.md b/readme.md index 46f544e..30c24ab 100644 --- a/readme.md +++ b/readme.md @@ -191,6 +191,8 @@ Inspect logs: ```docker-compose logs -f```. | **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | | **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | | **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | +| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | +| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | | **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | | **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | From 15b95e58226c59ad04bbabd39a370b227f50079c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sat, 26 Sep 2020 18:43:35 +0200 Subject: [PATCH 05/44] Remove obsolete server_contact_info section. Use ENV variables instead. --- readme.md | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/readme.md b/readme.md index 30c24ab..66bf117 100644 --- a/readme.md +++ b/readme.md @@ -38,7 +38,6 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th - [Configuration](#configuration) - [Environment variables](#environment-variables) - [DNS](#dns) - - [server_contact_info](#server_contact_info) - [Extend](#extend) - [Upgrade](#upgrade) - [Test your server](#test-your-server) @@ -218,20 +217,6 @@ You need these DNS record pointing to your server: where domain.tld is the environment variable DOMAIN. -#### server_contact_info - -This module lets you advertise various contact addresses for your XMPP service via XEP-0157. -It is configured for the following contacts: - -* abuse -* admin -* feedback -* sales -* security -* support - -You can change them in [05-server_contact_info.cfg.lua](./conf.d/04-server_contact_info.cfg.lua). - ### Extend There is a helper script that eases installing additional prosody modules: ```docker-prosody-module-install``` From 606e63f20f5fc25e638e59b47ff07d67cc455453 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sat, 26 Sep 2020 18:54:56 +0200 Subject: [PATCH 06/44] Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. --- CHANGELOG.md | 1 + conf.d/03-e2e-policy.cfg.lua | 2 +- conf.d/04-server_contact_info.cfg.lua | 2 -- docker-entrypoint.sh | 1 + readme.md | 1 + 5 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa189ba..22752ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ * Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). * Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). +* Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). ## v1.1.1 diff --git a/conf.d/03-e2e-policy.cfg.lua b/conf.d/03-e2e-policy.cfg.lua index c4f1053..e296475 100644 --- a/conf.d/03-e2e-policy.cfg.lua +++ b/conf.d/03-e2e-policy.cfg.lua @@ -1,6 +1,6 @@ e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") e2e_policy_muc = os.getenv("E2E_POLICY_MUC") -e2e_policy_whitelist = {} +e2e_policy_whitelist = { os.getenv("E2E_POLICY_WHITELIST") } e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server." e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server." e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server." diff --git a/conf.d/04-server_contact_info.cfg.lua b/conf.d/04-server_contact_info.cfg.lua index 1aaf5fd..6268d9d 100644 --- a/conf.d/04-server_contact_info.cfg.lua +++ b/conf.d/04-server_contact_info.cfg.lua @@ -1,5 +1,3 @@ -local domain = os.getenv("DOMAIN") - contact_info = { abuse = { os.getenv("SERVER_CONTACT_INFO_ABUSE") }; admin = { os.getenv("SERVER_CONTACT_INFO_ADMIN") }; diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index a562226..9569365 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -22,6 +22,7 @@ export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"} export DOMAIN_PUBSUB=${DOMAIN_PUBSUB:-"pubsub.$DOMAIN"} export E2E_POLICY_CHAT=${E2E_POLICY_CHAT:-"required"} export E2E_POLICY_MUC=${E2E_POLICY_MUC:-"required"} +export E2E_POLICY_WHITELIST=${E2E_POLICY_WHITELIST:-""} export LOG_LEVEL=${LOG_LEVEL:-"info"} export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true} export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true} diff --git a/readme.md b/readme.md index 66bf117..61c6624 100644 --- a/readme.md +++ b/readme.md @@ -192,6 +192,7 @@ Inspect logs: ```docker-compose logs -f```. | **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | | **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | +| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | | **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | | **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | | **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | From 9645f521f86f15002eb46e282f2265d2ab4d5417 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sat, 19 Sep 2020 23:30:12 +0000 Subject: [PATCH 07/44] fix bug with env-vars env-vars should be defined before the if conditional branches, so that in case they execute, there will be no errors about undefined env-vars --- docker-entrypoint.sh | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 9569365..fe02b5c 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,20 +1,6 @@ #!/bin/bash set -e -if [[ "$1" != "prosody" ]]; then - exec prosodyctl $* - exit 0; -fi - -if [ "$LOCAL" -a "$PASSWORD" -a "$DOMAIN" ] ; then - prosodyctl register $LOCAL $DOMAIN $PASSWORD -fi - -if [ -z "$DOMAIN" ]; then - echo "[ERROR] DOMAIN must be set!" - exit 1 -fi - export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true} export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"} export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"} @@ -35,4 +21,19 @@ export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:securi export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} export PROSODY_ADMINS=${PROSODY_ADMINS:-""} +if [[ "$1" != "prosody" ]]; then + exec prosodyctl $* + exit 0; +fi + +if [ "$LOCAL" -a "$PASSWORD" -a "$DOMAIN" ] ; then + prosodyctl register $LOCAL $DOMAIN $PASSWORD +fi + +if [ -z "$DOMAIN" ]; then + echo "[ERROR] DOMAIN must be set!" + exit 1 +fi + + exec "$@" From 1980cf0899c799e8b8bb151727fe5a4ac1261d73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 30 Sep 2020 15:40:40 +0200 Subject: [PATCH 08/44] Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 22752ef..fad60ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ * Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). * Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). * Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). +* Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. ## v1.1.1 From ceef3c335f936d9895037459ce695d1713011902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 1 Oct 2020 17:50:58 +0200 Subject: [PATCH 09/44] update prosody to version 0.11.7 --- CHANGELOG.md | 1 + Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fad60ec..b62445a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). * Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). * Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. +* Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). ## v1.1.1 diff --git a/Dockerfile b/Dockerfile index fe52a34..aaeb9ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,9 +15,9 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ENV PROSODY_VERSION 0.11.6 +ENV PROSODY_VERSION 0.11.7 ENV PROSODY_DOWNLOAD_URL https://prosody.im/downloads/source/prosody-${PROSODY_VERSION}.tar.gz -ENV PROSODY_DOWNLOAD_SHA1 3c24f3faf7735c570213da74eba6343c3afdf50d +ENV PROSODY_DOWNLOAD_SHA1 425e1c7ca37464b31711da8eb4a4c9444a70360f ENV LUAROCKS_VERSION 3.3.1 RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev make unzip' \ From 58f5d189872b6ed27c37324426bf7c5b422a9ea8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 1 Oct 2020 18:22:06 +0200 Subject: [PATCH 10/44] update luarocks to version 3.4.0 --- CHANGELOG.md | 2 ++ Dockerfile | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b62445a..a1e965e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ * Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). * Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. * Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). +* Changed hashing of downloaded packages in Dockerfile to sha256. +* Updated luarocks to version 3.4.0. ## v1.1.1 diff --git a/Dockerfile b/Dockerfile index aaeb9ff..0084280 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,8 +17,9 @@ RUN apt-get update \ ENV PROSODY_VERSION 0.11.7 ENV PROSODY_DOWNLOAD_URL https://prosody.im/downloads/source/prosody-${PROSODY_VERSION}.tar.gz -ENV PROSODY_DOWNLOAD_SHA1 425e1c7ca37464b31711da8eb4a4c9444a70360f -ENV LUAROCKS_VERSION 3.3.1 +ENV PROSODY_DOWNLOAD_SHA256 28ffc07653485cb63e22b387d3ea4825ee2baaee0c5827de4d6053a35b1c8747 +ENV LUAROCKS_VERSION 3.4.0 +ENV LUAROCKS_SHA256 62ce5826f0eeeb760d884ea8330cd1552b5d432138b8bade0fa72f35badd02d0 RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev make unzip' \ && set -x \ @@ -26,7 +27,7 @@ RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libss && rm -rf /var/lib/apt/lists/* \ \ && wget -O prosody.tar.gz "${PROSODY_DOWNLOAD_URL}" \ - && echo "${PROSODY_DOWNLOAD_SHA1} *prosody.tar.gz" | sha1sum -c - \ + && echo "${PROSODY_DOWNLOAD_SHA256} *prosody.tar.gz" | sha256sum -c - \ && mkdir -p /usr/src/prosody \ && tar -xzf prosody.tar.gz -C /usr/src/prosody --strip-components=1 \ && rm prosody.tar.gz \ @@ -38,6 +39,7 @@ RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libss && mkdir /usr/src/luarocks \ && cd /usr/src/luarocks \ && wget https://luarocks.org/releases/luarocks-${LUAROCKS_VERSION}.tar.gz \ + && echo "${LUAROCKS_SHA256} luarocks-${LUAROCKS_VERSION}.tar.gz" | sha256sum -c - \ && tar zxpf luarocks-${LUAROCKS_VERSION}.tar.gz \ && cd luarocks-${LUAROCKS_VERSION} \ && ./configure \ From ade86ee812d9afbec8ced10b3a5edf81922118df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 2 Oct 2020 06:16:14 +0200 Subject: [PATCH 11/44] CHANGELOG.md v1.1.2 --- CHANGELOG.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1e965e..a7e5b9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,13 +2,28 @@ ## Unreleased +* Nothing + +## v1.1.2 + +### Updates + +* Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). +* Updated luarocks to version 3.4.0. + +### New features + * Made 04-server_contact_info.cfg.lua configurable with ENV variables. Fixes [#4](https://github.com/SaraSmiseth/prosody/issues/4). * Made 03-e2e-policy.cfg.lua configurable with ENV variables. Fixes [#9](https://github.com/SaraSmiseth/prosody/issues/9). * Added E2E_POLICY_WHITELIST ENV variable to configure e2e_policy_whitelist. Fixes [#10](https://github.com/SaraSmiseth/prosody/issues/10). + +### Bug fixes + * Cherry picked [commit](https://github.com/zipizap/prosody/commit/fa13a990a1b87745ae5f5fe8297cb0669f9e8779) from [zipizap/prosody](https://github.com/zipizap/prosody) which fixes a bug with env-vars not beeing initialized. -* Updated to Prosody version [0.11.7](https://blog.prosody.im/prosody-0.11.7-released/). + +### Other changes + * Changed hashing of downloaded packages in Dockerfile to sha256. -* Updated luarocks to version 3.4.0. ## v1.1.1 From 357f4d40406301243d8bb364af21cdb8eec07215 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sat, 10 Oct 2020 08:55:43 +0200 Subject: [PATCH 12/44] Fix arrays with multiple values (#14) * fix arrays * Set pidfile in prosody.cfg.lua --- CHANGELOG.md | 3 ++- Dockerfile | 4 ++++ conf.d/03-e2e-policy.cfg.lua | 4 +++- conf.d/04-server_contact_info.cfg.lua | 14 ++++++++------ docker-entrypoint.sh | 1 - prosody.cfg.lua | 6 +++++- 6 files changed, 22 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a7e5b9e..fbc6d2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,8 @@ ## Unreleased -* Nothing +* Fixed using list ENV variables with multiple values +* Set pidfile in prosody.cfg.lua ## v1.1.2 diff --git a/Dockerfile b/Dockerfile index 0084280..7ce4469 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,6 +49,7 @@ RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libss && luarocks install luaevent \ && luarocks install luadbi \ && luarocks install luadbi-sqlite3 \ + && luarocks install stringy \ \ && apt-get purge -y --auto-remove $buildDeps @@ -58,6 +59,9 @@ RUN groupadd -r prosody \ && useradd -r -g prosody prosody \ && chown prosody:prosody /usr/local/var/lib/prosody +RUN mkdir -p /var/run/prosody/ \ + && chown prosody:prosody /var/run/prosody/ + # https://github.com/prosody/prosody-docker/issues/25 ENV __FLUSH_LOG yes diff --git a/conf.d/03-e2e-policy.cfg.lua b/conf.d/03-e2e-policy.cfg.lua index e296475..88a7ca8 100644 --- a/conf.d/03-e2e-policy.cfg.lua +++ b/conf.d/03-e2e-policy.cfg.lua @@ -1,6 +1,8 @@ +local stringy = require "stringy" + e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") e2e_policy_muc = os.getenv("E2E_POLICY_MUC") -e2e_policy_whitelist = { os.getenv("E2E_POLICY_WHITELIST") } +e2e_policy_whitelist = stringy.split(os.getenv("E2E_POLICY_WHITELIST"), ", ") e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server." e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server." e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server." diff --git a/conf.d/04-server_contact_info.cfg.lua b/conf.d/04-server_contact_info.cfg.lua index 6268d9d..52437e7 100644 --- a/conf.d/04-server_contact_info.cfg.lua +++ b/conf.d/04-server_contact_info.cfg.lua @@ -1,8 +1,10 @@ +local stringy = require "stringy" + contact_info = { - abuse = { os.getenv("SERVER_CONTACT_INFO_ABUSE") }; - admin = { os.getenv("SERVER_CONTACT_INFO_ADMIN") }; - feedback = { os.getenv("SERVER_CONTACT_INFO_FEEDBACK") }; - sales = { os.getenv("SERVER_CONTACT_INFO_SALES") }; - security = { os.getenv("SERVER_CONTACT_INFO_SECURITY") }; - support = { os.getenv("SERVER_CONTACT_INFO_SUPPORT") }; + abuse = stringy.split(os.getenv("SERVER_CONTACT_INFO_ABUSE"), ", "); + admin = stringy.split(os.getenv("SERVER_CONTACT_INFO_ADMIN"), ", "); + feedback = stringy.split(os.getenv("SERVER_CONTACT_INFO_FEEDBACK"), ", "); + sales = stringy.split(os.getenv("SERVER_CONTACT_INFO_SALES"), ", "); + security = stringy.split(os.getenv("SERVER_CONTACT_INFO_SECURITY"), ", "); + support = stringy.split(os.getenv("SERVER_CONTACT_INFO_SUPPORT"), ", "); } diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index fe02b5c..a7090d3 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -35,5 +35,4 @@ if [ -z "$DOMAIN" ]; then exit 1 fi - exec "$@" diff --git a/prosody.cfg.lua b/prosody.cfg.lua index 9b887b8..f0b0f3c 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -1,7 +1,11 @@ -- see example config at https://hg.prosody.im/0.9/file/0.9.10/prosody.cfg.lua.dist -- easily extendable by putting into different config files within conf.d folder -admins = { os.getenv("PROSODY_ADMINS") }; +local stringy = require "stringy" + +admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", "); + +pidfile = "/var/run/prosody/prosody.pid" use_libevent = true; -- improves performance From d2915f77f36a5d420145f11d18d54b0802d8f42f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 13 Oct 2020 17:03:52 +0200 Subject: [PATCH 13/44] More badges (#16) version, Git repository size, Github open issues, Github open pull requests --- readme.