From d7bc0a7f7ffb3bb6cf0ffee6efc05397667af905 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Fri, 14 Dec 2018 11:02:52 -0500
Subject: [PATCH 01/19] Update Dockerfile
---
Dockerfile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 7740dd3..7f65e54 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -112,7 +112,7 @@ COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/
-ARG COMANAGE_REGISTRY_VERSION=3.1.1
+ARG COMANAGE_REGISTRY_VERSION=3.2
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
@@ -191,7 +191,7 @@ COPY docker-supervisord-entrypoint /usr/local/bin/
# following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT True
-ENV TIER_RELEASE=180801
+ENV TIER_RELEASE=181201
ENV TIER_MAINTAINER=tier
ENTRYPOINT ["docker-supervisord-entrypoint"]
From 0de0eb1f1a8d51fac78393208be2bea50e6426f0 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Fri, 14 Dec 2018 11:10:19 -0500
Subject: [PATCH 02/19] Update Dockerfile
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index 7f65e54..ac25cb5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -112,7 +112,7 @@ COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/
-ARG COMANAGE_REGISTRY_VERSION=3.2
+ARG COMANAGE_REGISTRY_VERSION=develop
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
From ab927712f94da4ff428ba4b1983dcd62a186f843 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Thu, 20 Dec 2018 15:49:15 -0500
Subject: [PATCH 03/19] Update Dockerfile
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index ac25cb5..a8d9f8f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -112,7 +112,7 @@ COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/
-ARG COMANAGE_REGISTRY_VERSION=develop
+ARG COMANAGE_REGISTRY_VERSION=3.2.0-rc1
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
From f009b44a1ee77f37024162ce244a6b8a10cc1ef9 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Thu, 20 Dec 2018 15:54:29 -0500
Subject: [PATCH 04/19] Update Jenkinsfile
---
Jenkinsfile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Jenkinsfile b/Jenkinsfile
index 278e7f7..e8652d7 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -4,7 +4,7 @@ pipeline {
maintainer = "t"
imagename = 'g'
tag = 'l'
- version='3.1.1'
+ version='3.2.0-rc1'
}
stages {
stage('Setting build context') {
@@ -34,7 +34,7 @@ pipeline {
steps {
script {
docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
- def baseImg = docker.build("$maintainer/$imagename", "--build-arg COMANAGE_REGISTRY_VERSION=$version .")
+ def baseImg = docker.build("$maintainer/$imagename", "--no-cache --build-arg COMANAGE_REGISTRY_VERSION=$version .")
baseImg.push("$tag")
}
}
From 05b90c9c51cff13fb1444ccf40b535c9255c9369 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Thu, 20 Dec 2018 16:09:35 -0500
Subject: [PATCH 05/19] Update common.bash
---
common.bash | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common.bash b/common.bash
index 5b0a486..4e20c57 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
maintainer="tier"
imagename="comanage"
-COMANAGE_REGISTRY_VERSION="3.1.1"
+COMANAGE_REGISTRY_VERSION="3.2.0-rc1"
From 868deaceb28ec52b18afcba9893487b74ba453e6 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Thu, 20 Dec 2018 16:14:11 -0500
Subject: [PATCH 06/19] Update Dockerfile
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index a8d9f8f..e209979 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,7 +41,7 @@ RUN yum -y update && yum -y install \
WORKDIR /usr/local/src
-ARG PHP_VERSION=7.2.5
+ARG PHP_VERSION=7.2.12
ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
RUN mkdir php-src \
From a23919f8829958f8c7ba27f80395ab82c22e25f9 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Mon, 7 Jan 2019 09:03:03 -0600
Subject: [PATCH 07/19] bump COmanage and PHP
---
Dockerfile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index e209979..e9290e5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,7 +41,7 @@ RUN yum -y update && yum -y install \
WORKDIR /usr/local/src
-ARG PHP_VERSION=7.2.12
+ARG PHP_VERSION=7.2.13
ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
RUN mkdir php-src \
@@ -112,7 +112,7 @@ COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/
-ARG COMANAGE_REGISTRY_VERSION=3.2.0-rc1
+ARG COMANAGE_REGISTRY_VERSION=3.2.0
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
From d7e03edc6d0d63e011330cafe30723fade9cd765 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Wed, 6 Feb 2019 16:30:03 -0500
Subject: [PATCH 08/19] Create InCommon.crt
---
container_files/cert/InCommon.crt | 91 +++++++++++++++++++++++++++++++
1 file changed, 91 insertions(+)
create mode 100644 container_files/cert/InCommon.crt
diff --git a/container_files/cert/InCommon.crt b/container_files/cert/InCommon.crt
new file mode 100644
index 0000000..f4d6eee
--- /dev/null
+++ b/container_files/cert/InCommon.crt
@@ -0,0 +1,91 @@
+-----BEGIN CERTIFICATE-----
+MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
+MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
+DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
+xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
+HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
+iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
+qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
+eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
+fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
+MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
+EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
+hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
+dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
+dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
+cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
+hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
+11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
++Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
+5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
+hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
+RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
+Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
+eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
+nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
+oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
+OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
+gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
+ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
+VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
+UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
+tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
+jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
+8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
+AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
+Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
