Merge pull request #128 from flcontainers/dev

fix 1.5.5 rights on guacd
flcontainers · Jul 30, 2024 · e43883f · e43883f
2 parents b16982f + 11d3ccc
commit e43883f
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 51 deletions.
diff --git a/.github/workflows/docker-image-dev.yml b/.github/workflows/docker-image-dev.yml
@@ -6,12 +6,10 @@ on:
     - cron: '35 2 * * *'
   push:
     branches: [ dev ]
-  pull_request:
-    branches: [ dev ]
 
 
 # permissions are needed if pushing to ghcr.io
-permissions: 
+permissions:
   packages: write
 
 jobs:
@@ -41,7 +39,9 @@ jobs:
           key: ${{ runner.os }}-multi-buildx-${{ github.sha }}
           restore-keys: |
             ${{ runner.os }}-multi-buildx
-        
+      
+
+
       # Push to Docker Hub
       - name: Login to Docker Hub
         if: github.event_name != 'pull_request'

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -3,7 +3,6 @@ name: Docker Image CI
 on:
 # Controls when the workflow will run
   push:
-    branches: [ main ]
     tags:
       - 'v*.*.*'
 
@@ -25,6 +24,14 @@ jobs:
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          # Key is named differently to avoid collision
+          key: ${{ runner.os }}-multi-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-multi-buildx
       # Push to Docker Hub
       - name: Login to Docker Hub
         if: github.event_name != 'pull_request'
@@ -54,4 +61,14 @@ jobs:
           platforms: linux/amd64,linux/arm64/v8,linux/ppc64le
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.guac.outputs.tags }}
-          labels: ${{ steps.guac.outputs.labels }}
+          labels: ${{ steps.guac.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          # Note the mode=max here
+          # More: https://github.com/moby/buildkit#--export-cache-options
+          # And: https://github.com/docker/buildx#--cache-tonametypetypekeyvalue
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
diff --git a/Dockerfile b/Dockerfile
@@ -11,36 +11,35 @@ ENV \
   GUAC_VER=${VERSION}
 
 # Install build dependencies
-RUN apk add --no-cache                \
-        alsa-lib-dev                  \
-        alsa-tools-dev                \
-        autoconf                      \
-        automake                      \
-        build-base                    \
-        cairo-dev                     \
-        cjson-dev                     \
-        cmake                         \
-        cups-dev                      \
-        cunit-dev                     \
-        ffmpeg4-dev                   \
-        git                           \
-        grep                          \
-        krb5-dev                      \
-        libjpeg-turbo-dev             \
-        libpng-dev                    \
-        libtool                       \
-        libusb-dev                    \
-        libwebp-dev                   \
-        libxkbfile-dev                \
-        make                          \
-        openssl-dev                   \
-        pango-dev                     \
-        pcsc-lite-dev                 \
-        pulseaudio-dev                \
-        sdl2-dev                      \
-        sdl2_ttf-dev                  \
-        util-linux-dev                \
-        webkit2gtk-dev
+RUN apk add --no-cache        \
+alsa-lib-dev                  \
+alsa-tools-dev                \
+autoconf                      \
+automake                      \
+build-base                    \
+cairo-dev                     \
+cmake                         \
+cups-dev                      \
+faac-dev                      \
+faad2-dev                     \
+ffmpeg4-dev                   \
+git                           \
+grep                          \
+gsm-dev                       \
+gstreamer-dev                 \
+libjpeg-turbo-dev             \
+libpng-dev                    \
+libtool                       \
+libusb-dev                    \
+libwebp-dev                   \
+libxkbfile-dev                \
+make                          \
+openh264-dev                  \
+openssl-dev                   \
+pango-dev                     \
+pcsc-lite-dev                 \
+pulseaudio-dev                \
+util-linux-dev
 