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/readme.md b/readme.md index 61c6624..cc4d04d 100644 --- a/readme.md +++ b/readme.md @@ -1,9 +1,13 @@ # Prosody XMPP Docker image ![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=dev) -[![docker image](https://images.microbadger.com/badges/image/sarasmiseth/prosody:latest.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) -[![docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) -[![docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) +![Git repository size](https://img.shields.io/github/repo-size/SaraSmiseth/prosody) +[![Docker image](https://images.microbadger.com/badges/image/sarasmiseth/prosody:latest.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) +[![Docker version](https://images.microbadger.com/badges/version/sarasmiseth/prosody.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) +[![Docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) +[![Docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) +[![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues) +[![Github open pull requests](https://img.shields.io/github/issues-pr-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/pulls) This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:buster-slim`. The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org). From fc45a7bab1b240d9fb1e007431385559ffd5823e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 14 Oct 2020 11:49:30 +0200 Subject: [PATCH 14/44] Add opencontainers LABELs (#17) See https://github.com/opencontainers/image-spec/blob/master/annotations.md --- Dockerfile | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7ce4469..d5a812f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,28 @@ FROM debian:buster-slim +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +ARG LUAROCKS_VERSION=3.4.0 +ARG PROSODY_VERSION=0.11.7 + +ARG LUAROCKS_SHA256=62ce5826f0eeeb760d884ea8330cd1552b5d432138b8bade0fa72f35badd02d0 +ARG PROSODY_DOWNLOAD_SHA256=28ffc07653485cb63e22b387d3ea4825ee2baaee0c5827de4d6053a35b1c8747 + +LABEL luarocks.version="${LUAROCKS_VERSION}" +LABEL org.opencontainers.image.authors="Sara Smiseth" +LABEL org.opencontainers.image.created="${BUILD_DATE}" +LABEL org.opencontainers.image.description="This docker image provides you with a configured Prosody XMPP server." +LABEL org.opencontainers.image.documentation="https://github.com/SaraSmiseth/prosody/blob/dev/readme.md" +LABEL org.opencontainers.image.revision="${VCS_REF}" +LABEL org.opencontainers.image.source="https://github.com/SaraSmiseth/prosody/archive/dev.zip" +LABEL org.opencontainers.image.title="prosody" +LABEL org.opencontainers.image.url="https://github.com/SaraSmiseth/prosody" +LABEL org.opencontainers.image.vendor="Sara Smiseth" +LABEL org.opencontainers.image.version="${VERSION}" +LABEL prosody.version="${PROSODY_VERSION}" + RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \ libevent-dev `# this is no build dependency, but needed for luaevent` \ @@ -15,18 +38,12 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ENV PROSODY_VERSION 0.11.7 -ENV PROSODY_DOWNLOAD_URL https://prosody.im/downloads/source/prosody-${PROSODY_VERSION}.tar.gz -ENV PROSODY_DOWNLOAD_SHA256 28ffc07653485cb63e22b387d3ea4825ee2baaee0c5827de4d6053a35b1c8747 -ENV LUAROCKS_VERSION 3.4.0 -ENV LUAROCKS_SHA256 62ce5826f0eeeb760d884ea8330cd1552b5d432138b8bade0fa72f35badd02d0 - RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev make unzip' \ && set -x \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ \ - && wget -O prosody.tar.gz "${PROSODY_DOWNLOAD_URL}" \ + && wget -O prosody.tar.gz "https://prosody.im/downloads/source/prosody-${PROSODY_VERSION}.tar.gz" \ && echo "${PROSODY_DOWNLOAD_SHA256} *prosody.tar.gz" | sha256sum -c - \ && mkdir -p /usr/src/prosody \ && tar -xzf prosody.tar.gz -C /usr/src/prosody --strip-components=1 \ From b70fcbd98ede34e3de175d2e20b144fd747d5aca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 30 Oct 2020 17:47:05 +0100 Subject: [PATCH 15/44] Create tests (#15) Created a tests folder which contains pytest and bats tests. Pytest is used to login and send messages to other accounts. Bats is used to check the log for debug messages. This fixes #13. --- .github/workflows/test.yml | 26 ++++++++ .gitignore | 5 +- .gitmodules | 9 +++ tests/bats/bats-assert | 1 + tests/bats/bats-core | 1 + tests/bats/bats-support | 1 + tests/docker-compose.yml | 24 ++++++++ tests/readme.md | 25 ++++++++ tests/requirements.txt | 3 + tests/test.bash | 45 ++++++++++++++ tests/test_prosody.py | 119 +++++++++++++++++++++++++++++++++++++ tests/tests.bats | 95 +++++++++++++++++++++++++++++ 12 files changed, 353 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/test.yml create mode 100644 .gitmodules create mode 160000 tests/bats/bats-assert create mode 160000 tests/bats/bats-core create mode 160000 tests/bats/bats-support create mode 100644 tests/docker-compose.yml create mode 100644 tests/readme.md create mode 100644 tests/requirements.txt create mode 100755 tests/test.bash create mode 100644 tests/test_prosody.py create mode 100644 tests/tests.bats diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..483ac68 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,26 @@ +name: Test + +on: + pull_request: + branches: dev + push: + branches: dev + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Checkout submodules + uses: textbook/git-checkout-submodule-action@master + + - name: install python3-venv + run: sudo apt-get install python3-venv + + - name: build test image + run: docker build . -t prosody + + - name: run tests + run: cd ./tests/ && ./test.bash diff --git a/.gitignore b/.gitignore index 07f43b8..9f0f847 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ -data/* \ No newline at end of file +data/* +tests/certs/ +tests/venv/ +tests/__pycache__/ diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..4608d8c --- /dev/null +++ b/.gitmodules @@ -0,0 +1,9 @@ +[submodule "tests/bats/bats-support"] + path = tests/bats/bats-support + url = https://github.com/bats-core/bats-support.git +[submodule "tests/bats/bats-core"] + path = tests/bats/bats-core + url = https://github.com/bats-core/bats-core.git +[submodule "tests/bats/bats-assert"] + path = tests/bats/bats-assert + url = https://github.com/bats-core/bats-assert.git diff --git a/tests/bats/bats-assert b/tests/bats/bats-assert new file mode 160000 index 0000000..0a8dd57 --- /dev/null +++ b/tests/bats/bats-assert @@ -0,0 +1 @@ +Subproject commit 0a8dd57e2cc6d4cc064b1ed6b4e79b9f7fee096f diff --git a/tests/bats/bats-core b/tests/bats/bats-core new file mode 160000 index 0000000..8fb853a --- /dev/null +++ b/tests/bats/bats-core @@ -0,0 +1 @@ +Subproject commit 8fb853a6cbc0169958707381985f3cd59789ccb1 diff --git a/tests/bats/bats-support b/tests/bats/bats-support new file mode 160000 index 0000000..d140a65 --- /dev/null +++ b/tests/bats/bats-support @@ -0,0 +1 @@ +Subproject commit d140a65044b2d6810381935ae7f0c94c7023c8c3 diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml new file mode 100644 index 0000000..c04c41b --- /dev/null +++ b/tests/docker-compose.yml @@ -0,0 +1,24 @@ +version: '3.7' + +services: + prosody: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: localhost + E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@localhost, admin2@localhost" + extra_hosts: + - "conference.localhost:127.0.0.1" + - "pubsub.localhost:127.0.0.1" + - "proxy.localhost:127.0.0.1" + - "upload.localhost:127.0.0.1" + volumes: + - ./certs:/usr/local/etc/prosody/certs diff --git a/tests/readme.md b/tests/readme.md new file mode 100644 index 0000000..9a6644a --- /dev/null +++ b/tests/readme.md @@ -0,0 +1,25 @@ +# Tests + +## Dependencies + +* docker +* docker-compose +* python 3 + +## Run tests + +Execute [`test.bash`](test.bash). + +## Upgrade python packages + +The following will install the newest version of packages in requirements.txt. + +``` bash +cat requirements.txt | sed 's/==.*//g' | xargs pip install -U +``` + +If updates are available --> update and create new version with: + +``` bash +pip-chill > requirements.txt +``` diff --git a/tests/requirements.txt b/tests/requirements.txt new file mode 100644 index 0000000..bcd35ba --- /dev/null +++ b/tests/requirements.txt @@ -0,0 +1,3 @@ +aioxmpp==0.11.0 +pip-chill==1.0.0 +pytest-asyncio==0.14.0 diff --git a/tests/test.bash b/tests/test.bash new file mode 100755 index 0000000..75048cd --- /dev/null +++ b/tests/test.bash @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +# generate certs for testing + +generateCert() { + DOMAIN="$1" + if [[ ! -d certs/"$DOMAIN" ]] ; then + mkdir -p certs/"$DOMAIN" + cd certs/"$DOMAIN" + openssl req -x509 -newkey rsa:4096 -keyout privkey.pem -out fullchain.pem -days 365 -subj "/CN=$DOMAIN" -nodes + chmod 777 *.pem + cd ../../ + fi +} + +generateCert "localhost" +generateCert "conference.localhost" +generateCert "proxy.localhost" +generateCert "pubsub.localhost" +generateCert "upload.localhost" + +sudo docker-compose down \ +&& sudo docker-compose up -d \ +\ +&& sudo docker exec tests_prosody_1 /bin/bash -c "/entrypoint.sh register admin localhost 12345678" \ +&& sudo docker exec tests_prosody_1 /bin/bash -c "/entrypoint.sh register user1 localhost 12345678" \ +&& sudo docker exec tests_prosody_1 /bin/bash -c "/entrypoint.sh register user2 localhost 12345678" \ +&& sudo docker exec tests_prosody_1 /bin/bash -c "/entrypoint.sh register user3 localhost 12345678" \ +\ +&& python --version \ +&& python3 --version \ +&& python3 -m venv venv \ +&& source venv/bin/activate \ +&& python --version \ +&& pip --version \ +&& pip install -r requirements.txt \ +&& pytest \ +&& deactivate \ +&& sleep 5 \ +&& sudo docker-compose logs \ +&& ./bats/bats-core/bin/bats tests.bats + +sudo docker-compose down diff --git a/tests/test_prosody.py b/tests/test_prosody.py new file mode 100644 index 0000000..e6c39bc --- /dev/null +++ b/tests/test_prosody.py @@ -0,0 +1,119 @@ +import aiosasl +import aioxmpp +import aioxmpp.dispatcher +import asyncio +import pytest + +@pytest.fixture +def client(client_username, password): + + jid = aioxmpp.JID.fromstr(client_username) + + client = aioxmpp.PresenceManagedClient( + jid, + aioxmpp.make_security_layer( + password, + no_verify=True + ), + ) + return client + +@pytest.fixture +def client_with_message_dispatcher(client): + def message_received(msg): + print(msg) + print(msg.body) + assert msg.body == "Hello World!" + + # obtain an instance of the service + message_dispatcher = client.summon( + aioxmpp.dispatcher.SimpleMessageDispatcher + ) + + # register a message callback here + message_dispatcher.register_callback( + aioxmpp.MessageType.CHAT, + None, + message_received, + ) + return client + +@pytest.mark.asyncio +@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")]) +async def test_send_message_from_admin_to_user1(client): + recipient_jid = aioxmpp.JID.fromstr("user1@localhost") + async with client.connected() as stream: + msg = aioxmpp.Message( + to=recipient_jid, + type_=aioxmpp.MessageType.CHAT, + ) + # None is for "default language" + msg.body[None] = "Hello World!" + + await client.send(msg) + +@pytest.mark.asyncio +@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")]) +async def test_send_message_from_admin_to_user2(client): + recipient_jid = aioxmpp.JID.fromstr("user2@localhost") + async with client.connected() as stream: + msg = aioxmpp.Message( + to=recipient_jid, + type_=aioxmpp.MessageType.CHAT, + ) + msg.body[None] = "Hello World!" + + await client.send(msg) + +@pytest.mark.asyncio +@pytest.mark.parametrize("client_username, password", [("user1@localhost", "12345678")]) +async def test_send_message_from_user1_to_user2(client): + recipient_jid = aioxmpp.JID.fromstr("user2@localhost") + async with client.connected() as stream: + msg = aioxmpp.Message( + to=recipient_jid, + type_=aioxmpp.MessageType.CHAT, + ) + msg.body[None] = "Hello World!" + + await client.send(msg) + +@pytest.mark.asyncio +@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")]) +async def test_send_message_from_user2_to_user3(client): + recipient_jid = aioxmpp.JID.fromstr("user3@localhost") + async with client.connected() as stream: + msg = aioxmpp.Message( + to=recipient_jid, + type_=aioxmpp.MessageType.CHAT, + ) + msg.body[None] = "Hello World!" + + await client.send(msg) + +@pytest.mark.asyncio +@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")]) +async def test_send_message_from_user2_to_nonexisting(client): + recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost") + async with client.connected() as stream: + msg = aioxmpp.Message( + to=recipient_jid, + type_=aioxmpp.MessageType.CHAT, + ) + msg.body[None] = "Hello World!" + + await client.send(msg) + +@pytest.mark.asyncio +@pytest.mark.parametrize("client_username, password", [("user2@localhost", "wrong password")]) +async def test_can_not_log_in_with_wrong_password(client): + with pytest.raises(aiosasl.AuthenticationFailure): + recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost") + async with client.connected() as stream: + msg = aioxmpp.Message( + to=recipient_jid, + type_=aioxmpp.MessageType.CHAT, + ) + msg.body[None] = "Hello World!" + + await client.send(msg) diff --git a/tests/tests.bats b/tests/tests.bats new file mode 100644 index 0000000..f9f8df2 --- /dev/null +++ b/tests/tests.bats @@ -0,0 +1,95 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +# group alternation in regex because the xml properties switch around. sometimes 'type=...' comes after 'to=...' and sometimes before +@test "Should send 5 messages" { + run bash -c "sudo docker-compose logs | grep -E \"Received\[c2s\]: \" | wc -l" + assert_success + assert_output "5" +} + +@test "Should select certificate for localhost" { + run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/localhost/fullchain.pem with key /usr/local/etc/prosody/certs/localhost/privkey.pem for localhost\" | wc -l" + assert_success + assert_output "3" +} + +@test "Should select certificate for conference.localhost" { + run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/conference.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/conference.localhost/privkey.pem for conference.localhost\" | wc -l" + assert_success + assert_output "3" +} + +@test "Should select certificate for proxy.localhost" { + run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/proxy.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/proxy.localhost/privkey.pem for proxy.localhost\" | wc -l" + assert_success + assert_output "3" +} + +@test "Should select certificate for pubsub.localhost" { + run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/pubsub.