extern/workspaces-core-images
1
0
Fork 0
mirror of https://github.com/kasmtech/workspaces-core-images.git synced 2025-06-26 06:51:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

KASM-6341 remove openssl 1.1 requirement on images that do not need it

Browse Source
This commit is contained in:
ryan.kuba 2024-12-05 11:03:47 -05:00 committed by Teja Swaroop Pothala
parent c352a3ec42
commit d27116bad5
No known key found for this signature in database
GPG Key ID: E5F3829663E6A4B2
7 changed files with 30 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dockerfile-kasm-core-alpine
View File

@ -9,15 +9,8 @@ COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/" RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/"
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
FROM install_tools AS squid_builder
ARG DISTRO=alpine
RUN ARCH=$(arch | sed 's/aarch64/arm64/g' | sed 's/x86_64/amd64/g') && \
wget --progress=dot:giga "https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/f2b6ac26e7f91240e57d6d6e1dad4cc2704445ee/output/kasm-squid-builder_alpine_${ARCH}.tar.gz"
RUN tar -xzf kasm-squid-builder_*.tar.gz -C /
### Layer from squid changes ### Layer from squid changes
FROM install_tools as base_layer FROM install_tools AS base_layer
### Environment config ### Environment config
ARG BG_IMG=bg_alpine.png ARG BG_IMG=bg_alpine.png
@ -100,9 +93,6 @@ COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/
RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder
RUN apk add --no-cache coreutils # the timeout function used by the backend needs to be the one from core utils. RUN apk add --no-cache coreutils # the timeout function used by the backend needs to be the one from core utils.
### Copy built Squid
COPY --from=squid_builder /usr/local/squid /usr/local/squid
### Install Squid ### Install Squid
COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/ COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/
RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/ RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/

10
dockerfile-kasm-core-centos
View File

@ -13,12 +13,7 @@ COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/" RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/"
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
FROM install_tools AS squid_builder FROM install_tools AS base_layer
RUN wget --progress=dot:giga 'https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/de1dffbc94d4132d6c696de8c6dfcd6f08900f61/output/kasm-squid-builder_centos_amd64.tar.gz'
RUN tar -xzf kasm-squid-builder_centos_amd64.tar.gz -C /
FROM install_tools as base_layer
### Environment config ### Environment config
ARG BG_IMG=bg_centos.png ARG BG_IMG=bg_centos.png
@ -101,9 +96,6 @@ COPY ./src/ubuntu/install/printer/resources/*.ppd /etc/cups/ppd/
COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/ COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/
RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder
### Copy built Squid
COPY --from=squid_builder /usr/local/squid /usr/local/squid
### Install Squid ### Install Squid
COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/ COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/
RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/ RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/

13
dockerfile-kasm-core-fedora
View File

@ -12,15 +12,7 @@ COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/" RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/"
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
FROM install_tools AS squid_builder FROM install_tools AS base_layer
ARG DISTRO=fedora37
RUN ARCH=$(arch | sed 's/aarch64/arm64/g' | sed 's/x86_64/amd64/g') && \
wget --progress=dot:giga "https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/1149fc830c7edcb383eec390cce2beba16befde5/output/kasm-squid-builder_${ARCH}.tar.gz"
RUN tar -xzf kasm-squid-builder_*.tar.gz -C /
FROM install_tools as base_layer
MAINTAINER Kasm Tech "info@kasmweb.com" MAINTAINER Kasm Tech "info@kasmweb.com"
LABEL "com.kasmweb.image"="true" LABEL "com.kasmweb.image"="true"
@ -109,9 +101,6 @@ COPY ./src/ubuntu/install/printer/resources/*.ppd /etc/cups/ppd/
COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/ COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/
RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder
### Copy built Squid
COPY --from=squid_builder /usr/local/squid /usr/local/squid
### Install Squid ### Install Squid
COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/ COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/
RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/ RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/