+N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
+qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
+HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
++gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
+HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
+A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
+HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
+dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
+dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
+lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
+RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
+YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
+Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
+Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
+0fKtirOMxyHNwu8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
From 70c27e85342077b945f2bb0bbfca63e82fec2488 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Wed, 6 Feb 2019 16:30:45 -0500
Subject: [PATCH 09/19] Update CA trust anchors
---
Dockerfile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Dockerfile b/Dockerfile
index e9290e5..ed7c1ca 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,6 +39,10 @@ RUN yum -y update && yum -y install \
re2c \
wget
+RUN update-ca-trust force-enable
+ADD container_files/cert/InCommon.crt /etc/pki/ca-trust/source/anchors/
+RUN update-ca-trust extract
+
WORKDIR /usr/local/src
ARG PHP_VERSION=7.2.13
From 06d8fc0bac74a5a295eba4f058324044deeb7c81 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Wed, 6 Feb 2019 17:12:37 -0500
Subject: [PATCH 10/19] update php version
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index ed7c1ca..a4a1c5c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -45,7 +45,7 @@ RUN update-ca-trust extract
WORKDIR /usr/local/src
-ARG PHP_VERSION=7.2.13
+ARG PHP_VERSION=7.2.14
ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
RUN mkdir php-src \
From 55dec100faaed07bd57b91e04c9704e36cf7ce55 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Wed, 6 Feb 2019 17:40:06 -0500
Subject: [PATCH 11/19] bump to php 7.3.1
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index a4a1c5c..2abcdd0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -45,7 +45,7 @@ RUN update-ca-trust extract
WORKDIR /usr/local/src
-ARG PHP_VERSION=7.2.14
+ARG PHP_VERSION=7.3.1
ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
RUN mkdir php-src \
From d36c8abba7e1007ead67a602bd102bb695467a51 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Wed, 6 Feb 2019 17:50:12 -0500
Subject: [PATCH 12/19] Update Dockerfile
---
Dockerfile | 1 +
1 file changed, 1 insertion(+)
diff --git a/Dockerfile b/Dockerfile
index 2abcdd0..d5f1b50 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -63,6 +63,7 @@ RUN cd php-src \
--disable-cgi \
--enable-mbstring \
--enable-mysqlnd \
+ --enable-phar=shared \
--with-apxs2=/usr/bin/apxs \
--with-config-file-path=/usr/local/etc/php \
--with-config-file-scan-dir=/usr/local/etc/php/conf.d \
From 1c034ae56eed79d276676bb86d22b295faab96dd Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Thu, 7 Feb 2019 12:49:41 -0500
Subject: [PATCH 13/19] Update Dockerfile
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index d5f1b50..fdc6787 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -63,7 +63,7 @@ RUN cd php-src \
--disable-cgi \
--enable-mbstring \
--enable-mysqlnd \
- --enable-phar=shared \
+ --without-pear \
--with-apxs2=/usr/bin/apxs \
--with-config-file-path=/usr/local/etc/php \
--with-config-file-scan-dir=/usr/local/etc/php/conf.d \
From 077a38e3f4e671e0bd433222347bca9cca046d77 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Tue, 26 Feb 2019 22:03:15 -0500
Subject: [PATCH 14/19] 3.2.1
---
Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
index fdc6787..0acefa1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -117,7 +117,7 @@ COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/
-ARG COMANAGE_REGISTRY_VERSION=3.2.0
+ARG COMANAGE_REGISTRY_VERSION=3.2.1
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
From 9791b80c2f58d6766e3559f2d677b286f3d9034d Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Tue, 26 Feb 2019 22:03:46 -0500
Subject: [PATCH 15/19] Update common.bash
---
common.bash | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common.bash b/common.bash
index 4e20c57..b5d80b9 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
maintainer="tier"
imagename="comanage"
-COMANAGE_REGISTRY_VERSION="3.2.0-rc1"
+COMANAGE_REGISTRY_VERSION="3.2.1-rc1"
From 8516c70eef65c557c81511726b44e8e3f3b8772b Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Tue, 26 Feb 2019 22:20:00 -0500
Subject: [PATCH 16/19] Update common.bash
---
common.bash | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common.bash b/common.bash
index b5d80b9..015a49a 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
maintainer="tier"
imagename="comanage"
-COMANAGE_REGISTRY_VERSION="3.2.1-rc1"
+COMANAGE_REGISTRY_VERSION="3.2.1"
From 7c32b103881ee3882bf042eef1a9b32f6ad19ce7 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Fri, 3 May 2019 14:21:01 +0000
Subject: [PATCH 17/19] bump COmanage to 3.2.2 and PHP to 7.3.5
---
Dockerfile | 6 +++---
common.bash | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 0acefa1..3fd2b35 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -45,7 +45,7 @@ RUN update-ca-trust extract
WORKDIR /usr/local/src
-ARG PHP_VERSION=7.3.1
+ARG PHP_VERSION=7.3.5
ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
RUN mkdir php-src \
@@ -117,7 +117,7 @@ COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/
-ARG COMANAGE_REGISTRY_VERSION=3.2.1
+ARG COMANAGE_REGISTRY_VERSION=3.2.2
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
@@ -196,7 +196,7 @@ COPY docker-supervisord-entrypoint /usr/local/bin/
# following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT True
-ENV TIER_RELEASE=181201
+ENV TIER_RELEASE=190501
ENV TIER_MAINTAINER=tier
ENTRYPOINT ["docker-supervisord-entrypoint"]
diff --git a/common.bash b/common.bash
index 015a49a..00efbb9 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
maintainer="tier"
imagename="comanage"
-COMANAGE_REGISTRY_VERSION="3.2.1"
+COMANAGE_REGISTRY_VERSION="3.2.2"
From c4e39a179484395c97c2c025290543179c6eb0a9 Mon Sep 17 00:00:00 2001
From: Chris Hubing <chubing@internet2.edu>
Date: Fri, 8 Nov 2019 14:56:30 +0000
Subject: [PATCH 18/19] updated ARGS to point to dockerhub versions
---
000-comanage.conf | 37 +-
Dockerfile | 140 ++---
README.md | 619 ++++-------------------
docker-comanage-entrypoint | 326 +-----------
docker-comanage-shibboleth-sp-entrypoint | 107 +---
docker-supervisord-entrypoint | 31 +-
sendtierbeacon.sh | 16 +-
setupcron.sh | 10 +-
shibboleth.repo | 7 +-
9 files changed, 198 insertions(+), 1095 deletions(-)