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/pubsub.localhost/privkey.pem for pubsub.localhost\" | wc -l" + assert_success + assert_output "3" +} + +@test "Should select certificate for upload.localhost" { + run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/upload.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/upload.localhost/privkey.pem for upload.localhost\" | wc -l" + assert_success + assert_output "3" +} + +@test "Should log error for user with wrong password" { + run bash -c "sudo docker-compose logs | grep \"Session closed by remote with error: undefined-condition (user intervention: authentication failed: authentication aborted by user)\"" + assert_success + assert_output +} + +@test "Should activate s2s" { + run bash -c "sudo docker-compose logs | grep -E \"Activated service 's2s' on (\[::\]:5269|\[\*\]:5269), (\[::\]:5269|\[\*\]:5269)\"" + assert_success + assert_output +} + +@test "Should activate c2s" { + run bash -c "sudo docker-compose logs | grep -E \"Activated service 'c2s' on (\[::\]:5222|\[\*\]:5222), (\[::\]:5222|\[\*\]:5222)\"" + assert_success + assert_output +} + +@test "Should activate legacy_ssl" { + run bash -c "sudo docker-compose logs | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" + assert_success + assert_output +} + +@test "Should activate proxy65" { + run bash -c "sudo docker-compose logs | grep -E \"Activated service 'proxy65' on (\[::\]:5000|\[\*\]:5000), (\[::\]:5000|\[\*\]:5000)\"" + assert_success + assert_output +} + +@test "Should activate http" { + run bash -c "sudo docker-compose logs | grep -E \"Activated service 'http' on (\[::\]:5280|\[\*\]:5280), (\[::\]:5280|\[\*\]:5280)\"" + assert_success + assert_output +} + +@test "Should activate https" { + run bash -c "sudo docker-compose logs | grep -E \"Activated service 'https' on (\[::\]:5281|\[\*\]:5281), (\[::\]:5281|\[\*\]:5281)\"" + assert_success + assert_output +} + +@test "Should load module cloud_notify" { + run bash -c "sudo docker-compose logs | grep \"localhost:cloud_notify.*info.*Module loaded\"" + assert_success + assert_output +} + +@test "Should show upload URL" { + run bash -c "sudo docker-compose logs | grep \"URL: - Ensure this can be reached by users\"" + assert_success + assert_output +} From 39bd69d39c310d910177defee1505c00bfdcd91a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 30 Oct 2020 17:53:00 +0100 Subject: [PATCH 16/44] Prepare for version v1.1.3 --- CHANGELOG.md | 12 ++++++++++-- tests/readme.md | 3 +++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fbc6d2b..1878acc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,16 @@ ## Unreleased -* Fixed using list ENV variables with multiple values -* Set pidfile in prosody.cfg.lua +## v1.1.3 + +### New features + +* Set pidfile in prosody.cfg.lua. +* Created a tests folder which contains pytest and bats tests. + +### Bug fixes + +* Fixed using list ENV variables with multiple values. ## v1.1.2 diff --git a/tests/readme.md b/tests/readme.md index 9a6644a..af1c31b 100644 --- a/tests/readme.md +++ b/tests/readme.md @@ -1,5 +1,8 @@ # Tests +Pytest is used to login and send messages to other accounts. +Bats is used to check the log for debug messages. + ## Dependencies * docker From dbc63cc00fb0c96712be935ac5e4bb2fd6d3f1c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 11 Dec 2020 08:15:36 +0100 Subject: [PATCH 17/44] Updated luarocks to version 3.5.0. (#18) --- CHANGELOG.md | 2 ++ Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1878acc..20d8220 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## Unreleased +* Updated luarocks to version 3.5.0. + ## v1.1.3 ### New features diff --git a/Dockerfile b/Dockerfile index d5a812f..3f81b1a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,10 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.4.0 +ARG LUAROCKS_VERSION=3.5.0 ARG PROSODY_VERSION=0.11.7 -ARG LUAROCKS_SHA256=62ce5826f0eeeb760d884ea8330cd1552b5d432138b8bade0fa72f35badd02d0 +ARG LUAROCKS_SHA256=701d0cc0c7e97cc2cf2c2f4068fce45e52a8854f5dc6c9e49e2014202eec9a4f ARG PROSODY_DOWNLOAD_SHA256=28ffc07653485cb63e22b387d3ea4825ee2baaee0c5827de4d6053a35b1c8747 LABEL luarocks.version="${LUAROCKS_VERSION}" From 66723e19a1df48e1ee6517edf0c80ea109951115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 16 Feb 2021 16:46:07 +0100 Subject: [PATCH 18/44] Updated prosody to version 0.11.8 (#19) --- CHANGELOG.md | 5 +++++ Dockerfile | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 20d8220..7e8fd28 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ## Unreleased +* Nothing + +## v1.1.4 + +* Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/). * Updated luarocks to version 3.5.0. ## v1.1.3 diff --git a/Dockerfile b/Dockerfile index 3f81b1a..67145a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.5.0 -ARG PROSODY_VERSION=0.11.7 +ARG PROSODY_VERSION=0.11.8 ARG LUAROCKS_SHA256=701d0cc0c7e97cc2cf2c2f4068fce45e52a8854f5dc6c9e49e2014202eec9a4f -ARG PROSODY_DOWNLOAD_SHA256=28ffc07653485cb63e22b387d3ea4825ee2baaee0c5827de4d6053a35b1c8747 +ARG PROSODY_DOWNLOAD_SHA256=830f183b98d5742d81e908d2d8e3258f1b538dad7411f06fda5b2cc5c75068f8 LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" From aec0a302792a950867dee9841cfa345269419e9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 31 Mar 2021 18:03:14 +0200 Subject: [PATCH 19/44] Updated luarocks to version 3.6.0 (#21) * Update luarocks 3.6.0 --- CHANGELOG.md | 2 +- Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e8fd28..9400091 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Unreleased -* Nothing +* Updated luarocks to version 3.6.0. ## v1.1.4 diff --git a/Dockerfile b/Dockerfile index 67145a4..8964001 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,10 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.5.0 +ARG LUAROCKS_VERSION=3.6.0 ARG PROSODY_VERSION=0.11.8 -ARG LUAROCKS_SHA256=701d0cc0c7e97cc2cf2c2f4068fce45e52a8854f5dc6c9e49e2014202eec9a4f +ARG LUAROCKS_SHA256=b0eaf59e7711ca2a886722c0423dabe22ccbdcdf3a042c3f2615596879f8252f ARG PROSODY_DOWNLOAD_SHA256=830f183b98d5742d81e908d2d8e3258f1b538dad7411f06fda5b2cc5c75068f8 LABEL luarocks.version="${LUAROCKS_VERSION}" From 5bcf0fd3d0194c6bf5ea079393bc4886a33ea31a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sat, 17 Apr 2021 13:32:49 +0200 Subject: [PATCH 20/44] Update luarocks to version 3.7.0 (#22) --- CHANGELOG.md | 2 +- Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9400091..77049b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Unreleased -* Updated luarocks to version 3.6.0. +* Updated luarocks to version 3.7.0. ## v1.1.4 diff --git a/Dockerfile b/Dockerfile index 8964001..6c7c2ce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,10 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.6.0 +ARG LUAROCKS_VERSION=3.7.0 ARG PROSODY_VERSION=0.11.8 -ARG LUAROCKS_SHA256=b0eaf59e7711ca2a886722c0423dabe22ccbdcdf3a042c3f2615596879f8252f +ARG LUAROCKS_SHA256=9255d97fee95cec5b54fc6ac718b11bf5029e45bed7873e053314919cd448551 ARG PROSODY_DOWNLOAD_SHA256=830f183b98d5742d81e908d2d8e3258f1b538dad7411f06fda5b2cc5c75068f8 LABEL luarocks.version="${LUAROCKS_VERSION}" From 80216c5fdc9fbb73c60ff24429aab73dfeaf6556 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Fri, 7 May 2021 14:06:29 +0200 Subject: [PATCH 21/44] Add support for postgres, mariadb/mysql databases (#23) * Add environment variables for Database configuration. * Install postgres and mysql dependencies. * Test refactoring * Run tests for prosody with postgres and also for prosody with sqlite. * Add tests that check if postgres or sqlite is used. --- CHANGELOG.md | 12 ++++ Dockerfile | 10 ++- conf.d/02-storage.cfg.lua | 9 ++- data/.gitkeep | 0 ...er-entrypoint.sh => docker-entrypoint.bash | 2 + readme.md | 6 ++ tests/bats/bats-assert | 2 +- tests/bats/bats-core | 2 +- tests/docker-compose.yml | 39 +++++++++-- tests/requirements.txt | 6 +- tests/test.bash | 64 +++++++++++++------ tests/tests-prosody.bats | 10 +++ tests/tests-prosody_postgres.bats | 10 +++ tests/tests.bats | 30 ++++----- 14 files changed, 153 insertions(+), 49 deletions(-) delete mode 100644 data/.gitkeep rename docker-entrypoint.sh => docker-entrypoint.bash (94%) create mode 100644 tests/tests-prosody.bats create mode 100644 tests/tests-prosody_postgres.bats diff --git a/CHANGELOG.md b/CHANGELOG.md index 77049b1..09f0fb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,22 @@ ## Unreleased +* Nothing + +## v1.2.0 + +### New features + +* New environment variables for database settings. It is now possible to use MariaDB or Postgres instead of SQLite. SQLite is the default. See [README](https://github.com/SaraSmiseth/prosody#environment-variables). + +### Updates + * Updated luarocks to version 3.7.0. ## v1.1.4 +### Updates + * Updated to Prosody version [0.11.8](https://blog.prosody.im/prosody-0.11.8-released/). * Updated luarocks to version 3.5.0. diff --git a/Dockerfile b/Dockerfile index 6c7c2ce..54d01e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,13 +27,15 @@ RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \ libevent-dev `# this is no build dependency, but needed for luaevent` \ libidn11 \ + libpq-dev \ + libsqlite3-0 \ lua5.2 \ lua-bitop \ + lua-dbi-mysql \ lua-expat \ lua-filesystem \ lua-socket \ lua-sec \ - sqlite3 \ wget \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -65,6 +67,8 @@ RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libss \ && luarocks install luaevent \ && luarocks install luadbi \ + `#&& luarocks install luadbi-mysql MYSQL_INCDIR=/usr/include/mariadb/` \ + && luarocks install luadbi-postgresql POSTGRES_INCDIR=/usr/include/postgresql/ \ && luarocks install luadbi-sqlite3 \ && luarocks install stringy \ \ @@ -85,7 +89,7 @@ ENV __FLUSH_LOG yes VOLUME ["/usr/local/var/lib/prosody"] COPY prosody.cfg.lua /usr/local/etc/prosody/prosody.cfg.lua -COPY docker-entrypoint.sh /entrypoint.sh +COPY docker-entrypoint.bash /entrypoint.bash COPY conf.d/*.cfg.lua /usr/local/etc/prosody/conf.d/ COPY *.bash /usr/local/bin/ @@ -106,6 +110,6 @@ RUN download-prosody-modules.bash \ USER prosody -ENTRYPOINT ["/entrypoint.sh"] +ENTRYPOINT ["/entrypoint.bash"] CMD ["prosody", "-F"] diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index b8cb6d7..549573a 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,7 +1,12 @@ default_storage = "sql" + sql = { - driver = "SQLite3"; - database = "prosody.sqlite"; + driver = os.getenv("DB_DRIVER"); + database = os.getenv("DB_DATABASE"); + host = os.getenv("DB_HOST"); + port = os.getenv("DB_PORT"); + username = os.getenv("DB_USERNAME"); + password = os.getenv("DB_PASSWORD"); } -- make 0.10-distributed mod_mam use sql store diff --git a/data/.gitkeep b/data/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/docker-entrypoint.sh b/docker-entrypoint.bash similarity index 94% rename from docker-entrypoint.sh rename to docker-entrypoint.bash index a7090d3..dd317e0 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.bash @@ -6,6 +6,8 @@ export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"} export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"} export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"} export DOMAIN_PUBSUB=${DOMAIN_PUBSUB:-"pubsub.$DOMAIN"} +export DB_DRIVER=${DB_DRIVER:-"SQLite3"} +export DB_DATABASE=${DB_DATABASE:-"prosody.sqlite"} export E2E_POLICY_CHAT=${E2E_POLICY_CHAT:-"required"} export E2E_POLICY_MUC=${E2E_POLICY_MUC:-"required"} export E2E_POLICY_WHITELIST=${E2E_POLICY_WHITELIST:-""} diff --git a/readme.md b/readme.md index cc4d04d..55c93ad 100644 --- a/readme.md +++ b/readme.md @@ -194,6 +194,12 @@ Inspect logs: ```docker-compose logs -f```. | **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | | **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | | **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | +| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | +| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | +| **DB_HOST** | The address of the database server | *optional* | | +| **DB_PORT** | Port on which the database is listening | *optional* | | +| **DB_USERNAME** | The username to authenticate to the database | *optional* | | +| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | | **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | diff --git a/tests/bats/bats-assert b/tests/bats/bats-assert index 0a8dd57..e0de84e 160000 --- a/tests/bats/bats-assert +++ b/tests/bats/bats-assert @@ -1 +1 @@ -Subproject commit 0a8dd57e2cc6d4cc064b1ed6b4e79b9f7fee096f +Subproject commit e0de84e9c011223e7f88b7ccf1c929f4327097ba diff --git a/tests/bats/bats-core b/tests/bats/bats-core index 8fb853a..49b377a 160000 --- a/tests/bats/bats-core +++ b/tests/bats/bats-core @@ -1 +1 @@ -Subproject commit 8fb853a6cbc0169958707381985f3cd59789ccb1 +Subproject commit 49b377a751e6f9379abfdfb3dfa3aafabd8495a1 diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index c04c41b..8c59053 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -15,10 +15,39 @@ services: E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" LOG_LEVEL: debug PROSODY_ADMINS: "admin@localhost, admin2@localhost" - extra_hosts: - - "conference.localhost:127.0.0.1" - - "pubsub.localhost:127.0.0.1" - - "proxy.localhost:127.0.0.1" - - "upload.localhost:127.0.0.1" volumes: - ./certs:/usr/local/etc/prosody/certs + + prosody_postgres: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: localhost + E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@localhost, admin2@localhost" + #DB_DRIVER: "MySQL" + DB_DRIVER: "PostgreSQL" + DB_DATABASE: "prosody" + DB_HOST: "postgres" + DB_PORT: "5432" + DB_USERNAME: "prosody" + DB_PASSWORD: "prosody" + volumes: + - ./certs:/usr/local/etc/prosody/certs + depends_on: + - postgres + + postgres: + image: postgres:13-alpine + restart: unless-stopped + environment: + POSTGRES_DB: prosody + POSTGRES_USER: prosody + POSTGRES_PASSWORD: prosody diff --git a/tests/requirements.txt b/tests/requirements.txt index bcd35ba..7bb2363 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,3 +1,3 @@ -aioxmpp==0.11.0 -pip-chill==1.0.0 -pytest-asyncio==0.14.0 +aioxmpp==0.12.2 +pip-chill==1.0.1 +pytest-asyncio==0.15.1 diff --git a/tests/test.bash b/tests/test.bash index 75048cd..7b1e436 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -15,31 +15,57 @@ generateCert() { fi } +registerTestUser() { + local userName="$1" + local containerName="$2" + sudo docker exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678" +} + +registerTestUsers() { + local containerName="$1" + registerTestUser admin "$containerName" + registerTestUser user1 "$containerName" + registerTestUser user2 "$containerName" + registerTestUser user3 "$containerName" +} + +runTests() { + local containerName="$1" + python --version \ + && python3 --version \ + && python3 -m venv venv \ + && source venv/bin/activate \ + && python --version \ + && pip --version \ + && pip install -r requirements.txt \ + && pytest \ + && deactivate \ + && sleep 5 \ + && sudo docker-compose logs "$containerName" \ + && export batsContainerName="$containerName" \ + && ./bats/bats-core/bin/bats tests.bats \ + && ./bats/bats-core/bin/bats tests-"$containerName".bats +} + generateCert "localhost" generateCert "conference.localhost" generateCert "proxy.localhost" generateCert "pubsub.localhost" generateCert "upload.localhost" +# Run tests for first container with postgres +# Start postgres first and wait for 10 seconds before starting prosody. sudo docker-compose down \ -&& sudo docker-compose up -d \ -\ -&& sudo docker exec tests_prosody_1 /bin/bash -c "/entrypoint.sh register admin localhost 12345678" \ -&& sudo docker exec tests_prosody_1 /bin/bash -c "/entrypoint.sh register user1 localhost 12345678" \ -&& sudo docker exec tests_prosody_1 /bin/bash -c "/entrypoint.sh register user2 localhost 12345678" \ -&& sudo docker exec tests_prosody_1 /bin/bash -c "/entrypoint.sh register user3 localhost 12345678" \ -\ -&& python --version \ -&& python3 --version \ -&& python3 -m venv venv \ -&& source venv/bin/activate \ -&& python --version \ -&& pip --version \ -&& pip install -r requirements.txt \ -&& pytest \ -&& deactivate \ -&& sleep 5 \ -&& sudo docker-compose logs \ -&& ./bats/bats-core/bin/bats tests.bats +&& sudo docker-compose up -d postgres \ +&& sleep 10 \ +&& sudo docker-compose up -d prosody_postgres +registerTestUsers tests_prosody_postgres_1 +runTests prosody_postgres +sudo docker-compose down + +# Run tests for second container with SQLite +sudo docker-compose up -d prosody +registerTestUsers tests_prosody_1 +runTests prosody sudo docker-compose down diff --git a/tests/tests-prosody.bats b/tests/tests-prosody.bats new file mode 100644 index 0000000..74ddc22 --- /dev/null +++ b/tests/tests-prosody.bats @@ -0,0 +1,10 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +@test "Should use sqlite" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + assert_success + assert_output +} diff --git a/tests/tests-prosody_postgres.bats b/tests/tests-prosody_postgres.bats new file mode 100644 index 0000000..2a1d1d0 --- /dev/null +++ b/tests/tests-prosody_postgres.bats @@ -0,0 +1,10 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +@test "Should use postgres" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" + assert_success + assert_output +} diff --git a/tests/tests.bats b/tests/tests.bats index f9f8df2..31dac1e 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -5,91 +5,91 @@ load 'bats/bats-assert/load' # group alternation in regex because the xml properties switch around. sometimes 'type=...' comes after 'to=...' and sometimes before @test "Should send 5 messages" { - run bash -c "sudo docker-compose logs | grep -E \"Received\[c2s\]: \" | wc -l" + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Received\[c2s\]: \" | wc -l" assert_success assert_output "5" } @test "Should select certificate for localhost" { - run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/localhost/fullchain.pem with key /usr/local/etc/prosody/certs/localhost/privkey.pem for localhost\" | wc -l" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Selecting certificate /usr/local/etc/prosody/certs/localhost/fullchain.pem with key /usr/local/etc/prosody/certs/localhost/privkey.pem for localhost\" | wc -l" assert_success assert_output "3" } @test "Should select certificate for conference.localhost" { - run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/conference.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/conference.localhost/privkey.pem for conference.localhost\" | wc -l" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Selecting certificate /usr/local/etc/prosody/certs/conference.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/conference.localhost/privkey.pem for conference.localhost\" | wc -l" assert_success assert_output "3" } @test "Should select certificate for proxy.localhost" { - run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/proxy.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/proxy.localhost/privkey.pem for proxy.localhost\" | wc -l" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Selecting certificate /usr/local/etc/prosody/certs/proxy.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/proxy.localhost/privkey.pem for proxy.localhost\" | wc -l" assert_success assert_output "3" } @test "Should select certificate for pubsub.localhost" { - run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/pubsub.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/pubsub.localhost/privkey.pem for pubsub.localhost\" | wc -l" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Selecting certificate /usr/local/etc/prosody/certs/pubsub.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/pubsub.localhost/privkey.pem for pubsub.localhost\" | wc -l" assert_success assert_output "3" } @test "Should select certificate for upload.localhost" { - run bash -c "sudo docker-compose logs | grep \"Selecting certificate /usr/local/etc/prosody/certs/upload.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/upload.localhost/privkey.pem for upload.localhost\" | wc -l" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Selecting certificate /usr/local/etc/prosody/certs/upload.localhost/fullchain.pem with key /usr/local/etc/prosody/certs/upload.localhost/privkey.pem for upload.localhost\" | wc -l" assert_success assert_output "3" } @test "Should log error for user with wrong password" { - run bash -c "sudo docker-compose logs | grep \"Session closed by remote with error: undefined-condition (user intervention: authentication failed: authentication aborted by user)\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Session closed by remote with error: undefined-condition (user intervention: authentication failed: authentication aborted by user)\"" assert_success assert_output } @test "Should activate s2s" { - run bash -c "sudo docker-compose logs | grep -E \"Activated service 's2s' on (\[::\]:5269|\[\*\]:5269), (\[::\]:5269|\[\*\]:5269)\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 's2s' on (\[::\]:5269|\[\*\]:5269), (\[::\]:5269|\[\*\]:5269)\"" assert_success assert_output } @test "Should activate c2s" { - run bash -c "sudo docker-compose logs | grep -E \"Activated service 'c2s' on (\[::\]:5222|\[\*\]:5222), (\[::\]:5222|\[\*\]:5222)\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s' on (\[::\]:5222|\[\*\]:5222), (\[::\]:5222|\[\*\]:5222)\"" assert_success assert_output } @test "Should activate legacy_ssl" { - run bash -c "sudo docker-compose logs | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" assert_success assert_output } @test "Should activate proxy65" { - run bash -c "sudo docker-compose logs | grep -E \"Activated service 'proxy65' on (\[::\]:5000|\[\*\]:5000), (\[::\]:5000|\[\*\]:5000)\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'proxy65' on (\[::\]:5000|\[\*\]:5000), (\[::\]:5000|\[\*\]:5000)\"" assert_success assert_output } @test "Should activate http" { - run bash -c "sudo docker-compose logs | grep -E \"Activated service 'http' on (\[::\]:5280|\[\*\]:5280), (\[::\]:5280|\[\*\]:5280)\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'http' on (\[::\]:5280|\[\*\]:5280), (\[::\]:5280|\[\*\]:5280)\"" assert_success assert_output } @test "Should activate https" { - run bash -c "sudo docker-compose logs | grep -E \"Activated service 'https' on (\[::\]:5281|\[\*\]:5281), (\[::\]:5281|\[\*\]:5281)\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'https' on (\[::\]:5281|\[\*\]:5281), (\[::\]:5281|\[\*\]:5281)\"" assert_success assert_output } @test "Should load module cloud_notify" { - run bash -c "sudo docker-compose logs | grep \"localhost:cloud_notify.*info.*Module loaded\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"localhost:cloud_notify.*info.*Module loaded\"" assert_success assert_output } @test "Should show upload URL" { - run bash -c "sudo docker-compose logs | grep \"URL: - Ensure this can be reached by users\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" assert_success assert_output } From 1966b38aac6cdca17a613b0f0584b56537298b75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 13 May 2021 14:25:09 +0200 Subject: [PATCH 22/44] Information about permissions (#25) This fixes #3 --- readme.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 55c93ad..f33af0e 100644 --- a/readme.md +++ b/readme.md @@ -38,6 +38,7 @@ While Conversations got everything set-up out-of-the-box, Gajim was used with th - [Symlinks](#symlinks) - [Permissions](#permissions) - [Run](#run) + - [Volumes permissions](#volumes-permissions) - [Docker tags](#docker-tags) - [Configuration](#configuration) - [Environment variables](#environment-variables) @@ -142,6 +143,7 @@ For example ```cp -L src dest```. ##### Permissions See official [documentation](https://prosody.im/doc/certificates#permissions) for more information. +Check [Volumes permissions](#volumes-permissions) as well. ### Run @@ -152,7 +154,7 @@ version: '3.7' services: server: - image: sarasmiseth/prosody:v1.0.0 + image: sarasmiseth/prosody:latest restart: unless-stopped ports: - "5000:5000" @@ -171,6 +173,15 @@ Boot it via: ```docker-compose up -d```. Inspect logs: ```docker-compose logs -f```. +### Volumes permissions + +The prosody user inside the container has the `uid=999` and `gid=999`. If you use the example `docker-compose.yml` from above make sure, that the `./data` folder and the `./certs` folder have the correct permissions. + +``` shell +sudo chown 999:999 ./certs +sudo chown 999:999 ./data +``` + ### Docker tags From 4bbcdb80e9dc3d290f9c1883b554b2f8c98a0a21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 13 May 2021 15:33:16 +0200 Subject: [PATCH 23/44] Updated prosody to version 0.11.9 (#26) Prepare version v1.2.1 --- CHANGELOG.md | 4 ++++ Dockerfile | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09f0fb6..5a8a49f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ * Nothing +## v1.2.1 + +* Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/). + ## v1.2.0 ### New features diff --git a/Dockerfile b/Dockerfile index 54d01e7..9215911 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.7.0 -ARG PROSODY_VERSION=0.11.8 +ARG PROSODY_VERSION=0.11.9 ARG LUAROCKS_SHA256=9255d97fee95cec5b54fc6ac718b11bf5029e45bed7873e053314919cd448551 -ARG PROSODY_DOWNLOAD_SHA256=830f183b98d5742d81e908d2d8e3258f1b538dad7411f06fda5b2cc5c75068f8 +ARG PROSODY_DOWNLOAD_SHA256=ccc032aea49d858635fb93644db276de6812be83073a8d80e9b4508095deff09 LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" From ca4e265ffe70e9a3009f9aba7dd9add9ad360c90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 5 Aug 2021 10:15:53 +0200 Subject: [PATCH 24/44] Update debian from buster-slim to bullseye-slim (#27) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9215911..7b9c65d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:bullseye-slim ARG BUILD_DATE ARG VCS_REF From eab04aeaf05e636a3a232109e9e2bd16ceb4db13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 2 Sep 2021 20:48:59 +0200 Subject: [PATCH 25/44] Update prosody to version 0.11.10 (#28) --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7b9c65d..3dbaca3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.7.0 -ARG PROSODY_VERSION=0.11.9 +ARG PROSODY_VERSION=0.11.10 ARG LUAROCKS_SHA256=9255d97fee95cec5b54fc6ac718b11bf5029e45bed7873e053314919cd448551 -ARG PROSODY_DOWNLOAD_SHA256=ccc032aea49d858635fb93644db276de6812be83073a8d80e9b4508095deff09 +ARG PROSODY_DOWNLOAD_SHA256=c6d714e6d4a6ddd1db1266b205d9d8a3ed91818f42755c9268ffb18359d204e1 LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" From 75e4b05ce5e0e1fb1069ffd6f2a9b346f2b6a659 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 23 Dec 2021 16:01:53 +0100 Subject: [PATCH 26/44] Updates to luarocks and prosody (#32) * Updated to Prosody version 0.11.11. * Updated luarocks to version 3.8.0. * .github workflow: Use actions/checkout@v2 with submodules: recursive --- .github/workflows/test.yml | 8 ++++---- CHANGELOG.md | 13 +++++++++++++ Dockerfile | 8 ++++---- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 483ac68..dc310ab 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,10 +11,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - - name: Checkout submodules - uses: textbook/git-checkout-submodule-action@master + - name: Checkout repository and submodules + uses: actions/checkout@v2 + with: + submodules: recursive - name: install python3-venv run: sudo apt-get install python3-venv diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a8a49f..3b2be9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,19 @@ * Nothing +## v1.2.4 + +* Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/). +* Updated luarocks to version 3.8.0. + +## v1.2.3 + +* Updated to Prosody version [0.11.10](https://blog.prosody.im/prosody-0.11.10-released/). + +## v1.2.2 + +- Update debian from buster-slim to bullseye-slim (#27) + ## v1.2.1 * Updated to Prosody version [0.11.9](https://blog.prosody.im/prosody-0.11.9-released/). diff --git a/Dockerfile b/Dockerfile index 3dbaca3..9dc8d0c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,11 +4,11 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.7.0 -ARG PROSODY_VERSION=0.11.10 +ARG LUAROCKS_VERSION=3.8.0 +ARG PROSODY_VERSION=0.11.11 -ARG LUAROCKS_SHA256=9255d97fee95cec5b54fc6ac718b11bf5029e45bed7873e053314919cd448551 -ARG PROSODY_DOWNLOAD_SHA256=c6d714e6d4a6ddd1db1266b205d9d8a3ed91818f42755c9268ffb18359d204e1 +ARG LUAROCKS_SHA256=56ab9b90f5acbc42eb7a94cf482e6c058a63e8a1effdf572b8b2a6323a06d923 +ARG PROSODY_DOWNLOAD_SHA256=a1af90e2d4ac2f7cf81b385475140ecee60bec1eb83003efb5aeb89765b13774 LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" From 52e8f5388e69de4554514a05e3455c8447887654 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Mon, 24 Jan 2022 18:08:55 +0100 Subject: [PATCH 27/44] Update prosody to version 0.11.12 (#33) --- CHANGELOG.md | 4 ++++ Dockerfile | 4 ++-- readme.md | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b2be9f..9d73a4c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ * Nothing +## v1.2.5 + +* Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/). + ## v1.2.4 * Updated to Prosody version [0.11.11](https://blog.prosody.im/prosody-0.11.11-released/). diff --git a/Dockerfile b/Dockerfile index 9dc8d0c..bcae0d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.8.0 -ARG PROSODY_VERSION=0.11.11 +ARG PROSODY_VERSION=0.11.12 ARG LUAROCKS_SHA256=56ab9b90f5acbc42eb7a94cf482e6c058a63e8a1effdf572b8b2a6323a06d923 -ARG PROSODY_DOWNLOAD_SHA256=a1af90e2d4ac2f7cf81b385475140ecee60bec1eb83003efb5aeb89765b13774 +ARG PROSODY_DOWNLOAD_SHA256=56cd52d820f5b3ed37e02d8a2577aa064bbc04db8e87fd18a6020eba0c10560d LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" diff --git a/readme.md b/readme.md index f33af0e..c127e4a 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ [![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues) [![Github open pull requests](https://img.shields.io/github/issues-pr-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/pulls) -This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:buster-slim`. +This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:bullseye-slim`. The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org). Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported. I use it on my raspberry pi 4. From 13d9c1b9d114b4d0f44601e3cde59cf755ca2c92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 27 Jan 2022 21:23:32 +0100 Subject: [PATCH 28/44] Update prosody to version 0.11.13 (#34) --- CHANGELOG.md | 4 ++++ Dockerfile | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d73a4c..bcad0b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ * Nothing +## v1.2.6 + +* Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/). + ## v1.2.5 * Updated to Prosody version [0.11.12](https://blog.prosody.im/prosody-0.11.12-released/). diff --git a/Dockerfile b/Dockerfile index bcae0d3..3ec04ef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.8.0 -ARG PROSODY_VERSION=0.11.12 +ARG PROSODY_VERSION=0.11.13 ARG LUAROCKS_SHA256=56ab9b90f5acbc42eb7a94cf482e6c058a63e8a1effdf572b8b2a6323a06d923 -ARG PROSODY_DOWNLOAD_SHA256=56cd52d820f5b3ed37e02d8a2577aa064bbc04db8e87fd18a6020eba0c10560d +ARG PROSODY_DOWNLOAD_SHA256=39c61b346a09b5125b604cb969e14206cbbcb86c81156ffc6ba2d62527cf0432 LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" From 7a4ebd68d8e9712fce9ebbad12a5b5cdad587b96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 5 May 2022 18:25:19 +0200 Subject: [PATCH 29/44] Update prosody to version 0.12.0 (#35) * Update luarocks to 3.9.0 * Update tests for prosody version 0.12.0 --- CHANGELOG.md | 5 +++++ Dockerfile | 12 +++++++----- tests/docker-compose.yml | 2 +- tests/requirements.txt | 4 ++-- tests/test.bash | 6 +++--- tests/tests.bats | 29 +++++++++++------------------ 6 files changed, 29 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bcad0b7..f89fef8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ * Nothing +## v1.2.7 + +* Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/). +* Updated luarocks to version 3.9.0. + ## v1.2.6 * Updated to Prosody version [0.11.13](https://blog.prosody.im/prosody-0.11.13-released/). diff --git a/Dockerfile b/Dockerfile index 3ec04ef..a2e6184 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,11 +4,11 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.8.0 -ARG PROSODY_VERSION=0.11.13 +ARG LUAROCKS_VERSION=3.9.0 +ARG PROSODY_VERSION=0.12.0 -ARG LUAROCKS_SHA256=56ab9b90f5acbc42eb7a94cf482e6c058a63e8a1effdf572b8b2a6323a06d923 -ARG PROSODY_DOWNLOAD_SHA256=39c61b346a09b5125b604cb969e14206cbbcb86c81156ffc6ba2d62527cf0432 +ARG LUAROCKS_SHA256=5e840f0224891de96be4139e9475d3b1de7af3a32b95c1bdf05394563c60175f +ARG PROSODY_DOWNLOAD_SHA256=752ff32015dac565fc3417c2196af268971c358ee066e51f5d912413580d889a LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" @@ -26,6 +26,7 @@ LABEL prosody.version="${PROSODY_VERSION}" RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \ libevent-dev `# this is no build dependency, but needed for luaevent` \ + libicu67 \ libidn11 \ libpq-dev \ libsqlite3-0 \ @@ -36,11 +37,12 @@ RUN apt-get update \ lua-filesystem \ lua-socket \ lua-sec \ + lua-unbound \ wget \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev make unzip' \ +RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev libicu-dev make unzip' \ && set -x \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index 8c59053..f854381 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.7' +version: '3.9' services: prosody: diff --git a/tests/requirements.txt b/tests/requirements.txt index 7bb2363..c97b92d 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,3 +1,3 @@ -aioxmpp==0.12.2 +aioxmpp==0.13.2 pip-chill==1.0.1 -pytest-asyncio==0.15.1 +pytest-asyncio==0.18.3 diff --git a/tests/test.bash b/tests/test.bash index 7b1e436..9646ab5 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -18,7 +18,7 @@ generateCert() { registerTestUser() { local userName="$1" local containerName="$2" - sudo docker exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678" + sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678" } registerTestUsers() { @@ -60,12 +60,12 @@ sudo docker-compose down \ && sleep 10 \ && sudo docker-compose up -d prosody_postgres -registerTestUsers tests_prosody_postgres_1 +registerTestUsers prosody_postgres runTests prosody_postgres sudo docker-compose down # Run tests for second container with SQLite sudo docker-compose up -d prosody -registerTestUsers tests_prosody_1 +registerTestUsers prosody runTests prosody sudo docker-compose down diff --git a/tests/tests.bats b/tests/tests.bats index 31dac1e..bbac09d 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -3,41 +3,40 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' -# group alternation in regex because the xml properties switch around. sometimes 'type=...' comes after 'to=...' and sometimes before @test "Should send 5 messages" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Received\[c2s\]: \" | wc -l" + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Received\[c2s\]: Date: Wed, 18 May 2022 16:50:37 +0200 Subject: [PATCH 30/44] Update bats-assert + bats-core + bats-support (#36) --- tests/bats/bats-assert | 2 +- tests/bats/bats-core | 2 +- tests/bats/bats-support | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/bats/bats-assert b/tests/bats/bats-assert index e0de84e..397c735 160000 --- a/tests/bats/bats-assert +++ b/tests/bats/bats-assert @@ -1 +1 @@ -Subproject commit e0de84e9c011223e7f88b7ccf1c929f4327097ba +Subproject commit 397c735212bf1a06cfdd0cb7806c5a6ea79582bf diff --git a/tests/bats/bats-core b/tests/bats/bats-core index 49b377a..410dd22 160000 --- a/tests/bats/bats-core +++ b/tests/bats/bats-core @@ -1 +1 @@ -Subproject commit 49b377a751e6f9379abfdfb3dfa3aafabd8495a1 +Subproject commit 410dd229a5ed005c68167cc90ed0712ad2a1c909 diff --git a/tests/bats/bats-support b/tests/bats/bats-support index d140a65..3c8fadc 160000 --- a/tests/bats/bats-support +++ b/tests/bats/bats-support @@ -1 +1 @@ -Subproject commit d140a65044b2d6810381935ae7f0c94c7023c8c3 +Subproject commit 3c8fadc5097c9acfc96d836dced2bb598e48b009 From ab2afd42497955a58a564226c3353a2e1df62ba7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Wed, 15 Jun 2022 17:57:41 +0200 Subject: [PATCH 31/44] Update prosody to version 0.12.1 (#37) --- CHANGELOG.md | 4 ++++ Dockerfile | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f89fef8..60f5c54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ * Nothing +## v1.2.8 + +* Updated to Prosody version [0.12.1](https://blog.prosody.im/prosody-0.12.1-released/). + ## v1.2.7 * Updated to Prosody version [0.12.0](https://blog.prosody.im/prosody-0.12.0-released/). diff --git a/Dockerfile b/Dockerfile index a2e6184..5219e99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.9.0 -ARG PROSODY_VERSION=0.12.0 +ARG PROSODY_VERSION=0.12.1 ARG LUAROCKS_SHA256=5e840f0224891de96be4139e9475d3b1de7af3a32b95c1bdf05394563c60175f -ARG PROSODY_DOWNLOAD_SHA256=752ff32015dac565fc3417c2196af268971c358ee066e51f5d912413580d889a +ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5 LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" From f7fcfd5d88e3a98b4cdd4cfb583d7a15eaca8d1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 23 Feb 2023 16:22:36 +0100 Subject: [PATCH 32/44] Update prosody and luarocks (#48) * Update prosody to version 0.12.3. * Update luarocks to version 3.9.2 --- Dockerfile | 8 ++++---- tests/test.bash | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5219e99..6f24959 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,11 +4,11 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.9.0 -ARG PROSODY_VERSION=0.12.1 +ARG LUAROCKS_VERSION=3.9.2 +ARG PROSODY_VERSION=0.12.3 -ARG LUAROCKS_SHA256=5e840f0224891de96be4139e9475d3b1de7af3a32b95c1bdf05394563c60175f -ARG PROSODY_DOWNLOAD_SHA256=a7ecbbe41f01a4251805593ac6d15dbc6cb75d9c7a876c76b456cf74ff4b90e5 +ARG LUAROCKS_SHA256=bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb +ARG PROSODY_DOWNLOAD_SHA256=35da0d031ff46040a2d638e004d4255e249b6323fe6212db9ddd76b401db2101 LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" diff --git a/tests/test.bash b/tests/test.bash index 9646ab5..401189b 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -18,6 +18,7 @@ generateCert() { registerTestUser() { local userName="$1" local containerName="$2" + echo "Registering TestUser '$userName' in container '$containerName'" sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678" } From 81e9c1abd95f798160726f6140afe6527ef7589e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sat, 25 Mar 2023 11:23:51 +0100 Subject: [PATCH 33/44] Add LDAP authentication support to Prosody (#50) This commit adds support for LDAP authentication. The Dockerfile has been modified to install the required Lua modules (lua-ldap) and the prosody.cfg.lua file has been modified to add environment variables for configuring the LDAP connection. These environment variables include LDAP_BASE, LDAP_SERVER, LDAP_ROOTDN, LDAP_PASSWORD, LDAP_FILTER, LDAP_SCOPE, LDAP_TLS, LDAP_MODE, and LDAP_ADMIN_FILTER. The authentication variable has also been updated to use the value of the AUTHENTICATION environment variable, which defaults to "internal_hashed" if not set. This allows users to configure Prosody to use LDAP for authentication instead of the default internal hashing method. * Update test dependencies: aioxmpp, pytest-asyncio + add pytz to requirements.txt This fixes the following error when running the tests: E ModuleNotFoundError: No module named 'pytz' Instead of pytz only pytz-deprecation-shim was installed. TODO Check if "pytz" can be removed from requirements.txt later on. --- Dockerfile | 1 + prosody.cfg.lua | 12 +++++++- readme.md | 66 ++++++++++++++++++++++++------------------ tests/requirements.txt | 5 ++-- 4 files changed, 53 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6f24959..f973ab6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,6 +35,7 @@ RUN apt-get update \ lua-dbi-mysql \ lua-expat \ lua-filesystem \ + lua-ldap \ lua-socket \ lua-sec \ lua-unbound \ diff --git a/prosody.cfg.lua b/prosody.cfg.lua index f0b0f3c..5405242 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -15,7 +15,17 @@ c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION"); s2s_secure_auth = os.getenv("S2S_SECURE_AUTH"); -authentication = "internal_hashed"; +authentication = os.getenv("AUTHENTICATION") or "internal_hashed"; + +ldap_base = os.getenv("LDAP_BASE"); +ldap_server = os.getenv("LDAP_SERVER") or "localhost"; +ldap_rootdn = os.getenv("LDAP_ROOTDN") or ""; +ldap_password = os.getenv("LDAP_PASSWORD") or ""; +ldap_filter = os.getenv("LDAP_FILTER") or "(uid=$user)"; +ldap_scope = os.getenv("LDAP_SCOPE") or "subtree"; +ldap_tls = os.getenv("LDAP_TLS") or "false"; +ldap_mode = os.getenv("LDAP_MODE") or "bind"; +ldap_admin_filter = os.getenv("LDAP_ADMIN_FILTER") or ""; log = { {levels = {min = os.getenv("LOG_LEVEL")}, to = "console"}; diff --git a/readme.md b/readme.md index c127e4a..8abec2f 100644 --- a/readme.md +++ b/readme.md @@ -197,34 +197,44 @@ sudo chown 999:999 ./data #### Environment variables -| Variable | Description | Type | Default value | -| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------ | -------------------------- | -| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | -| **DOMAIN** | domain | **required** | null | -| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | -| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | -| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | -| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | -| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | -| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | -| **DB_HOST** | The address of the database server | *optional* | | -| **DB_PORT** | Port on which the database is listening | *optional* | | -| **DB_USERNAME** | The username to authenticate to the database | *optional* | | -| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | -| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | -| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | -| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | -| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | -| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | -| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | -| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | -| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" | -| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" | -| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | -| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | -| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | +| Variable | Description | Type | Default value | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | -------------------------- | +| **ALLOW_REGISTRATION** | Whether to allow registration of new accounts via Jabber clients | *optional* | true | +| **DOMAIN** | domain | **required** | null | +| **DOMAIN_HTTP_UPLOAD** | Domain which lets clients upload files over HTTP | *optional* | upload.**DOMAIN** | +| **DOMAIN_MUC** | Domain for Multi-user chat (MUC) for allowing you to create hosted chatrooms/conferences for XMPP users | *optional* | conference.**DOMAIN** | +| **DOMAIN_PROXY** | Domain for SOCKS5 bytestream proxy for server-proxied file transfers | *optional* | proxy.**DOMAIN** | +| **DOMAIN_PUBSUB** | Domain for a XEP-0060 pubsub service | *optional* | pubsub.