2022-09-27 22:08:37 +02:00
|
|
|
# syntax=docker/dockerfile-upstream:1.4.3
|
|
|
|
|
2022-10-08 15:55:40 +02:00
|
|
|
# base system image (intermediate)
|
2023-03-28 20:23:35 +02:00
|
|
|
# Note when updating tag, also update it in .github/workflows/mirror.yml.
|
|
|
|
# Then run that workflow at least once to pull & mirror the new alpine image. Or do it manually via:
|
|
|
|
# echo "$MY_GH_PAT" | docker login --username "my_gh_user_name" --password-stdin ghcr.io
|
|
|
|
# curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
|
|
|
|
# chmod 755 regctl
|
|
|
|
# ./regctl image copy docker.io/alpine:3.17.2 ghcr.io/mailu/alpine:3.17.2
|
|
|
|
# rm regctl
|
|
|
|
# docker logout ghcr.io
|
|
|
|
ARG DISTRO=ghcr.io/mailu/alpine:3.17.2
|
2022-10-08 15:55:40 +02:00
|
|
|
FROM $DISTRO as system
|
2022-09-27 22:08:37 +02:00
|
|
|
|
2022-10-14 14:34:27 +02:00
|
|
|
ENV TZ=Etc/UTC LANG=C.UTF-8
|
|
|
|
|
|
|
|
ARG MAILU_UID=1000
|
|
|
|
ARG MAILU_GID=1000
|
2022-09-27 22:08:37 +02:00
|
|
|
|
|
|
|
RUN set -euxo pipefail \
|
2022-10-14 14:34:27 +02:00
|
|
|
; addgroup -Sg ${MAILU_GID} mailu \
|
|
|
|
; adduser -Sg ${MAILU_UID} -G mailu -h /app -g "mailu app" -s /bin/bash mailu \
|
2022-11-17 16:17:24 +02:00
|
|
|
; apk add --no-cache bash ca-certificates curl python3 tzdata libcap \
|
2023-01-12 16:16:53 +02:00
|
|
|
; ! [[ "$(uname -m)" == x86_64 ]] \
|
2022-11-24 11:13:04 +02:00
|
|
|
|| apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing hardened-malloc==11-r0
|
2022-11-14 10:34:43 +02:00
|
|
|
|
2022-09-27 22:08:37 +02:00
|
|
|
WORKDIR /app
|
|
|
|
|
2022-10-08 15:55:40 +02:00
|
|
|
CMD /bin/bash
|
|
|
|
|
|
|
|
|
|
|
|
# build virtual env (intermediate)
|
|
|
|
FROM system as build
|
|
|
|
|
2022-11-01 12:02:21 +02:00
|
|
|
ARG MAILU_DEPS=prod
|
2023-01-12 16:16:53 +02:00
|
|
|
ARG SNUFFLEUPAGUS_VERSION=0.9.0
|
2022-10-14 16:17:46 +02:00
|
|
|
|
2022-10-08 15:55:40 +02:00
|
|
|
ENV VIRTUAL_ENV=/app/venv
|
|
|
|
|
2022-10-14 16:17:46 +02:00
|
|
|
COPY requirements-build.txt ./
|
2022-10-14 14:34:27 +02:00
|
|
|
|
2022-10-08 15:55:40 +02:00
|
|
|
RUN set -euxo pipefail \
|
|
|
|
; apk add --no-cache py3-pip \
|
|
|
|
; python3 -m venv ${VIRTUAL_ENV} \
|
2022-10-14 16:17:46 +02:00
|
|
|
; ${VIRTUAL_ENV}/bin/pip install --no-cache-dir -r requirements-build.txt \
|
2022-11-01 00:40:51 +02:00
|
|
|
; apk del -r py3-pip \
|
|
|
|
; rm -f /tmp/*.pem
|
2022-10-08 15:55:40 +02:00
|
|
|
|
2022-11-01 12:02:21 +02:00
|
|
|
COPY requirements-${MAILU_DEPS}.txt ./
|
2022-10-08 15:55:40 +02:00
|
|
|
COPY libs/ libs/
|
2022-09-27 22:08:37 +02:00
|
|
|
|
2023-01-12 16:16:53 +02:00
|
|
|
ENV \
|
|
|
|
PATH="${VIRTUAL_ENV}/bin:${PATH}" \
|
|
|
|
CXXFLAGS="-g -O2 -fdebug-prefix-map=/app=. -fstack-protector-strong -Wformat -Werror=format-security -fstack-clash-protection -fexceptions" \