diff --git a/000-comanage.conf b/000-comanage.conf
index b198062..5ad4912 100644
--- a/000-comanage.conf
+++ b/000-comanage.conf
@@ -18,28 +18,22 @@
# limitations under the License.
Listen 443
-ServerName %%SERVER_NAME%%
+ServerName ${COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN}
PassEnv ENV
PassEnv USERTOKEN
-<VirtualHost *:80>
-ServerName http://%%SERVER_NAME%%:80
-RewriteEngine On
-RewriteCond %{HTTPS} off
-RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]
-</VirtualHost>
+Include apache-include-virtual-host-port80-redirect
<VirtualHost *:443>
-ServerName https://%%SERVER_NAME%%:443
+Include apache-include-virtual-host-port443-base
+
+SSLCertificateFile /etc/httpd/cert.pem
+SSLCertificateKeyFile /etc/httpd/privkey.pem
PassEnv ENV
PassEnv USERTOKEN
-DocumentRoot /var/www/html
-
-RedirectMatch ^/$ /registry/
-
ErrorLogFormat "httpd;ssl_error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
ErrorLog /tmp/logpipe
LogLevel warn
@@ -47,22 +41,7 @@ LogLevel warn
LogFormat "httpd;ssl_access_log;%{ENV}e;%{USERTOKEN}e;%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
CustomLog /tmp/logpipe ssl_combined
-Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
-
-SSLEngine on
-SSLProtocol all -SSLv2 -SSLv3
-SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
-SSLHonorCipherOrder on
-
-SSLCertificateFile /etc/httpd/cert.pem
-SSLCertificateKeyFile /etc/httpd/privkey.pem
-
-<Directory /var/www/html/registry>
-Options Indexes FollowSymLinks
-DirectoryIndex index.php
-AllowOverride All
-Require all granted
-</Directory>
+Include apache-include-directory-registry
<Location "/Shibboleth.sso">
SetHandler shib
@@ -81,6 +60,6 @@ Require shibboleth
RewriteEngine On
RewriteCond %{QUERY_STRING} !after_redirect
-RewriteRule ^/registry/auth/logout.* https://%%SERVER_NAME%%/Shibboleth.sso/Logout?return=https://%%SERVER_NAME%%/registry/auth/logout/?after_redirect [L,R]
+RewriteRule ^/registry/auth/logout.* https://%{HTTP_HOST}/Shibboleth.sso/Logout?return=https://%{HTTP_HOST}/registry/auth/logout/?after_redirect [L,R]
</VirtualHost>
diff --git a/Dockerfile b/Dockerfile
index 3fd2b35..61f2a11 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,78 +16,32 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-FROM centos:centos7 AS php-build
+ARG COMANAGE_REGISTRY_VERSION=3.2.2
+ARG COMANAGE_REGISTRY_BASE_IMAGE_VERSION=20191108
+ARG COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION=3.2.2-20191108
-RUN yum -y install epel-release
+FROM comanage-registry-base:${COMANAGE_REGISTRY_VERSION}-${COMANAGE_REGISTRY_BASE_IMAGE_VERSION} AS comanage
-RUN yum -y update && yum -y install \
- autoconf \
- bison \
- gcc \
- httpd-devel \
- libargon2-devel \
- libcurl-devel \
- libedit-devel \
- libsodium-devel \
- libxml2-devel \
- libxslt-devel \
- make \
- mariadb-devel \
- openldap-devel \
- openssl-devel \
- postgresql-devel \
- re2c \
- wget
-
-RUN update-ca-trust force-enable
-ADD container_files/cert/InCommon.crt /etc/pki/ca-trust/source/anchors/
-RUN update-ca-trust extract
-
-WORKDIR /usr/local/src
-
-ARG PHP_VERSION=7.3.5
-ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
-
-RUN mkdir php-src \
- && wget -O php-src.tar.gz ${PHP_SRC_URL} \
- && tar zxf php-src.tar.gz -C php-src --strip-components=1 \
- && rm php-src.tar.gz
-
-ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
-ENV PHP_CPPFLAGS="$PHP_CFLAGS"
-ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
-
-RUN cd php-src \
- && ./buildconf --force \
- && ./configure \
- --disable-cgi \
- --enable-mbstring \
- --enable-mysqlnd \
- --without-pear \
- --with-apxs2=/usr/bin/apxs \
- --with-config-file-path=/usr/local/etc/php \
- --with-config-file-scan-dir=/usr/local/etc/php/conf.d \
- --with-curl \
- --with-ldap \
- --with-libdir=lib64 \
- --with-libedit \
- --with-mysqli \
- --with-openssl \
- --with-password-argon2 \
- --with-pdo-mysql \
- --with-pdo-pgsql \
- --with-pgsql \
- --with-sodium \
- --with-xsl \
- --with-zlib \
- && export CFLAGS="$PHP_CFLAGS" \
- && export CPPFLAGS="$PHP_CPPFLAGS" \
- && export LDFLAGS="$PHP_LDFLAGS" \
- && make -j "$(nproc)" \
- && make install
+FROM comanage-registry-internet2-tier-base:${COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION} AS php-build
FROM centos:centos7
+ARG COMANAGE_REGISTRY_VERSION
+ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
+LABEL comanage_registry_version=${COMANAGE_REGISTRY_VERSION}
+
+ARG COMANAGE_REGISTRY_BASE_IMAGE_VERSION
+ENV COMANAGE_REGISTRY_BASE_IMAGE_VERSION ${COMANAGE_REGISTRY_BASE_IMAGE_VERSION}
+LABEL comanage_registry_base_image_version=${COMANAGE_REGISTRY_BASE_IMAGE_VERSION}
+
+ARG COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION
+ENV COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION ${COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION}
+LABEL comanage_registry_i2_base_image_version=${COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION}
+
+ARG COMANAGE_REGISTRY_DIR
+ENV COMANAGE_REGISTRY_DIR ${COMANAGE_REGISTRY_DIR:-/srv/comanage-registry}
+LABEL comanage_registry_dir=${COMANAGE_REGISTRY_DIR}
+
RUN yum -y install epel-release