**DOMAIN** | +| **AUTHENTICATION** | authentication | *optional* | "internal_hashed" | +| **LDAP_BASE** | LDAP base directory which stores user accounts | **required** if **AUTHENTICATION** is "ldap" | | +| **LDAP_SERVER** | Space-separated list of hostnames or IPs, optionally with port numbers (e.g. “localhost:8389”) | *optional* | "localhost" | +| **LDAP_ROOTDN** | The distinguished name to auth against | *optional* | "" | +| **LDAP_PASSWORD** | Password for rootdn | *optional* | "" | +| **LDAP_FILTER** | Search filter, with $user and $host substituted for user- and hostname | *optional* | "(uid=$user)" | +| **LDAP_SCOPE** | Search scope. other values: “base” and “onelevel” | *optional* | "subtree" | +| **LDAP_TLS** | Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard ‘LDAPS’ protocol is not supported. | *optional* | "false" | +| **LDAP_MODE** | How passwords are validated. | *optional* | "bind" | +| **LDAP_ADMIN_FILTER** | Search filter to match admins, works like ldap_filter | *optional* | "" | +| **DB_DRIVER** | May also be "PostgreSQL" or "MySQL" or "SQLite3" (case sensitive!) | *optional* | SQLite3 | +| **DB_DATABASE** | The database name to use. For SQLite3 this the database filename (relative to the data storage directory). | *optional* | prosody.sqlite | +| **DB_HOST** | The address of the database server | *optional* | | +| **DB_PORT** | Port on which the database is listening | *optional* | | +| **DB_USERNAME** | The username to authenticate to the database | *optional* | | +| **DB_PASSWORD** | The password to authenticate to the database | *optional* | | +| **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | +| **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | +| **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | +| **LOG_LEVEL** | Min log level. Change to debug for more information | *optional* | info | +| **C2S_REQUIRE_ENCRYPTION** | Whether to force all client-to-server connections to be encrypted or not | *optional* | true | +| **S2S_REQUIRE_ENCRYPTION** | Whether to force all server-to-server connections to be encrypted or not | *optional* | true | +| **S2S_SECURE_AUTH** | Require encryption and certificate authentication | *optional* | true | +| **SERVER_CONTACT_INFO_ABUSE** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:abuse@**DOMAIN**" | +| **SERVER_CONTACT_INFO_ADMIN** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:admin@**DOMAIN**" | +| **SERVER_CONTACT_INFO_FEEDBACK** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:feedback@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SALES** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:sales@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SECURITY** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:security@**DOMAIN**" | +| **SERVER_CONTACT_INFO_SUPPORT** | A list of strings. Each string should be an URI. See [here](https://prosody.im/doc/modules/mod_server_contact_info). | *optional* | "xmpp:support@**DOMAIN**" | +| **PROSODY_ADMINS** | Specify who is an administrator. List of adresses. Eg. "me@example.com", "admin@example.net" | *optional* | "" | #### DNS diff --git a/tests/requirements.txt b/tests/requirements.txt index c97b92d..cfbef74 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,3 +1,4 @@ -aioxmpp==0.13.2 +aioxmpp==0.13.3 pip-chill==1.0.1 -pytest-asyncio==0.18.3 +pytest-asyncio==0.21.0 +pytz==2022.7.1 From e6415fa51306dcb182f250c9b968131e6fdeff74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 28 Mar 2023 08:08:01 +0200 Subject: [PATCH 34/44] Add tests for prosody with LDAP authentication (#53) This commit updates the docker-compose.yml file to use example.com domain instead of localhost. It also adds a new Prosody instance using LDAP authentication with glauth as the backend. The commit also includes a new file config.cfg for the glauth server configuration. --- tests/docker-compose.yml | 45 ++++++++++++++++++++++++------ tests/glauth/config.cfg | 52 +++++++++++++++++++++++++++++++++++ tests/test.bash | 27 ++++++++++-------- tests/test_prosody.py | 25 +++++++++-------- tests/tests-prosody_ldap.bats | 16 +++++++++++ tests/tests.bats | 24 ++++++++-------- 6 files changed, 146 insertions(+), 43 deletions(-) create mode 100644 tests/glauth/config.cfg create mode 100644 tests/tests-prosody_ldap.bats diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index f854381..d2cc6d2 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.9' +version: "3.9" services: prosody: @@ -11,10 +11,10 @@ services: - "5269:5269" - "5281:5281" environment: - DOMAIN: localhost - E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" LOG_LEVEL: debug - PROSODY_ADMINS: "admin@localhost, admin2@localhost" + PROSODY_ADMINS: "admin@example.com, admin2@example.com" volumes: - ./certs:/usr/local/etc/prosody/certs @@ -28,10 +28,10 @@ services: - "5269:5269" - "5281:5281" environment: - DOMAIN: localhost - E2E_POLICY_WHITELIST: "admin@localhost, user1@localhost" + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" LOG_LEVEL: debug - PROSODY_ADMINS: "admin@localhost, admin2@localhost" + PROSODY_ADMINS: "admin@example.com, admin2@example.com" #DB_DRIVER: "MySQL" DB_DRIVER: "PostgreSQL" DB_DATABASE: "prosody" @@ -45,9 +45,38 @@ services: - postgres postgres: - image: postgres:13-alpine + image: postgres:15-alpine restart: unless-stopped environment: POSTGRES_DB: prosody POSTGRES_USER: prosody POSTGRES_PASSWORD: prosody + + prosody_ldap: + image: prosody + restart: unless-stopped + ports: + - "5000:5000" + - "5222:5222" + - "5223:5223" + - "5269:5269" + - "5281:5281" + environment: + DOMAIN: example.com + E2E_POLICY_WHITELIST: "admin@example.com, user1@example.com" + LOG_LEVEL: debug + PROSODY_ADMINS: "admin@example.com, admin2@example.com" + AUTHENTICATION: "ldap" + LDAP_BASE: "dc=example,dc=com" + LDAP_SERVER: "glauth" + LDAP_ROOTDN: "cn=svc,dc=example,dc=com" + LDAP_PASSWORD: "12345678" + volumes: + - ./certs:/usr/local/etc/prosody/certs + depends_on: + - glauth + + glauth: + image: glauth/glauth + volumes: + - "./glauth/config.cfg:/app/config/config.cfg" diff --git a/tests/glauth/config.cfg b/tests/glauth/config.cfg new file mode 100644 index 0000000..f180ac4 --- /dev/null +++ b/tests/glauth/config.cfg @@ -0,0 +1,52 @@ +[ldap] + enabled = true + listen = "0.0.0.0:389" + +[ldaps] + enabled = false + +[backend] + datastore = "config" + baseDN = "dc=example,dc=com" + +[[groups]] + name = "svc" + gidnumber = 5500 + +[[groups]] + name = "people" + gidnumber = 5501 + +[[users]] + name = "svc" + uidnumber = 5000 + primarygroup = 5500 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users.capabilities]] + action = "search" + object = "*" + +[[users]] + name = "admin" + uidnumber = 5001 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user1" + uidnumber = 5002 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user2" + uidnumber = 5003 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" + +[[users]] + name = "user3" + uidnumber = 5004 + primarygroup = 5501 + passsha256 = "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f" diff --git a/tests/test.bash b/tests/test.bash index 401189b..1b9d5de 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -5,7 +5,7 @@ set -e # generate certs for testing generateCert() { - DOMAIN="$1" + local DOMAIN="$1" if [[ ! -d certs/"$DOMAIN" ]] ; then mkdir -p certs/"$DOMAIN" cd certs/"$DOMAIN" @@ -19,7 +19,7 @@ registerTestUser() { local userName="$1" local containerName="$2" echo "Registering TestUser '$userName' in container '$containerName'" - sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName localhost 12345678" + sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678" } registerTestUsers() { @@ -48,18 +48,18 @@ runTests() { && ./bats/bats-core/bin/bats tests-"$containerName".bats } -generateCert "localhost" -generateCert "conference.localhost" -generateCert "proxy.localhost" -generateCert "pubsub.localhost" -generateCert "upload.localhost" +generateCert "example.com" +generateCert "conference.example.com" +generateCert "proxy.example.com" +generateCert "pubsub.example.com" +generateCert "upload.example.com" # Run tests for first container with postgres # Start postgres first and wait for 10 seconds before starting prosody. -sudo docker-compose down \ -&& sudo docker-compose up -d postgres \ -&& sleep 10 \ -&& sudo docker-compose up -d prosody_postgres +sudo docker-compose down +sudo docker-compose up -d postgres +sleep 10 +sudo docker-compose up -d prosody_postgres registerTestUsers prosody_postgres runTests prosody_postgres @@ -70,3 +70,8 @@ sudo docker-compose up -d prosody registerTestUsers prosody runTests prosody sudo docker-compose down + +# Run tests for prosody with ldap +sudo docker-compose up -d prosody_ldap +runTests prosody_ldap +sudo docker-compose down diff --git a/tests/test_prosody.py b/tests/test_prosody.py index e6c39bc..b7b13fa 100644 --- a/tests/test_prosody.py +++ b/tests/test_prosody.py @@ -15,6 +15,7 @@ def client(client_username, password): password, no_verify=True ), + override_peer=[("localhost", 5222, aioxmpp.connector.STARTTLSConnector())], ) return client @@ -39,9 +40,9 @@ def client_with_message_dispatcher(client): return client @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")]) async def test_send_message_from_admin_to_user1(client): - recipient_jid = aioxmpp.JID.fromstr("user1@localhost") + recipient_jid = aioxmpp.JID.fromstr("user1@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -53,9 +54,9 @@ async def test_send_message_from_admin_to_user1(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("admin@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("admin@example.com", "12345678")]) async def test_send_message_from_admin_to_user2(client): - recipient_jid = aioxmpp.JID.fromstr("user2@localhost") + recipient_jid = aioxmpp.JID.fromstr("user2@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -66,9 +67,9 @@ async def test_send_message_from_admin_to_user2(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user1@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user1@example.com", "12345678")]) async def test_send_message_from_user1_to_user2(client): - recipient_jid = aioxmpp.JID.fromstr("user2@localhost") + recipient_jid = aioxmpp.JID.fromstr("user2@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -79,9 +80,9 @@ async def test_send_message_from_user1_to_user2(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")]) async def test_send_message_from_user2_to_user3(client): - recipient_jid = aioxmpp.JID.fromstr("user3@localhost") + recipient_jid = aioxmpp.JID.fromstr("user3@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -92,9 +93,9 @@ async def test_send_message_from_user2_to_user3(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "12345678")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "12345678")]) async def test_send_message_from_user2_to_nonexisting(client): - recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost") + recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, @@ -105,10 +106,10 @@ async def test_send_message_from_user2_to_nonexisting(client): await client.send(msg) @pytest.mark.asyncio -@pytest.mark.parametrize("client_username, password", [("user2@localhost", "wrong password")]) +@pytest.mark.parametrize("client_username, password", [("user2@example.com", "wrong password")]) async def test_can_not_log_in_with_wrong_password(client): with pytest.raises(aiosasl.AuthenticationFailure): - recipient_jid = aioxmpp.JID.fromstr("nonexisting@localhost") + recipient_jid = aioxmpp.JID.fromstr("nonexisting@example.com") async with client.connected() as stream: msg = aioxmpp.Message( to=recipient_jid, diff --git a/tests/tests-prosody_ldap.bats b/tests/tests-prosody_ldap.bats new file mode 100644 index 0000000..7eb0b77 --- /dev/null +++ b/tests/tests-prosody_ldap.bats @@ -0,0 +1,16 @@ +# For tests with pipes see: https://github.com/sstephenson/bats/issues/10 + +load 'bats/bats-support/load' +load 'bats/bats-assert/load' + +@test "Should use sqlite" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + assert_success + assert_output +} + +@test "Should use ldap" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" + assert_success + assert_output +} diff --git a/tests/tests.bats b/tests/tests.bats index bbac09d..7c9f176 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -9,32 +9,32 @@ load 'bats/bats-assert/load' assert_output "5" } -@test "Should select certificate for localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" localhost:tls\" | wc -l" +@test "Should select certificate for example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \" example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for conference.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.localhost:tls\" | wc -l" +@test "Should select certificate for conference.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"conference.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for proxy.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.localhost:tls\" | wc -l" +@test "Should select certificate for proxy.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"proxy.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for pubsub.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.localhost:tls\" | wc -l" +@test "Should select certificate for pubsub.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"pubsub.example.com:tls\" | wc -l" assert_success assert_output "1" } -@test "Should select certificate for upload.localhost" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.localhost:tls\" | wc -l" +@test "Should select certificate for upload.example.com" { + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Certificates loaded\" | grep \"upload.example.com:tls\" | wc -l" assert_success assert_output "1" } @@ -76,13 +76,13 @@ load 'bats/bats-assert/load' } @test "Should load module cloud_notify" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"localhost:cloud_notify.*info.*Module loaded\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"example.com:cloud_notify.*info.*Module loaded\"" assert_success assert_output } @test "Should show upload URL" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" assert_success assert_output } From 375b0068149972ffdba234cdaa5726e50e1ff914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sun, 9 Jul 2023 09:59:41 +0200 Subject: [PATCH 35/44] Update to debian bookworm (#54) --- CHANGELOG.md | 2 +- Dockerfile | 12 ++++++------ tests/requirements.txt | 4 ++-- update-dependencies.sh | 14 ++++++++++++++ 4 files changed, 23 insertions(+), 9 deletions(-) create mode 100755 update-dependencies.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 60f5c54..82941db 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## Unreleased -* Nothing +* Update to debian bookworm ## v1.2.8 diff --git a/Dockerfile b/Dockerfile index f973ab6..9058210 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bookworm-slim ARG BUILD_DATE ARG VCS_REF @@ -7,7 +7,7 @@ ARG VERSION ARG LUAROCKS_VERSION=3.9.2 ARG PROSODY_VERSION=0.12.3 -ARG LUAROCKS_SHA256=bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb +ARG LUAROCKS_SHA256="bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb" ARG PROSODY_DOWNLOAD_SHA256=35da0d031ff46040a2d638e004d4255e249b6323fe6212db9ddd76b401db2101 LABEL luarocks.version="${LUAROCKS_VERSION}" @@ -26,13 +26,14 @@ LABEL prosody.version="${PROSODY_VERSION}" RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \ libevent-dev `# this is no build dependency, but needed for luaevent` \ - libicu67 \ - libidn11 \ + libicu72 \ + libidn2-0 \ libpq-dev \ libsqlite3-0 \ lua5.2 \ lua-bitop \ lua-dbi-mysql \ + lua-dbi-postgresql \ lua-expat \ lua-filesystem \ lua-ldap \ @@ -43,7 +44,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libssl-dev libicu-dev make unzip' \ +RUN buildDeps='gcc git libc6-dev libidn2-dev liblua5.2-dev libsqlite3-dev libssl-dev libicu-dev make unzip' \ && set -x \ && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ @@ -71,7 +72,6 @@ RUN buildDeps='gcc git libc6-dev libidn11-dev liblua5.2-dev libsqlite3-dev libss && luarocks install luaevent \ && luarocks install luadbi \ `#&& luarocks install luadbi-mysql MYSQL_INCDIR=/usr/include/mariadb/` \ - && luarocks install luadbi-postgresql POSTGRES_INCDIR=/usr/include/postgresql/ \ && luarocks install luadbi-sqlite3 \ && luarocks install stringy \ \ diff --git a/tests/requirements.txt b/tests/requirements.txt index cfbef74..dbe0b29 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,4 +1,4 @@ aioxmpp==0.13.3 -pip-chill==1.0.1 +pip-chill==1.0.3 pytest-asyncio==0.21.0 -pytz==2022.7.1 +pytz==2023.3 diff --git a/update-dependencies.sh b/update-dependencies.sh new file mode 100755 index 0000000..2dc6188 --- /dev/null +++ b/update-dependencies.sh @@ -0,0 +1,14 @@ +#!