7
dockerfile-kasm-core-oracle
View File

@ -12,6 +12,7 @@ COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/" RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/"
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
<<<<<<< HEAD
FROM install_tools AS squid_builder FROM install_tools AS squid_builder
ARG DISTRO=oracle8 ARG DISTRO=oracle8
@ -26,6 +27,9 @@ fi
RUN tar -xzf kasm-squid-builder_*.tar.gz -C / RUN tar -xzf kasm-squid-builder_*.tar.gz -C /
FROM install_tools as base_layer FROM install_tools as base_layer
=======
FROM install_tools AS base_layer
>>>>>>> 1e17125 (KASM-6341 remove openssl 1.1 requirement on images that do not need it)
MAINTAINER Kasm Tech "info@kasmweb.com" MAINTAINER Kasm Tech "info@kasmweb.com"
LABEL "com.kasmweb.image"="true" LABEL "com.kasmweb.image"="true"
@ -124,9 +128,6 @@ COPY ./src/ubuntu/install/printer/resources/*.ppd /etc/cups/ppd/
COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/ COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/
RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder
### Copy built Squid
COPY --from=squid_builder /usr/local/squid /usr/local/squid
### Install Squid ### Install Squid
COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/ COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/
RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/ RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/

13
dockerfile-kasm-core-suse
View File

@ -11,15 +11,7 @@ COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/" RUN bash "$INST_SCRIPTS/tools/install_tools.sh" && rm -rf "$INST_SCRIPTS/tools/"
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
FROM install_tools AS squid_builder FROM install_tools AS base_layer
ARG DISTRO=opensuse
RUN ARCH=$(arch | sed 's/aarch64/arm64/g' | sed 's/x86_64/amd64/g') && \
wget --progress=dot:giga "https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/1149fc830c7edcb383eec390cce2beba16befde5/output/kasm-squid-builder_${ARCH}.tar.gz"
RUN tar -xzf kasm-squid-builder_*.tar.gz -C /
FROM install_tools as base_layer
### Environment config ### Environment config
ARG BG_IMG=bg_opensuse.png ARG BG_IMG=bg_opensuse.png
@ -99,9 +91,6 @@ COPY ./src/ubuntu/install/printer/resources/*.ppd /etc/cups/ppd/
COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/ COPY ./src/ubuntu/install/recorder $INST_SCRIPTS/recorder/
RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder RUN bash $INST_SCRIPTS/recorder/install_recorder.sh && rm -rf $INST_SCRIPTS/recorder
### Copy built Squid
COPY --from=squid_builder /usr/local/squid /usr/local/squid
### Install Squid ### Install Squid
COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/ COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/
RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/ RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/

1
src/ubuntu/install/printer/install_printer.sh
View File

@ -15,6 +15,7 @@ elif [ "${DISTRO}" == "alpine" ]; then
apk add --no-cache cups cups-client cups-pdf@testing apk add --no-cache cups cups-client cups-pdf@testing
else else
apt-get update apt-get update
apt-get install -y cups-filters
apt-get install -y cups cups-client cups-pdf apt-get install -y cups cups-client cups-pdf
fi fi