COPY shibboleth.repo /etc/yum.repos.d/
@@ -106,6 +60,7 @@ RUN yum -y update && yum -y install \
postgresql \
python-pip \
shibboleth \
+ sudo \
wget \
zlib \
&& pip install --upgrade pip \
@@ -117,28 +72,13 @@ COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
COPY --from=php-build /usr/local/include/php /usr/local/include/php/
COPY --from=php-build /usr/local/bin /usr/local/bin/
-ARG COMANAGE_REGISTRY_VERSION=3.2.2
-ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
-ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
-
-LABEL comanage_registry_version=${COMANAGE_REGISTRY_VERSION}
-LABEL comanage_registry_src_url=${COMANAGE_REGISTRY_SRC_URL}
-
-ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry
-
-WORKDIR "$COMANAGE_REGISTRY_DIR"
-
-RUN mkdir -p "${COMANAGE_REGISTRY_DIR}" \
- && wget -O comanage.tar.gz ${COMANAGE_REGISTRY_SRC_URL} \
- && tar -zxf comanage.tar.gz -C ${COMANAGE_REGISTRY_DIR} --strip-components=1 \
- && rm -f comanage.tar.gz \
- && rm -f ${COMANAGE_REGISTRY_DIR}/app/tmp \
- && cp -r ${COMANAGE_REGISTRY_DIR}/app/tmp.dist ${COMANAGE_REGISTRY_DIR}/app/tmp \
- && chown -R apache:apache ${COMANAGE_REGISTRY_DIR}/app/tmp \
- && cd /var/www/html \
- && ln -s ${COMANAGE_REGISTRY_DIR}/app/webroot registry \
- && rm -rf ${COMANAGE_REGISTRY_DIR}/local/* \
- && ln -s ${COMANAGE_REGISTRY_DIR}/local /local
+COPY --from=comanage ${COMANAGE_REGISTRY_DIR} ${COMANAGE_REGISTRY_DIR}/
+COPY --from=comanage /etc/apache2/apache-include-directory-registry /etc/httpd/
+COPY --from=comanage /etc/apache2/apache-include-virtual-host-port443-base /etc/httpd/
+COPY --from=comanage /etc/apache2/apache-include-virtual-host-port80-redirect /etc/httpd/
+COPY --from=comanage /usr/local/lib/comanage_utils.sh /usr/local/lib/
+COPY --from=comanage /usr/local/lib/comanage_shibboleth_sp_utils.sh /usr/local/lib/
+COPY --from=comanage /usr/local/bin/docker-comanage-entrypoint /usr/local/bin/
COPY 000-comanage.conf /etc/httpd/conf.d/
COPY 10-php7.conf /etc/httpd/conf.modules.d/
@@ -149,6 +89,9 @@ COPY native.logger /etc/shibboleth/
COPY httpd.conf /etc/httpd/conf/
COPY sendtierbeacon.sh /usr/local/bin/sendtierbeacon.sh
COPY setupcron.sh /usr/local/bin/setupcron.sh
+COPY docker-comanage-entrypoint /usr/local/bin/
+COPY docker-comanage-shibboleth-sp-entrypoint /usr/local/bin/
+COPY docker-supervisord-entrypoint /usr/local/bin/
RUN cd /etc/httpd/conf.d \
&& rm -f autoindex.conf ssl.conf userdir.conf welcome.conf \
@@ -157,7 +100,12 @@ RUN cd /etc/httpd/conf.d \
&& ln -s /etc/pki/tls/private/localhost.key privkey.pem \
&& chmod 755 /usr/local/bin/sendtierbeacon.sh \
&& chmod 755 /usr/local/bin/setupcron.sh \
- && /usr/local/bin/setupcron.sh
+ && /usr/local/bin/setupcron.sh \
+ && cd /var/www/html \
+ && ln -s ${COMANAGE_REGISTRY_DIR}/app/webroot registry \
+ && rm -rf ${COMANAGE_REGISTRY_DIR}/local/* \
+ && chown -R apache:apache ${COMANAGE_REGISTRY_DIR}/app/tmp \
+ && rm -f /etc/shibboleth/shibboleth2.xml
# Allow values for first administrator bootstrapped into the
# platform to be specified at image build time, in addition to
@@ -174,15 +122,9 @@ ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME:-A
ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME:-registry.admin}
ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING:-No}
-EXPOSE 80 443
+VOLUME ${COMANAGE_REGISTRY_DIR}/local /etc/shibboleth
-VOLUME ["/srv/comanage-registry/local"]
-
-VOLUME ["/etc/shibboleth"]
-
-COPY docker-comanage-entrypoint /usr/local/bin/
-COPY docker-comanage-shibboleth-sp-entrypoint /usr/local/bin/
-COPY docker-supervisord-entrypoint /usr/local/bin/
+EXPOSE 80 443
# TIER Beacon Opt-out
#
@@ -196,7 +138,7 @@ COPY docker-supervisord-entrypoint /usr/local/bin/
# following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT True
-ENV TIER_RELEASE=190501
+ENV TIER_RELEASE=180501
ENV TIER_MAINTAINER=tier
ENTRYPOINT ["docker-supervisord-entrypoint"]
diff --git a/README.md b/README.md
index 50d0a06..b4abaa9 100644
--- a/README.md
+++ b/README.md
@@ -1,556 +1,159 @@
-# COmanage Registry Internet2 TIER Docker
-
-## What it is
-Docker version of [COmanage
-Registry](https://spaces.internet2.edu/display/COmanage/Home) packaged to meet
-the specifications of the
+<!--
+COmanage Registry Docker documentation
+
+Portions licensed to the University Corporation for Advanced Internet
+Development, Inc. ("UCAID") under one or more contributor license agreements.
+See the NOTICE file distributed with this work for additional information
+regarding copyright ownership.
+
+UCAID licenses this file to you under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with the
+License. You may obtain a copy of the License at:
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+# COmanage Registry Internet2 TIER
+
+Intended to build a COmanage Registry image using the Shibboleth Native SP
+for Apache HTTP Server (Shibboleth) as the authentication mechanism and that
+meets the
+[TIER Docker Container Specification](https://spaces.at.internet2.edu/x/m4ZyBw)
+from the
[Internet2 TIER](https://www.internet2.edu/vision-initiatives/initiatives/trust-identity-education-research/)
program.