/bin/zsh + +update_luarocks() { + # Get latest luarocks version and calculate sha256 hash of the tarball + local LUAROCKS_VER=$(wget -q -O - 'https://api.github.com/repos/luarocks/luarocks/tags' | jq -r ".[0].name") + local LUAROCKS_VER=${LUAROCKS_VER#v} + local LUAROCKS_SHA256_HASH=$(wget -q -O - "https://luarocks.org/releases/luarocks-$LUAROCKS_VER.tar.gz" | sha256sum --zero | perl -lane 'print $F[0]') + + # Update Dockerfile + perl -pi -e "s/LUAROCKS_VERSION=\K.*/$LUAROCKS_VER/" Dockerfile + perl -pi -e "s/LUAROCKS_SHA256=\K.*/\"$LUAROCKS_SHA256_HASH\"/" Dockerfile +} + +update_luarocks From da2f438bda95bd0ac344b11ccdaff95a6f558f48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 7 Sep 2023 17:48:56 +0200 Subject: [PATCH 36/44] Add ENV variables for http_max_content_size and http_upload_file_size_limit (#57) Fixes #55 and fixes #56: * Add environment variable HTTP_UPLOAD_FILE_SIZE_LIMIT for setting http_upload_file_size_limit * Add environment variable HTTP_MAX_CONTENT_SIZE * Add domain_http_upload to disco_items to support http_upload on some clients and if http_upload is not a subdomain --- CHANGELOG.md | 13 ++++++++++++- conf.d/02-storage.cfg.lua | 1 + conf.d/05-vhost.cfg.lua | 4 ++++ readme.md | 2 ++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82941db..202afa4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,18 @@ ## Unreleased -* Update to debian bookworm +## v1.2.10 + +* Update docker base image to debian bookworm +* [Add LDAP authentication support](https://github.com/SaraSmiseth/prosody/pull/50) +* Add environment variable HTTP_MAX_CONTENT_SIZE for setting http_max_content_size. +* Add environment variable HTTP_UPLOAD_FILE_SIZE_LIMIT for setting http_upload_file_size_limit. +* Add domain_http_upload to disco_items to support http_upload on some clients and if http_upload is not a subdomain. + +## v1.2.9 + +* Update prosody to version 0.12.3 +* Update luarocks to version 3.9.2 ## v1.2.8 diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 549573a..6271375 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -20,3 +20,4 @@ storage = { -- https://modules.prosody.im/mod_mam.html archive_expires_after = "1y" +http_max_content_size = os.getenv("HTTP_MAX_CONTENT_SIZE") or 1024 * 1024 * 10 -- Default is 10MB diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index e4fe3f1..279ac8d 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -20,10 +20,14 @@ https_ssl = { } VirtualHost (domain) +disco_items = { + { domain_http_upload }, +} -- Set up a http file upload because proxy65 is not working in muc Component (domain_http_upload) "http_upload" http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds + http_upload_file_size_limit = os.getenv("HTTP_UPLOAD_FILE_SIZE_LIMIT") or 1024 * 1024 -- Default is 1MB Component (domain_muc) "muc" name = "Prosody Chatrooms" diff --git a/readme.md b/readme.md index 8abec2f..7d87fe2 100644 --- a/readme.md +++ b/readme.md @@ -221,6 +221,8 @@ sudo chown 999:999 ./data | **DB_PORT** | Port on which the database is listening | *optional* | | | **DB_USERNAME** | The username to authenticate to the database | *optional* | | | **DB_PASSWORD** | The password to authenticate to the database | *optional* | | +| **HTTP_MAX_CONTENT_SIZE** | Max http content size in bytes | *optional* | 10485760 | +| **HTTP_UPLOAD_FILE_SIZE_LIMIT** | Max upload file size. Can not be larger than HTTP_MAX_CONTENT_SIZE | *optional* | 1048576 | | **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | From f8d0fe4f59a0ed1c6a91f4c862d74aa84b4245c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sat, 9 Sep 2023 20:29:13 +0200 Subject: [PATCH 37/44] Update prosody to version 0.12.4. (#59) --- CHANGELOG.md | 4 ++++ Dockerfile | 4 ++-- readme.md | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 202afa4..c5a4fdd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## Unreleased +## v1.2.11 + +* Updated to Prosody version [0.12.4](https://blog.prosody.im/prosody-0.12.4-released/) + ## v1.2.10 * Update docker base image to debian bookworm diff --git a/Dockerfile b/Dockerfile index 9058210..ce12cd0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.9.2 -ARG PROSODY_VERSION=0.12.3 +ARG PROSODY_VERSION=0.12.4 ARG LUAROCKS_SHA256="bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb" -ARG PROSODY_DOWNLOAD_SHA256=35da0d031ff46040a2d638e004d4255e249b6323fe6212db9ddd76b401db2101 +ARG PROSODY_DOWNLOAD_SHA256="47d712273c2f29558c412f6cdaec073260bbc26b7dda243db580330183d65856" LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" diff --git a/readme.md b/readme.md index 7d87fe2..7c8a7fb 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ [![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues) [![Github open pull requests](https://img.shields.io/github/issues-pr-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/pulls) -This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:bullseye-slim`. +This docker image provides you with a configured [Prosody](https://prosody.im/) XMPP server. The image is based on `debian:bookworm-slim`. The server was tested using the Android App [Conversations](https://conversations.im/) and the Desktop client [Gajim](https://gajim.org). Multiple [architectures](https://hub.docker.com/r/sarasmiseth/prosody/tags) are supported. I use it on my raspberry pi 4. From fe1787f93cf664505b891f70c0e5d18f50f53d24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Thu, 14 Sep 2023 20:02:00 +0200 Subject: [PATCH 38/44] Switched from [http_upload](https://modules.prosody.im/mod_http_upload) to [http_file_share](https://prosody.im/doc/modules/mod_http_file_share). (#60) --- CHANGELOG.md | 15 ++++++++++++++- Dockerfile | 1 - conf.d/05-vhost.cfg.lua | 8 +++++--- readme.md | 5 +++-- tests/tests.bats | 2 +- 5 files changed, 23 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c5a4fdd..e7d089e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,23 @@ ## Unreleased -## v1.2.11 +## v1.3.0 * Updated to Prosody version [0.12.4](https://blog.prosody.im/prosody-0.12.4-released/) +### Breaking Change + +Switched from [http_upload](https://modules.prosody.im/mod_http_upload) to [http_file_share](https://prosody.im/doc/modules/mod_http_file_share). +This means that previous uploads will NOT work after upgrading. +ENV variable `HTTP_UPLOAD_FILE_SIZE_LIMIT` was removed. + +The new module uses the following variables: + +* HTTP_FILE_SHARE_SIZE_LIMIT +* HTTP_FILE_SHARE_DAILY_QUOTA + +See [readme.md](readme.md) for explanations and defaults. + ## v1.2.10 * Update docker base image to debian bookworm diff --git a/Dockerfile b/Dockerfile index ce12cd0..c8a9343 100644 --- a/Dockerfile +++ b/Dockerfile @@ -107,7 +107,6 @@ RUN download-prosody-modules.bash \ filter_chatstates `# disable "X is typing" type messages` \ smacks `# stream management (XEP-0198)` \ throttle_presence `# presence throttling in CSI` \ - http_upload `# file sharing (XEP-0363)` \ vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \ && rm -rf "/usr/src/prosody-modules" diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index 279ac8d..2bc3d52 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -25,9 +25,11 @@ disco_items = { } -- Set up a http file upload because proxy65 is not working in muc -Component (domain_http_upload) "http_upload" - http_upload_expire_after = 60 * 60 * 24 * 7 -- a week in seconds - http_upload_file_size_limit = os.getenv("HTTP_UPLOAD_FILE_SIZE_LIMIT") or 1024 * 1024 -- Default is 1MB +Component (domain_http_upload) "http_file_share" + http_file_share_expires_after = 60 * 60 * 24 * 7 -- a week in seconds + local size_limit = os.getenv("HTTP_FILE_SHARE_SIZE_LIMIT") or 10 * 1024 * 1024 -- Default is 10MB + http_file_share_size_limit = size_limit + http_file_share_daily_quota = os.getenv("HTTP_FILE_SHARE_DAILY_QUOTA") or 10 * size_limit -- Default is 10x the size limit Component (domain_muc) "muc" name = "Prosody Chatrooms" diff --git a/readme.md b/readme.md index 7c8a7fb..033a852 100644 --- a/readme.md +++ b/readme.md @@ -221,8 +221,9 @@ sudo chown 999:999 ./data | **DB_PORT** | Port on which the database is listening | *optional* | | | **DB_USERNAME** | The username to authenticate to the database | *optional* | | | **DB_PASSWORD** | The password to authenticate to the database | *optional* | | -| **HTTP_MAX_CONTENT_SIZE** | Max http content size in bytes | *optional* | 10485760 | -| **HTTP_UPLOAD_FILE_SIZE_LIMIT** | Max upload file size. Can not be larger than HTTP_MAX_CONTENT_SIZE | *optional* | 1048576 | +| **HTTP_MAX_CONTENT_SIZE** | Max http content size in bytes | *optional* | 10485760 | +| **HTTP_FILE_SHARE_SIZE_LIMIT** | Max http file share size in bytes | *optional* | 10485760 | +| **HTTP_FILE_SHARE_DAILY_QUOTA** | Daily quota in bytes | *optional* | 10 times share size limit | | **E2E_POLICY_CHAT** | Policy for chat messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_MUC** | Policy for MUC messages. Possible values: "none", "optional" and "required". | *optional* | "required" | | **E2E_POLICY_WHITELIST** | Make this module ignore messages sent to and from this JIDs or MUCs. | *optional* | "" | diff --git a/tests/tests.bats b/tests/tests.bats index 7c9f176..06d035a 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -82,7 +82,7 @@ load 'bats/bats-assert/load' } @test "Should show upload URL" { - run bash -c "sudo docker-compose logs $batsContainerName | grep \"URL: - Ensure this can be reached by users\"" + run bash -c "sudo docker-compose logs $batsContainerName | grep \"Serving 'file_share' at https:\/\/upload.example.com:5281\/file_share\"" assert_success assert_output } From d8e5906e550a1d870f95674d5cde137dfe7e4ffd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 20 Feb 2024 18:52:34 +0100 Subject: [PATCH 39/44] Fix deprecated config options (#64) Adjust config: Replace deprecated legacy_ssl with c2s_direct_tls. Removed use_libevent = true. This means the default is now used which is epoll. Added a test to check that no deprecated config settings are used. --- CHANGELOG.md | 9 +++++++++ conf.d/05-vhost.cfg.lua | 4 ++-- prosody.cfg.lua | 2 -- tests/docker-compose.yml | 2 -- tests/tests.bats | 9 +++++++-- 5 files changed, 18 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7d089e..ea1e879 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ ## Unreleased +### Adjust config + +* Replace deprecated legacy_ssl with c2s_direct_tls. +* Removed use_libevent = true. This means the default is now used which is epoll. + +### Test + +Added a test to check that no deprecated config settings are used. + ## v1.3.0 * Updated to Prosody version [0.12.4](https://blog.prosody.im/prosody-0.12.4-released/) diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index 2bc3d52..e92508f 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -6,11 +6,11 @@ local domain_pubsub = os.getenv("DOMAIN_PUBSUB") -- XEP-0368: SRV records for XMPP over TLS -- https://compliance.conversations.im/test/xep0368/ -legacy_ssl_ssl = { +c2s_direct_tls_ssl = { certificate = "certs/" .. domain .. "/fullchain.pem"; key = "certs/" .. domain .. "/privkey.pem"; } -legacy_ssl_ports = { 5223 } +c2s_direct_tls_ports = { 5223 } -- https://prosody.im/doc/certificates#service_certificates -- https://prosody.im/doc/ports#ssl_configuration diff --git a/prosody.cfg.lua b/prosody.cfg.lua index 5405242..6486643 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -7,8 +7,6 @@ admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", "); pidfile = "/var/run/prosody/prosody.pid" -use_libevent = true; -- improves performance - allow_registration = os.getenv("ALLOW_REGISTRATION"); c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index d2cc6d2..2c5b4f7 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.9" - services: prosody: image: prosody diff --git a/tests/tests.bats b/tests/tests.bats index 06d035a..ca2e987 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -57,8 +57,8 @@ load 'bats/bats-assert/load' assert_output } -@test "Should activate legacy_ssl" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'legacy_ssl' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" +@test "Should activate c2s_direct_tls" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Activated service 'c2s_direct_tls' on (\[::\]:5223|\[\*\]:5223), (\[::\]:5223|\[\*\]:5223)\"" assert_success assert_output } @@ -86,3 +86,8 @@ load 'bats/bats-assert/load' assert_success assert_output } + +@test "Should not use deprecated config" { + run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3" + assert_failure +} From 74c64514e2e1ad1c788a0695ed41af94a1cdaaf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 20 Feb 2024 19:43:58 +0100 Subject: [PATCH 40/44] Remove broken links. (#65) --- readme.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/readme.md b/readme.md index 033a852..6a219ab 100644 --- a/readme.md +++ b/readme.md @@ -2,8 +2,6 @@ ![Docker](https://github.com/SaraSmiseth/prosody/workflows/Docker/badge.svg?branch=dev) ![Git repository size](https://img.shields.io/github/repo-size/SaraSmiseth/prosody) -[![Docker image](https://images.microbadger.com/badges/image/sarasmiseth/prosody:latest.