58
src/ubuntu/install/squid/install/install_squid.sh
View File

@ -1,26 +1,32 @@
#!/bin/bash #!/bin/bash
set -ex set -ex
# Install openssl
ARCH=$(arch | sed 's/aarch64/arm64/g' | sed 's/x86_64/amd64/g') ARCH=$(arch | sed 's/aarch64/arm64/g' | sed 's/x86_64/amd64/g')
if [[ "${ARCH}" == "arm64" ]]; then if [[ "${DISTRO}" == @(centos|oracle7|oracle8|oracle9|fedora37|fedora38|fedora39|fedora40|almalinux8|almalinux9|rockylinux8|rockylinux9) ]]; then
LIBSSLURL="http://ports.ubuntu.com/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.23_arm64.deb" dnf install -y openssl xkbcomp
rm -f /etc/X11/xinit/xinitrc
elif [[ "${DISTRO}" == "alpine" ]]; then
apk add --no-cache openssl
elif [ "${DISTRO}" == "opensuse" ]; then
zypper install -yn openssl
else else
LIBSSLURL="http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.23_amd64.deb" apt-get update
apt-get install -y openssl
fi fi
# intall squid # Intall squid
SQUID_COMMIT='1149fc830c7edcb383eec390cce2beba16befde5' SQUID_COMMIT='c45537169794a16029e06d7d456edb21b9ce7d12'
if $(grep -q Jammy /etc/os-release) || $(grep -q Kali /etc/os-release) || $(grep -q lory /etc/os-release); then if $(grep -q Focal /etc/os-release) || $(grep -q bullseye /etc/os-release) || [ -f /usr/bin/zypper ] || [[ "${DISTRO}" == @(oracle8|almalinux8|rockylinux8) ]]; then
wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/${SQUID_COMMIT}/output/kasm-squid-builder_${ARCH}.tar.gz | tar -xzf - -C / wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/${SQUID_COMMIT}/output/kasm-squid-builder_ubuntu11_${ARCH}.tar.gz | tar -xzf - -C /
wget ${LIBSSLURL} -O libssl1.1.${ARCH}.deb elif [[ "${DISTRO}" == "alpine" ]]; then
dpkg -i libssl1.1.${ARCH}.deb wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/${SQUID_COMMIT}/output/kasm-squid-builder_alpine_${ARCH}.tar.gz | tar -xzf - -C /
rm -f libssl1.1.${ARCH}.deb else
elif [[ "${DISTRO}" != @(centos|oracle7|oracle8|oracle9|opensuse|fedora37|fedora38|fedora39|rockylinux9|rockylinux8|almalinux9|almalinux8|alpine) ]] ; then wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/${SQUID_COMMIT}/output/kasm-squid-builder_ubuntu_${ARCH}.tar.gz | tar -xzf - -C /
wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/${SQUID_COMMIT}/output/kasm-squid-builder_${ARCH}.tar.gz | tar -xzf - -C /
fi fi
# update squid conf with user info # Update squid conf with user info
if [[ "${DISTRO}" == @(centos|oracle7|oracle8|oracle9|fedora37|fedora38|fedora39|almalinux8|almalinux9|rockylinux8|rockylinux9|alpine) ]]; then if [[ "${DISTRO}" == @(centos|oracle7|oracle8|oracle9|fedora37|fedora38|fedora39|fedora40|almalinux8|almalinux9|rockylinux8|rockylinux9|alpine) ]]; then
useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy
elif [ "${DISTRO}" == "opensuse" ]; then elif [ "${DISTRO}" == "opensuse" ]; then
useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy
@ -28,36 +34,14 @@ elif [ "${DISTRO}" == "opensuse" ]; then
usermod -a -G proxy proxy usermod -a -G proxy proxy
fi fi
# File and perms
mkdir /usr/local/squid/etc/ssl_cert -p mkdir /usr/local/squid/etc/ssl_cert -p
chown proxy:proxy /usr/local/squid/etc/ssl_cert -R chown proxy:proxy /usr/local/squid/etc/ssl_cert -R
chmod 700 /usr/local/squid/etc/ssl_cert -R chmod 700 /usr/local/squid/etc/ssl_cert -R
cd /usr/local/squid/etc/ssl_cert cd /usr/local/squid/etc/ssl_cert
if [[ "${DISTRO}" == @(fedora37|fedora38|fedora39) ]]; then
dnf install -y openssl1.1 xkbcomp
rm -f /etc/X11/xinit/xinitrc
elif [[ "${DISTRO}" == @(rockylinux9|oracle9|almalinux9) ]]; then
dnf install -y compat-openssl11 xkbcomp
rm -f /etc/X11/xinit/xinitrc
elif [[ "${DISTRO}" == @(centos|oracle7) ]]; then
yum install -y openssl11-libs
elif [[ "${DISTRO}" == "alpine" ]]; then
if grep -q v3.19 /etc/os-release; then
apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing openssl1.1-compat
else
apk add --no-cache openssl1.1-compat
fi
elif grep -q bookworm /etc/os-release; then
wget ${LIBSSLURL} -O libssl1.1.${ARCH}.deb
dpkg -i libssl1.1.${ARCH}.deb
rm -f libssl1.1.${ARCH}.deb
fi
/usr/local/squid/libexec/security_file_certgen -c -s /usr/local/squid/var/logs/ssl_db -M 4MB /usr/local/squid/libexec/security_file_certgen -c -s /usr/local/squid/var/logs/ssl_db -M 4MB
chown proxy:proxy /usr/local/squid/var/logs/ssl_db -R chown proxy:proxy /usr/local/squid/var/logs/ssl_db -R
chown -R proxy:proxy /usr/local/squid -R chown -R proxy:proxy /usr/local/squid -R
mkdir -p /etc/squid/ mkdir -p /etc/squid/
# Trick so we can auto re-direct blocked urls to a special page # Trick so we can auto re-direct blocked urls to a special page