-COmanage Registry is a web application that requires a relational database
-and an authentication mechanism such as
-[Shibboleth](http://shibboleth.net/products/service-provider.html).
-
-## How To
+## Build Arguments
-* Install Docker. These instructions require version 17.03.1 or higher.
-
-* Clone this repository:
+Building the image requires the following build arguments:
```
-git clone https://github.com/Internet2/comanage-registry-docker.git
-cd comanage-registry-docker
+--build-arg COMANAGE_REGISTRY_VERSION=<version number>
+--build-arg COMANAGE_REGISTRY_BASE_IMAGE_VERSION=<base image version number>
+--build-arg COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION=<I2 base image version number>
```
-* Define `COMANAGE_REGISTRY_VERSION`. Currently we recommend
+## Build Requirements
-```
-export COMANAGE_REGISTRY_VERSION=3.1.0
-```
+This image uses a [multi-stage build](https://docs.docker.com/develop/develop-images/multistage-build/).
+It requires that the [COmanage Registry base image](../comanage-registry-base/README.md)
+and [Internet2 TIER base image](../comanage-registry-internet2-tier-base/README.md) be built first.
-* Build a local image for COmanage Registry:
+## Building
```
-pushd comanage-registry-internet2-tier
docker build \
- --build-arg COMANAGE_REGISTRY_VERSION=${COMANAGE_REGISTRY_VERSION} \
- -t comanage-registry:${COMANAGE_REGISTRY_VERSION}-internet2-tier .
-popd
+ --build-arg COMANAGE_REGISTRY_VERSION=<COmanage Registry version number> \
+ --build-arg COMANAGE_REGISTRY_BASE_IMAGE_VERSION=<base image version number> \
+ --build-arg COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION=<base image version number> \
+ -t comanage-registry:<tag> .
```
-* Create directories to store local state files:
+## Building Example
```
-sudo mkdir -p /srv/docker/internet2-tier/srv/comanage-registry/local
-sudo mkdir -p /srv/docker/internet2-tier/var/lib/mysql
-sudo mkdir -p /srv/docker/internet2-tier/var/lib/ldap
-sudo mkdir -p /srv/docker/internet2-tier/etc/ldap/slapd.d
+export COMANAGE_REGISTRY_VERSION=3.2.1
+export COMANAGE_REGISTRY_BASE_IMAGE_VERSION=1
+export COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION=1
+export COMANAGE_REGISTRY_I2_IMAGE_VERSION=1
+TAG="${COMANAGE_REGISTRY_VERSION}-internet2-tier-${COMANAGE_REGISTRY_I2_IMAGE_VERSION}"
+docker build \
+ --build-arg COMANAGE_REGISTRY_VERSION=${COMANAGE_REGISTRY_VERSION} \
+ --build-arg COMANAGE_REGISTRY_BASE_IMAGE_VERSION=${COMANAGE_REGISTRY_BASE_IMAGE_VERSION} \
+ --build-arg COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION=${COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION} \
+ -t comanage-registry:$TAG .
```
-* Initialize Docker Swarm:
-
-```
-docker swarm init
-```
+## Volumes and Data Persistence
-* Hash a password to use as the LDAP admin password:
+See [COmanage Registry Volumes and Data Persistence](../docs/volumes-and-data-persistence.md).
-```
-/usr/sbin/slappasswd -c '$6$rounds=5000$%.86s'
-```
-* Create Docker Swarm secrets (please be sure to substitute your own secrets):
+## Environment Variables
+See the [list of environment variables common to all images](../docs/comanage-registry-common-environment-variables.md)
+including this image.
-```
-echo "88cdfwOgQ1OblrHPNTyY" | docker secret create mysql_root_password -
+See also the
+[list of environment variables common to all images using Shibboleth](../docs/comanage-registry-common-shibboleth-environment-variables.md).
-echo "5zY87knHxbP3sVQstRW2" | docker secret create mysql_password -
+Additionally the Internet2 TIER image supports the following environment variables:
-echo "5zY87knHxbP3sVQstRW2" | docker secret create comanage_registry_database_user_password -
+`ENV`
-echo "qselvrfaomxktlra" | docker secret create comanage_registry_email_account_password -
+* Description: Environment
+* Required: No
+* Default: None
+* Example: PROD
+* Note: Usually one of PROD, TEST, or DEV. The value is included in log entries.
-docker secret create https_cert_file fullchain.pem
+`USERTOKEN`
-docker secret create https_privkey_file privkey.pem
+* Description: Deployer supplied
+* Required: No
+* Default: None
+* Example: node01
+* Note: The value is included in log entries.
-docker secret create shibboleth_sp_cert sp-cert.pem
+## Authentication
-docker secret create shibboleth_sp_privkey sp-key.pem
+This image supports using the Shibboleth Native SP for Apache HTTP Server (Shibboleth) as the
+authentication mechanism. Deployers should configure Shibboleth so that the desired
+asserted user attribute is written into `REMOTE_USER`.
-echo '{CRYPT}$6$rounds=5000$HHDyV7yz4yn4FH/d$eAg9uXbSnxvCCTZ8GstprFryip3Br111tArqsIaBDCF2Rm7tciEivDLCjpcMVT7OL.Lg5QKjEUM.C5UA2DNuf1' \
- | docker secret create olc_root_pw -
+## Ports
-docker secret create slapd_cert_file cert.pem
+The image listens for web traffic on ports 80 and 443. All requests
+on port 80 are redirected to port 443.
-docker secret create slapd_privkey_file privkey.pem
+## Running
-docker secret create slapd_chain_file chain.pem
-```
+See other documentation in this repository for details on how to orchestrate
+running this image with other images using an orchestration tool like
+Docker Compose, Docker Swarm, or Kubernetes.