 
 # Copy source to container for sake of build
@@ -76,32 +75,28 @@ ARG WITH_LIBWEBSOCKETS='v\d+(\.\d+)+'
 ARG FREERDP_OPTS_COMMON="\
     -DBUILTIN_CHANNELS=OFF \
     -DCHANNEL_URBDRC=OFF \
-    -DWITH_ALSA=OFF \
+    -DWITH_ALSA=ON \
     -DWITH_CAIRO=ON \
     -DWITH_CHANNELS=ON \
     -DWITH_CLIENT=ON \
     -DWITH_CUPS=ON \
     -DWITH_DIRECTFB=OFF \
     -DWITH_FFMPEG=ON \
-    -DWITH_FUSE=OFF \
-    -DWITH_GSM=OFF \
+    -DWITH_GSM=ON \
     -DWITH_GSSAPI=OFF \
     -DWITH_IPP=OFF \
     -DWITH_JPEG=ON \
-    -DWITH_KRB5=ON \
     -DWITH_LIBSYSTEMD=OFF \
     -DWITH_MANPAGES=OFF \
-    -DWITH_OPENH264=OFF \
+    -DWITH_OPENH264=ON \
     -DWITH_OPENSSL=ON \
     -DWITH_OSS=OFF \
     -DWITH_PCSC=ON \
-    -DWITH_PKCS11=OFF \
-    -DWITH_PULSE=OFF \
+    -DWITH_PULSE=ON \
     -DWITH_SERVER=OFF \
     -DWITH_SERVER_INTERFACE=OFF \
     -DWITH_SHADOW_MAC=OFF \
     -DWITH_SHADOW_X11=OFF \
-    -DWITH_SWSCALE=OFF \
     -DWITH_WAYLAND=OFF \
     -DWITH_X11=OFF \
     -DWITH_X264=OFF \
@@ -224,9 +219,12 @@ RUN apk add --no-cache                \
 
 RUN apk add --no-cache -X https://dl-cdn.alpinelinux.org/alpine/edge/testing gosu
 
-# Add user guacd
-RUN groupadd guacd && \
-useradd -s /bin/false -g guacd guacd
+# Create a new user guacd
+ARG UID=1000
+ARG GID=1000
+RUN groupadd --gid $GID guacd
+RUN useradd --system --create-home --shell /sbin/nologin --uid $UID --gid $GID guacd
+
 RUN chown guacd:guacd -R ${PREFIX_DIR}
 
 # Install tomcat
@@ -305,9 +303,9 @@ RUN chown tomcat:tomcat -R ${GUACAMOLE_HOME}
 
 ENV PATH=/usr/lib/postgresql/${PG_MAJOR}/bin:$PATH
 ENV GUACAMOLE_HOME=/config/guacamole
-ENV CATALINA_PID=${CATALINA_HOME}/tomcat.pid
+ENV CATALINA_PID=/tmp/tomcat.pid
 ENV POSTGRES_PID=/config/postgresql/postmaster.pid
-ENV GUACD_PID=${PREFIX_DIR}/guacd.pid
+ENV GUACD_PID=/tmp/guacd.pid
 
 # Copy files
 COPY filefs /

diff --git a/filefs/usr/local/bin/_startup.sh b/filefs/usr/local/bin/_startup.sh
@@ -24,7 +24,8 @@ if [ -d "/config/guacamole/" ]; then
   cp -r /app/guacamole/schema /config/guacamole
 fi
 cp -rn /app/guacamole /config
-mkdir -p /root/.config/freerdp/known_hosts
+mkdir -p /home/guacd/.config/freerdp
+chown -R guacd:guacd /home/guacd/.config/freerdp
 chown -R tomcat:tomcat /config/guacamole
 chown -R tomcat:tomcat /opt/tomcat # Might help to fix issues with bug on tomcat logs
 

diff --git a/scripts/guacd/wrapper_supervisor.sh b/scripts/guacd/wrapper_supervisor.sh
@@ -9,7 +9,7 @@ function shutdown()
 
 date
 echo "Starting Guacd"
-
+HOME="/home/guacd"
 /opt/guacamole/sbin/guacd -b 0.0.0.0 -L $GUACD_LOG_LEVEL -p $GUACD_PID -f
 
 sleep 5
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ function shutdown() @@
     date
     echo "Starting Guacd"
+    HOME="/home/guacd"
     /opt/guacamole/sbin/guacd -b 0.0.0.0 -L $GUACD_LOG_LEVEL -p $GUACD_PID -f
     sleep 5
@@ Expand Down @@