|
|
|
|
CFLAGS="-g -O2 -fdebug-prefix-map=/app=. -fstack-protector-strong -Wformat -Werror=format-security -fstack-clash-protection -fexceptions" \
|
|
|
|
CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" \
|
|
|
|
LDFLAGS="-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now" \
|
|
|
|
SNUFFLEUPAGUS_URL="https://github.com/jvoisin/snuffleupagus/archive/refs/tags/v${SNUFFLEUPAGUS_VERSION}.tar.gz"
|
2022-10-08 15:55:40 +02:00
|
|
|
|
2022-11-18 14:25:02 +02:00
|
|
|
RUN set -euxo pipefail \
|
2022-11-24 11:00:00 +02:00
|
|
|
; machine="$(uname -m)" \
|
|
|
|
; deps="build-base gcc libffi-dev python3-dev" \
|
|
|
|
; [[ "${machine}" != x86_64 ]] && \
|
2022-12-08 17:38:06 +02:00
|
|
|
deps="${deps} cargo git libretls-dev mariadb-connector-c-dev postgresql-dev" \
|
2022-11-24 11:00:00 +02:00
|
|
|
; apk add --virtual .build-deps ${deps} \
|
|
|
|
; [[ "${machine}" == armv7* ]] && \
|
|
|
|
mkdir -p /root/.cargo/registry/index && \
|
|
|
|
git clone --bare https://github.com/rust-lang/crates.io-index.git /root/.cargo/registry/index/github.com-1285ae84e5963aae \
|
|
|
|
; pip install -r requirements-${MAILU_DEPS}.txt \
|
2023-01-12 16:16:53 +02:00
|
|
|
; curl -sL ${SNUFFLEUPAGUS_URL} | tar xz \
|
|
|
|
; cd snuffleupagus-${SNUFFLEUPAGUS_VERSION} \
|
2022-11-18 14:25:02 +02:00
|
|
|
; rm -rf src/tests/*php7*/ src/tests/*session*/ src/tests/broken_configuration/ src/tests/*cookie* src/tests/upload_validation/ \
|
|
|
|
; apk add --virtual .build-deps php81-dev php81-cgi php81-simplexml php81-xml pcre-dev build-base php81-pear php81-openssl re2c \
|
|
|
|
; pecl install vld-beta \
|
|
|
|
; make -j $(grep -c processor /proc/cpuinfo) release \
|
|
|
|
; cp src/.libs/snuffleupagus.so /app \
|
2022-11-24 11:00:00 +02:00
|
|
|
; rm -rf /root/.cargo /tmp/*.pem /root/.cache
|
2022-10-08 15:55:40 +02:00
|
|
|
|
|
|
|
# base mailu image
|
|
|
|
FROM system
|
|
|
|
|
|
|
|
COPY --from=build /app/venv/ /app/venv/
|
2022-11-18 14:25:02 +02:00
|
|
|
COPY --chown=root:root --from=build /app/snuffleupagus.so /usr/lib/php81/modules/
|
2022-12-07 16:51:54 +02:00
|
|
|
RUN setcap 'cap_net_bind_service=+ep' /app/venv/bin/gunicorn 'cap_net_bind_service=+ep' /usr/bin/python3.10
|
2022-10-08 15:55:40 +02:00
|
|
|
|
2023-01-12 16:16:53 +02:00
|
|
|
ENV \
|
|
|
|
VIRTUAL_ENV=/app/venv \
|
2023-01-12 19:19:35 +02:00
|
|
|
PATH="/app/venv/bin:${PATH}" \
|
2023-01-12 16:16:53 +02:00
|
|
|
LD_PRELOAD="/usr/lib/libhardened_malloc.so" \
|
|
|
|
ADMIN_ADDRESS="admin" \
|
|
|
|
FRONT_ADDRESS="front" \
|
|
|
|
SMTP_ADDRESS="smtp" \
|
|
|
|
IMAP_ADDRESS="imap" \
|
|
|
|
OLETOOLS_ADDRESS="oletools" \
|
|
|
|
REDIS_ADDRESS="redis" \
|
|
|
|
ANTIVIRUS_ADDRESS="antivirus" \
|
|
|
|
ANTISPAM_ADDRESS="antispam" \
|
|
|
|
WEBMAIL_ADDRESS="webmail" \
|
|
|
|
WEBDAV_ADDRESS="webdav"
|