-* Create a Docker compose file:
+To run this image:
```
-version: '3.1'
-
-services:
- comanage-registry:
- image: comanage-registry:3.1.0-internet2-tier
- volumes:
- - /srv/docker/internet2-tier/srv/comanage-registry/local:/srv/comanage-registry/local
- environment:
- - COMANAGE_REGISTRY_DATASOURCE=Database/Mysql
- - COMANAGE_REGISTRY_DATABASE=registry
- - COMANAGE_REGISTRY_DATABASE_HOST=comanage-registry-database
- - COMANAGE_REGISTRY_DATABASE_USER=registry_user
- - COMANAGE_REGISTRY_DATABASE_USER_PASSWORD_FILE=/run/secrets/comanage_registry_database_user_password
- - COMANAGE_REGISTRY_EMAIL_FROM=registry@some.org
- - COMANAGE_REGISTRY_EMAIL_TRANSPORT=Smtp
- - COMANAGE_REGISTRY_EMAIL_HOST=tls://smtp.some.org
- - COMANAGE_REGISTRY_EMAIL_PORT=465
- - COMANAGE_REGISTRY_EMAIL_ACCOUNT=registry@some.org
- - COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD_FILE=/run/secrets/comanage_registry_email_account_password
- - COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Emma
- - COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Sanchez
- - COMANAGE_REGISTRY_ADMIN_USERNAME=emma.sanchez@some.org
- - HTTPS_CERT_FILE=/run/secrets/https_cert_file
- - HTTPS_PRIVKEY_FILE=/run/secrets/https_privkey_file
- - SERVER_NAME=registry.some.org
- - SHIBBOLETH_SP_CERT=/run/secrets/shibboleth_sp_cert
- - SHIBBOLETH_SP_PRIVKEY=/run/secrets/shibboleth_sp_privkey
- secrets:
- - comanage_registry_database_user_password
- - comanage_registry_email_account_password
- - https_cert_file
- - https_privkey_file
- - shibboleth_sp_cert
- - shibboleth_sp_privkey
- networks:
- - default
- ports:
- - "80:80"
- - "443:443"
- logging:
- driver: syslog
- options:
- tag: "comanage_registry"
- deploy:
- replicas: 1
-
- comanage-registry-database:
- image: mariadb:10.2
- volumes:
- - /srv/docker/internet2-tier/var/lib/mysql:/var/lib/mysql
- environment:
- - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
- - MYSQL_DATABASE=registry
- - MYSQL_USER=registry_user
- - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
- secrets:
- - mysql_root_password
- - mysql_password
- networks:
- - default
- logging:
- driver: syslog
- options:
- tag: "mariadb"
- deploy:
- replicas: 1
-
- comanage-registry-ldap:
- image: sphericalcowgroup/comanage-registry-slapd
- command: ["slapd", "-d", "256", "-h", "ldapi:/// ldap:/// ldaps:///", "-u", "openldap", "-g", "openldap"]
- volumes:
- - /srv/docker/development/var/lib/ldap:/var/lib/ldap
- - /srv/docker/development/etc/ldap/slapd.d:/etc/ldap/slapd.d
- environment:
- - SLAPD_CERT_FILE=/run/secrets/slapd_cert_file
- - SLAPD_PRIVKEY_FILE=/run/secrets/slapd_privkey_file
- - SLAPD_CHAIN_FILE=/run/secrets/slapd_chain_file
- - OLC_ROOT_PW_FILE=/run/secrets/olc_root_pw
- - OLC_SUFFIX=dc=sphericalcowgroup,dc=com
- - OLC_ROOT_DN=cn=admin,dc=sphericalcowgroup,dc=com
- secrets:
- - slapd_cert_file
- - slapd_privkey_file
- - slapd_chain_file
- - olc_root_pw
- networks:
- - default
- logging:
- driver: syslog
- options:
- tag: "openldap"
- ports:
- - "636:636"
- - "389:389"
- deploy:
- replicas: 1
-
-secrets:
- mysql_root_password:
- external: true
- mysql_password:
- external: true
- comanage_registry_database_user_password:
- external: true
- comanage_registry_email_account_password:
- external: true
- https_cert_file:
- external: true
- https_privkey_file:
- external: true
- shibboleth_sp_cert:
- external: true
- shibboleth_sp_privkey:
- external: true
- slapd_cert_file:
- external: true
- slapd_privkey_file:
- external: true
- slapd_chain_file:
- external: true
- olc_root_pw:
- external: true
-
+docker run -d \
+ --name comanage-registry \
+ -e COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Julia \
+ -e COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Janseen \
+ -e COMANAGE_REGISTRY_ADMIN_USERNAME=julia.janseen@my.org \
+ -e SHIBBOLETH_SP_ENTITY_ID=https://myapp.my.org/shibboleth/sp \
+ -e SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE=/etc/shibboleth/my-org-metadata.xml \
+ -v /opt/comanage-registry-local:/srv/comanage-registry/local \
+ -v /etc/shibboleth/sp-encrypt-cert.pem:/etc/shibboleth/sp-encrypt-cert.pem \
+ -v /etc/shibboleth/sp-encrypt-key.pem:/etc/shibboleth/sp-encrypt-key.pem \
+ -v /etc/shibboleth/my-org-metadata.xml:/etc/shibboleth/my-org-metadata.xml \
+ -p 80:80 \
+ -p 443:443 \
+ comanage-registry:3.2.1-internet2-tier-1
```
-* Start the services:
+## Logging
-```
-docker stack deploy comanage-registry
-```
-
-* Visit the [COmanage wiki](https://spaces.internet2.edu/display/COmanage/Setting+Up+Your+First+CO)
-to learn how to create your first collaborative organization (CO) and begin using
-the platform.
-
-* To stop the services:
-```
-docker stack rm comanage-registry
-```
-
-## Advanced Configuration Options
+Apache HTTP Server, COmanage Registry, Shibboleth, and supervisord all log to the stdout and
+stderr of the container.
-* [Environment Variables](#environ)
-* [Apache HTTP ServerName](#servername)
-* [X.509 Certificates and Private Keys](#certskeys)
-* [Full Control](#full)
+The logging configuration meets version 1 of the
+[TIER Docker Container Specification](https://spaces.at.internet2.edu/x/m4ZyBw).
-## Environment Variables <a name="environ"></a>
-
-All deployment details for COmanage Registry may be configured using environment variables set for the container.