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) -[![Docker version](https://images.microbadger.com/badges/version/sarasmiseth/prosody.svg)](https://microbadger.com/images/sarasmiseth/prosody:latest) [![Docker pulls](https://img.shields.io/docker/pulls/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) [![Docker stars](https://img.shields.io/docker/stars/sarasmiseth/prosody.svg)](https://hub.docker.com/r/sarasmiseth/prosody/) [![Github open issues](https://img.shields.io/github/issues-raw/SaraSmiseth/prosody)](https://github.com/SaraSmiseth/prosody/issues) From 0e33f7073944ef53f3cbe0538abdfcb2e8807293 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Mon, 4 Mar 2024 17:46:15 +0100 Subject: [PATCH 41/44] Remove modules from Dockerfile which are already part of core modules (#66) See https://prosody.im/doc/modules. Add test to check if log contains warnings This fixes https://github.com/SaraSmiseth/prosody/issues/63. --- Dockerfile | 4 ---- tests/tests.bats | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8a9343..008eb5d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -99,13 +99,9 @@ COPY *.bash /usr/local/bin/ RUN download-prosody-modules.bash \ && docker-prosody-module-install.bash \ - bookmarks `# XEP-0411: Bookmarks Conversion` \ - carbons `# message carbons (XEP-0280)` \ cloud_notify `# XEP-0357: Push Notifications` \ - csi `# client state indication (XEP-0352)` \ e2e_policy `# require end-2-end encryption` \ filter_chatstates `# disable "X is typing" type messages` \ - smacks `# stream management (XEP-0198)` \ throttle_presence `# presence throttling in CSI` \ vcard_muc `# XEP-0153: vCard-Based Avatar (MUC)` \ && rm -rf "/usr/src/prosody-modules" diff --git a/tests/tests.bats b/tests/tests.bats index ca2e987..1f88f04 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -91,3 +91,8 @@ load 'bats/bats-assert/load' run bash -c "sudo docker-compose exec $batsContainerName /bin/bash -c \"/entrypoint.bash check\" | grep 'deprecated' -A 3" assert_failure } + +@test "Should not have warnings in log" { + run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"warn\"" + assert_failure +} From 982ddcd60bff9bfbd5ac0eade3a4baf4c90eeb37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:09:13 +0100 Subject: [PATCH 42/44] Move defaults from entrypoint script to cfg.lua files (#71) * Move multiple defaults from entrypoint script to cfg.lua files. * Move remaining defaults from entrypoint script to cfg.lua files. * Update postgres version in tests * Register users with prosodyctl in tests * Replace 'docker-compose' with 'docker compose' --- conf.d/02-storage.cfg.lua | 4 ++-- conf.d/03-e2e-policy.cfg.lua | 9 +++++--- conf.d/04-server_contact_info.cfg.lua | 20 ++++++++++++----- conf.d/05-vhost.cfg.lua | 8 +++---- docker-entrypoint.bash | 22 ------------------ prosody.cfg.lua | 13 ++++++----- readme.md | 6 ++--- tests/docker-compose.yml | 2 +- tests/test.bash | 20 ++++++++--------- tests/tests-prosody.bats | 2 +- tests/tests-prosody_ldap.bats | 4 ++-- tests/tests-prosody_postgres.bats | 2 +- tests/tests.bats | 32 +++++++++++++-------------- 13 files changed, 67 insertions(+), 77 deletions(-) diff --git a/conf.d/02-storage.cfg.lua b/conf.d/02-storage.cfg.lua index 6271375..29b0711 100644 --- a/conf.d/02-storage.cfg.lua +++ b/conf.d/02-storage.cfg.lua @@ -1,8 +1,8 @@ default_storage = "sql" sql = { - driver = os.getenv("DB_DRIVER"); - database = os.getenv("DB_DATABASE"); + driver = os.getenv("DB_DRIVER") or "SQLite3"; + database = os.getenv("DB_DATABASE") or "prosody.sqlite"; host = os.getenv("DB_HOST"); port = os.getenv("DB_PORT"); username = os.getenv("DB_USERNAME"); diff --git a/conf.d/03-e2e-policy.cfg.lua b/conf.d/03-e2e-policy.cfg.lua index 88a7ca8..19fab10 100644 --- a/conf.d/03-e2e-policy.cfg.lua +++ b/conf.d/03-e2e-policy.cfg.lua @@ -1,8 +1,11 @@ local stringy = require "stringy" -e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") -e2e_policy_muc = os.getenv("E2E_POLICY_MUC") -e2e_policy_whitelist = stringy.split(os.getenv("E2E_POLICY_WHITELIST"), ", ") +e2e_policy_chat = os.getenv("E2E_POLICY_CHAT") or "required" +e2e_policy_muc = os.getenv("E2E_POLICY_MUC") or "required" + +local whitelist = os.getenv("E2E_POLICY_WHITELIST") or "" +e2e_policy_whitelist = stringy.split(whitelist, ", ") + e2e_policy_message_optional_chat = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for conversations on this server." e2e_policy_message_required_chat = "For security reasons, OMEMO, OTR or PGP encryption is required for conversations on this server." e2e_policy_message_optional_muc = "For security reasons, OMEMO, OTR or PGP encryption is STRONGLY recommended for MUC on this server." diff --git a/conf.d/04-server_contact_info.cfg.lua b/conf.d/04-server_contact_info.cfg.lua index 52437e7..971392d 100644 --- a/conf.d/04-server_contact_info.cfg.lua +++ b/conf.d/04-server_contact_info.cfg.lua @@ -1,10 +1,18 @@ local stringy = require "stringy" +local domain = os.getenv("DOMAIN") +local abuse = os.getenv("SERVER_CONTACT_INFO_ABUSE") or "xmpp:abuse@" .. domain +local admin = os.getenv("SERVER_CONTACT_INFO_ADMIN") or "xmpp:admin@" .. domain +local feedback = os.getenv("SERVER_CONTACT_INFO_FEEDBACK") or "xmpp:feedback@" .. domain +local sales = os.getenv("SERVER_CONTACT_INFO_SALES") or "xmpp:sales@" .. domain +local security = os.getenv("SERVER_CONTACT_INFO_SECURITY") or "xmpp:security@" .. domain +local support = os.getenv("SERVER_CONTACT_INFO_SUPPORT") or "xmpp:support@" .. domain + contact_info = { - abuse = stringy.split(os.getenv("SERVER_CONTACT_INFO_ABUSE"), ", "); - admin = stringy.split(os.getenv("SERVER_CONTACT_INFO_ADMIN"), ", "); - feedback = stringy.split(os.getenv("SERVER_CONTACT_INFO_FEEDBACK"), ", "); - sales = stringy.split(os.getenv("SERVER_CONTACT_INFO_SALES"), ", "); - security = stringy.split(os.getenv("SERVER_CONTACT_INFO_SECURITY"), ", "); - support = stringy.split(os.getenv("SERVER_CONTACT_INFO_SUPPORT"), ", "); + abuse = stringy.split(abuse, ", "); + admin = stringy.split(admin, ", "); + feedback = stringy.split(feedback, ", "); + sales = stringy.split(sales, ", "); + security = stringy.split(security, ", "); + support = stringy.split(support, ", "); } diff --git a/conf.d/05-vhost.cfg.lua b/conf.d/05-vhost.cfg.lua index e92508f..1f5bcec 100644 --- a/conf.d/05-vhost.cfg.lua +++ b/conf.d/05-vhost.cfg.lua @@ -1,8 +1,8 @@ local domain = os.getenv("DOMAIN") -local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD") -local domain_muc = os.getenv("DOMAIN_MUC") -local domain_proxy = os.getenv("DOMAIN_PROXY") -local domain_pubsub = os.getenv("DOMAIN_PUBSUB") +local domain_http_upload = os.getenv("DOMAIN_HTTP_UPLOAD") or "upload." .. domain +local domain_muc = os.getenv("DOMAIN_MUC") or "conference." .. domain +local domain_proxy = os.getenv("DOMAIN_PROXY") or "proxy." .. domain +local domain_pubsub = os.getenv("DOMAIN_PUBSUB") or "pubsub." .. domain -- XEP-0368: SRV records for XMPP over TLS -- https://compliance.conversations.im/test/xep0368/ diff --git a/docker-entrypoint.bash b/docker-entrypoint.bash index dd317e0..3d85187 100755 --- a/docker-entrypoint.bash +++ b/docker-entrypoint.bash @@ -1,28 +1,6 @@ #!/bin/bash set -e -export ALLOW_REGISTRATION=${ALLOW_REGISTRATION:-true} -export DOMAIN_HTTP_UPLOAD=${DOMAIN_HTTP_UPLOAD:-"upload.$DOMAIN"} -export DOMAIN_MUC=${DOMAIN_MUC:-"conference.$DOMAIN"} -export DOMAIN_PROXY=${DOMAIN_PROXY:-"proxy.$DOMAIN"} -export DOMAIN_PUBSUB=${DOMAIN_PUBSUB:-"pubsub.$DOMAIN"} -export DB_DRIVER=${DB_DRIVER:-"SQLite3"} -export DB_DATABASE=${DB_DATABASE:-"prosody.sqlite"} -export E2E_POLICY_CHAT=${E2E_POLICY_CHAT:-"required"} -export E2E_POLICY_MUC=${E2E_POLICY_MUC:-"required"} -export E2E_POLICY_WHITELIST=${E2E_POLICY_WHITELIST:-""} -export LOG_LEVEL=${LOG_LEVEL:-"info"} -export C2S_REQUIRE_ENCRYPTION=${C2S_REQUIRE_ENCRYPTION:-true} -export S2S_REQUIRE_ENCRYPTION=${S2S_REQUIRE_ENCRYPTION:-true} -export S2S_SECURE_AUTH=${S2S_SECURE_AUTH:-true} -export SERVER_CONTACT_INFO_ABUSE=${SERVER_CONTACT_INFO_ABUSE:-"xmpp:abuse@$DOMAIN"} -export SERVER_CONTACT_INFO_ADMIN=${SERVER_CONTACT_INFO_ADMIN:-"xmpp:admin@$DOMAIN"} -export SERVER_CONTACT_INFO_FEEDBACK=${SERVER_CONTACT_INFO_FEEDBACK:-"xmpp:feedback@$DOMAIN"} -export SERVER_CONTACT_INFO_SALES=${SERVER_CONTACT_INFO_SALES:-"xmpp:sales@$DOMAIN"} -export SERVER_CONTACT_INFO_SECURITY=${SERVER_CONTACT_INFO_SECURITY:-"xmpp:security@$DOMAIN"} -export SERVER_CONTACT_INFO_SUPPORT=${SERVER_CONTACT_INFO_SUPPORT:-"xmpp:support@$DOMAIN"} -export PROSODY_ADMINS=${PROSODY_ADMINS:-""} - if [[ "$1" != "prosody" ]]; then exec prosodyctl $* exit 0; diff --git a/prosody.cfg.lua b/prosody.cfg.lua index 6486643..b53faeb 100644 --- a/prosody.cfg.lua +++ b/prosody.cfg.lua @@ -3,15 +3,16 @@ local stringy = require "stringy" -admins = stringy.split(os.getenv("PROSODY_ADMINS"), ", "); +local prosody_admins = os.getenv("PROSODY_ADMINS") or ""; +admins = stringy.split(prosody_admins, ", "); pidfile = "/var/run/prosody/prosody.pid" -allow_registration = os.getenv("ALLOW_REGISTRATION"); +allow_registration = os.getenv("ALLOW_REGISTRATION") or "true"; -c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION"); -s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION"); -s2s_secure_auth = os.getenv("S2S_SECURE_AUTH"); +c2s_require_encryption = os.getenv("C2S_REQUIRE_ENCRYPTION") or "true"; +s2s_require_encryption = os.getenv("S2S_REQUIRE_ENCRYPTION") or "true"; +s2s_secure_auth = os.getenv("S2S_SECURE_AUTH") or "true"; authentication = os.getenv("AUTHENTICATION") or "internal_hashed"; @@ -26,7 +27,7 @@ ldap_mode = os.getenv("LDAP_MODE") or "bind"; ldap_admin_filter = os.getenv("LDAP_ADMIN_FILTER") or ""; log = { - {levels = {min = os.getenv("LOG_LEVEL")}, to = "console"}; + {levels = {min = os.getenv("LOG_LEVEL") or "info"}, to = "console"}; }; Include "conf.d/*.cfg.lua"; diff --git a/readme.md b/readme.md index 6a219ab..de5ab62 100644 --- a/readme.md +++ b/readme.md @@ -167,9 +167,9 @@ services: - ./data:/usr/local/var/lib/prosody ``` -Boot it via: ```docker-compose up -d```. +Boot it via: ```docker compose up -d```. -Inspect logs: ```docker-compose logs -f```. +Inspect logs: ```docker compose logs -f```. ### Volumes permissions @@ -265,7 +265,7 @@ If you need additional configuration just overwrite the respective _cfg.lua_ fil When migrating from prosody 0.10, you need to update the database once: ```bash -docker-compose exec server bash +docker compose exec server bash prosodyctl mod_storage_sql upgrade ``` diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index 2c5b4f7..b67723b 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -43,7 +43,7 @@ services: - postgres postgres: - image: postgres:15-alpine + image: postgres:16-alpine restart: unless-stopped environment: POSTGRES_DB: prosody diff --git a/tests/test.bash b/tests/test.bash index 1b9d5de..33a374b 100755 --- a/tests/test.bash +++ b/tests/test.bash @@ -19,7 +19,7 @@ registerTestUser() { local userName="$1" local containerName="$2" echo "Registering TestUser '$userName' in container '$containerName'" - sudo docker compose exec "$containerName" /bin/bash -c "/entrypoint.bash register $userName example.com 12345678" + sudo docker compose exec "$containerName" /bin/bash -c "prosodyctl register $userName example.com 12345678" } registerTestUsers() { @@ -42,7 +42,7 @@ runTests() { && pytest \ && deactivate \ && sleep 5 \ - && sudo docker-compose logs "$containerName" \ + && sudo docker compose logs "$containerName" \ && export batsContainerName="$containerName" \ && ./bats/bats-core/bin/bats tests.bats \ && ./bats/bats-core/bin/bats tests-"$containerName".bats @@ -56,22 +56,22 @@ generateCert "upload.example.com" # Run tests for first container with postgres # Start postgres first and wait for 10 seconds before starting prosody. -sudo docker-compose down -sudo docker-compose up -d postgres +sudo docker compose down +sudo docker compose up -d postgres sleep 10 -sudo docker-compose up -d prosody_postgres +sudo docker compose up -d prosody_postgres registerTestUsers prosody_postgres runTests prosody_postgres -sudo docker-compose down +sudo docker compose down # Run tests for second container with SQLite -sudo docker-compose up -d prosody +sudo docker compose up -d prosody registerTestUsers prosody runTests prosody -sudo docker-compose down +sudo docker compose down # Run tests for prosody with ldap -sudo docker-compose up -d prosody_ldap +sudo docker compose up -d prosody_ldap runTests prosody_ldap -sudo docker-compose down +sudo docker compose down diff --git a/tests/tests-prosody.bats b/tests/tests-prosody.bats index 74ddc22..e2efe54 100644 --- a/tests/tests-prosody.bats +++ b/tests/tests-prosody.bats @@ -4,7 +4,7 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use sqlite" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" assert_success assert_output } diff --git a/tests/tests-prosody_ldap.bats b/tests/tests-prosody_ldap.bats index 7eb0b77..64c92b2 100644 --- a/tests/tests-prosody_ldap.bats +++ b/tests/tests-prosody_ldap.bats @@ -4,13 +4,13 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use sqlite" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[SQLite3\] \/usr\/local\/var\/lib\/prosody\/prosody\.sqlite\.\.\.\"" assert_success assert_output } @test "Should use ldap" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Host 'example.com' now set to use user provider 'ldap'\"" assert_success assert_output } diff --git a/tests/tests-prosody_postgres.bats b/tests/tests-prosody_postgres.bats index 2a1d1d0..f33fecb 100644 --- a/tests/tests-prosody_postgres.bats +++ b/tests/tests-prosody_postgres.bats @@ -4,7 +4,7 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should use postgres" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" + run bash -c "sudo docker compose logs $batsContainerName | grep -E \"Connecting to \[PostgreSQL\] prosody\.\.\.\"" assert_success assert_output } diff --git a/tests/tests.bats b/tests/tests.bats index 1f88f04..3655520 100644 --- a/tests/tests.bats +++ b/tests/tests.bats @@ -4,95 +4,95 @@ load 'bats/bats-support/load' load 'bats/bats-assert/load' @test "Should send 5 messages" { - run bash -c "sudo docker-compose logs $batsContainerName | grep -E \"Received\[c2s\]: Date: Tue, 19 Nov 2024 15:41:10 +0100 Subject: [PATCH 43/44] Update LUAROCKS_VERSION=3.11.1 (#72) --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 008eb5d..5dceb69 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,10 @@ ARG BUILD_DATE ARG VCS_REF ARG VERSION -ARG LUAROCKS_VERSION=3.9.2 +ARG LUAROCKS_VERSION=3.11.1 ARG PROSODY_VERSION=0.12.4 -ARG LUAROCKS_SHA256="bca6e4ecc02c203e070acdb5f586045d45c078896f6236eb46aa33ccd9b94edb" +ARG LUAROCKS_SHA256="c3fb3d960dffb2b2fe9de7e3cb004dc4d0b34bb3d342578af84f84325c669102" ARG PROSODY_DOWNLOAD_SHA256="47d712273c2f29558c412f6cdaec073260bbc26b7dda243db580330183d65856" LABEL luarocks.version="${LUAROCKS_VERSION}" From 113ca610ac89d52396e8af44ca59031a19c18a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sara=20Aim=C3=A9e=20Smiseth?= <51710585+SaraSmiseth@users.noreply.github.com> Date: Sun, 5 Jan 2025 15:22:58 +0100 Subject: [PATCH 44/44] Update PROSODY_VERSION=0.12.5 (#73) --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5dceb69..22c805b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ ARG VCS_REF ARG VERSION ARG LUAROCKS_VERSION=3.11.1 -ARG PROSODY_VERSION=0.12.4 +ARG PROSODY_VERSION=0.12.5 ARG LUAROCKS_SHA256="c3fb3d960dffb2b2fe9de7e3cb004dc4d0b34bb3d342578af84f84325c669102" -ARG PROSODY_DOWNLOAD_SHA256="47d712273c2f29558c412f6cdaec073260bbc26b7dda243db580330183d65856" +ARG PROSODY_DOWNLOAD_SHA256="778fb7707a0f10399595ba7ab9c66dd2a2288c0ae3a7fe4ab78f97d462bd399f" LABEL luarocks.version="${LUAROCKS_VERSION}" LABEL org.opencontainers.image.authors="Sara Smiseth" @@ -87,7 +87,7 @@ RUN mkdir -p /var/run/prosody/ \ && chown prosody:prosody /var/run/prosody/ # https://github.com/prosody/prosody-docker/issues/25 -ENV __FLUSH_LOG yes +ENV __FLUSH_LOG=yes VOLUME ["/usr/local/var/lib/prosody"]