-The set of possible environment variables is listed below.
-
-The entrypoint scripts will attempt to use values from environment variables and if not
-present reasonable defaults will be used. *Note that some defaults like passwords are
-easily guessable and not suitable for production deployments*.
-
-For secrets such as passwords you may wish to use the environment variable with
-`_FILE` appended and set the value to a path. The entrypoint scripts will read the
-file to find the value to use. For example to set the database user password to the
-value `dEodxlXQE2dKl8own7T2` you can for the container either set the environment variable
-
-```
-COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=dEodxlXQE2dKl8own7T2
-```
+## HTTPS Configuration
-or instead ensure that inside the container the file
-`/db_password` contains
-on a single line the value `dEodxlXQE2dKl8own7T2` and then set the
-environment variable
+See the section on environment variables and the `HTTPS_CERT_FILE` and
+`HTTPS_PRIVKEY_FILE` variables.
-*When present an environment variable pointing to a file inside the container overrides
-an otherwise configured environment variable*.
+Additionally you may bind mount or COPY in an X.509 certificate file (containing the CA signing certificate(s), if any)
+and associated private key file. For example
```
-COMANAGE_REGISTRY_DATABASE_USER_PASSWORD_FILE=/db_password
+COPY cert.pem /etc/httpd/cert.pem
+COPY privkey.pem /etc/httpd/privkey.pem
```
-
-Some deployment details for the Shibboleth SP may be set using environment variables, but most
-deployments will prefer to mount or COPY in `/etc/shibboleth/shibboleth2.xml` to be able
-to configure SAML federation details.
-
-### COmanage Registry
-
-* COMANAGE_REGISTRY_ADMIN_GIVEN_NAME:
- * Description: platform admin given name
- * Default: Registry
- * Example 1: Scott
- * Example 2: Himari
-
-* COMANAGE_REGISTRY_ADMIN_FAMILY_NAME:
- * Description: platform admin family name
- * Default: Admin
- * Example 1: Koranda
- * Example 2: Tanaka
-
-* COMANAGE_REGISTRY_ADMIN_USERNAME:
- * Description: platform admin username identifier (often eduPersonPrincipalName)
- * Default: registry.admin
- * Example 1: scott.koranda@sphericalcowgroup.com
- * Example 2: himaritanaka@some.org
-
-* COMANAGE_REGISTRY_DATASOURCE
- * Description: database type
- * Default: Database/Postgres
- * Example 1: Database/Mysql
- * Example 2: Database/Postgres
-
-* COMANAGE_REGISTRY_DATABASE
- * Description: name of the database
- * Default: registry
- * Example 1: comanage_registry
- * Example 2: COmanageRegistryDB
-
-* COMANAGE_REGISTRY_DATABASE_HOST
- * Description: hostname of the database server
- * Default: comanage-registry-database
- * Example 1: comanage-registry-database
- * Example 2: my-db-container
-
-* COMANAGE_REGISTRY_DATABASE_USER
- * Description: database username
- * Default: registry_user
- * Example 1: comanage
- * Example 2: comanage_user
-
-* COMANAGE_REGISTRY_DATABASE_USER_PASSWORD
- * Description: database user password
- * Default: password
- * Example 1: AFH9OiyuowiY3Wq6qX0j
- * Example 2: qVcsJPo7$@
-
-* COMANAGE_REGISTRY_EMAIL_FROM
- * Description: default From used by Registry for sending email
- * Default: none
- * Example 1: registry@some.org
- * Example 2: skoranda@gmail.com
-
-* COMANAGE_REGISTRY_EMAIL_TRANSPORT
- * Description: email transport mechanism
- * Default: Smtp
- * Example 1: Smtp
- * Example 2: MyCustom
-
-* COMANAGE_REGISTRY_EMAIL_PORT
- * Description: email transport port
- * Default: 465
- * Example 1: 465
- * Example 2: 25
-
-* COMANAGE_REGISTRY_EMAIL_HOST
- * Description: email server host
- * Default: tls://smtp.gmail.com
- * Example 1: smtp.my.org
- * Example 2: mail.some.org
-
-* COMANAGE_REGISTRY_EMAIL_ACCOUNT
- * Description: email server account
- * Default: none
- * Example 1: skoranda@gmail.com
- * Example 2: registry_email_sender
-
-* COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD
- * Description: email server account password
- * Default: none
- * Example 1: 82P3mt1T0PByZRHNQ6he
- * Example 2: ak&&u1$@
-
-* COMANAGE_REGISTRY_SECURITY_SALT
- * Description: security salt value
- * Default: auto-generated at initial deployment if not specified
- * Example 1: wciEjD1KbX9Q8nB3YdWItFuzEoRdf6l5BpoCuTHm
- * Example 2: JpmKTdO88NX6RsCIVnru6hV79zKOfvjGk0tTG0Cb
-
-* COMANAGE_REGISTRY_SECURITY_SEED
- * Description: security seed value
- * Default: auto-generated at initial deployment if not specified
- * Example 1: 32616298446590535751260992683
- * Example 2: 21812581423282761029813528278
-
-* HTTPS_CERT_FILE
- * Description: X.509 certificate and CA chain in PEM format for use with Apache HTTP Server to serve HTTPS
- * Default: self-signed auto-generated certificate
-
-* HTTPS_KEY_FILE
- * Description: Associated private key for HTTPS in PEM format
- * Default: private key for self-signed auto-generated certificate
-
-* SERVER_NAME
- * Description: ServerName for Apache HTTP Server virtual host configuration
- * Default: none, parsed from X.509 certificate if not defined
- * Example 1: registry.some.org
- * Example 2: comanage.my.edu
-
-### MariaDB
-
-* MYSQL_ROOT_PASSWORD
- * Description: password for root user
- * Default: none
- * Example 1: ukZd7IZDRfOqgF82938A
- * Example 2: 28hvua3%,2
-
-* MYSQL_DATABASE
- * Description: name of the database, must be same as set for COmanage Registry container
- * Default: none
- * Example 1: comanage_registry
- * Example 2: COmanageRegistryDB
-
-* MYSQL_USER:
- * Description: database username, must be same as set for COmanage Registry container
- * Default: none
- * Example 1: comanage
- * Example 2: comanage_user
-
-* MYSQL_PASSWORD_FILE:
- * Description: database user password, must be same as set for COmanage Registry container
- * Default: none
- * Example 1: AFH9OiyuowiY3Wq6qX0j
- * Example 2: qVcsJPo7$@
-
-### Shibboleth SP
-
-* SHIBBOLETH_SP_CERT
- * Description: SAML certificate
- * Default: self-signed per-image, must be copied out to persist
-
-* SHIBBOLETH_SP_ENTITY_ID
- * Description: entityID for SP
- * Default: none
- * Example 1: https://comanage.registry/shibboleth
- * Example 2: https://my.org/comanage
-
-* SHIBBOLETH_SP_METADATA_PROVIDER_XML
- * Description: Shibboleth SP metadata provider element
- * Default: none
-
-* SHIBBOLETH_SP_PRIVKEY
- * Description: SAML private key
- * Default: self-signed per-image, must be copied out to persist
-
-* SHIBBOLETH_SP_SAMLDS_URL
- * Description: URL for SAML IdP discovery service
- * Default: none
- * Example 1: https://my.org/registry/pages/eds/index
- * Exammple 2: https://discovery.my.org
-
-### OpenLDAP slapd
-
-* OLC_ROOT_DN
- * Description: DN for the administrator
- * Default: cn=admin,dc=my,dc=org
- * Exammle 1: cn=admin,dc=some,dc=edu
- * Example 2: cn=admin,ou=service,dc=my,dc=org
-
-* OLC_ROOT_PW
- * Description: hashed password for root DN
- * Default: none
- * Example 1: See compose file above
-
-* OLC_SUFFIX
- * Description: Suffix for the directory
- * Default: dc=my,dc=org
- * Example 1: dc=some,dc=edu
- * Example 2: o=unit,dc=my,dc=org
-
-* SLAPD_CERT_FILE
- * Description: X.509 certificate in PEM format for use with OpenLDAP Server to serve ldaps://
- * Default: none
-
-* SLAPD_CHAIN_FILE
- * Description: CA certificate chain in PEM format
- * Default: none
-
-* SLAPD_KEY_FILE
- * Description: Associated private key for ldaps:// in PEM format
- * Default: none
-
-## X.509 Certificates and Private Keys <a name="certskeys"></a>
-
-### COmanage Registry
-
-The certificate and private key files used for HTTPS may
-be injected into the COmanage Registry container using environment variables
-to point to files mounted into the container. The certificate file should
-include the server certificate and any intermediate CA signing certificates
-sorted from leaf to root.
-
-Alternatively you can directly mount files in the container to
-
-```
-/etc/apache2/cert.pem
-/etc/apache2/privkey.pem
-```
-
-If no files are configured the containers use self-signed certificates
-for HTTPS by default.
-
-### Shibboleth SP
-
-The SAML certificate and private key used for decryption (and sometimes signing)
-by the Shibboleth SP may be injected into the COmanage Registry container using
-environment variables to point to files mounted into the container.
-
-Alternatively you can directly mount files in the container to
-
-```
-/etc/shibboleth/sp-cert.pem
-/etc/shibboleth/sp-key.pem
-```
-
-If no files are configured the container uses a default self-signed certificate
-*this is the same for all images and not suitable for production*.
-
-### OpenLDAP slapd
-
-The certificate, private key, and CA signing file or chain file used for TLS
-(port 636 by default) may
-be injected into the OpenLDAP slapd container using environment variables
-to point to files mounted into the container.
-
-## ServerName <a name="servername"></a>
-
-The entrypoint scripts will attempt to parse the appropriate value for the
-Apache HTTP Server configuration option `ServerName` from the X.509 certificate
-provided for HTTPS.
-
-To override the parsing a deployer may explicitly set the environment variable
-`SERVER_NAME`.
-
-## Full control <a name="full"></a>
-
-Deployers needing full control may inject configuration and deployment details directly.
-The entrypoint scripts will *not* overwrite any details found so directly injected
-details always override environment variables.
-
-### COmanage Registry
-
-COmanage Registry expects to find all local configuration details
-in the container at `/srv/comanage-registry/local`. A deployer may therefore mount
-a directory at that location to provide any and all configuration details. Note, however,
-that Registry expects to find a particular directory structure under
-`/srv/comanage-registry/local` and will not function properly if the structure is not
-found. The entrypoint script will create the necessary structure if it does not find it
-so it is recommended to mount an empty directory for the first deployment, let the
-entrypoint script create the structure, then later adjust the details as necessary
-for your deployment.
-
-### Shibboleth SP
-
-All Shibboleth SP configuration is available inside the container in
-`/etc/shibboleth`. A deployer may therefore mount into that directory any
-necessary adjustment to the Shibboleth configuration, such as static metadata
-files, metadata signing certificates, or advanced attribute filtering
-configurations.
-
-A default set of all configuration files is available in the image.
-
-### OpenLDAP slapd
-
-Since slapd is configured dynamically using standard LDAP operations on the
-configuration directory (`cn=config`) the most straightforward way to inject
-advanced configuration details at the time the container is *created* is
-to customize the entrypoint script.
diff --git a/docker-comanage-entrypoint b/docker-comanage-entrypoint
index 6191e13..f275bc8 100755
--- a/docker-comanage-entrypoint
+++ b/docker-comanage-entrypoint
@@ -19,332 +19,34 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-if [ -n "$COMANAGE_DEBUG" ]
-then
- OUTPUT=/dev/stdout
-else
- OUTPUT=/dev/null
-fi
-# Configuration details that may be injected through environment
-# variables or the contents of files.
+source /usr/local/lib/comanage_utils.sh
-injectable_config_vars=(
- COMANAGE_REGISTRY_DATASOURCE
- COMANAGE_REGISTRY_DATABASE
- COMANAGE_REGISTRY_DATABASE_HOST
- COMANAGE_REGISTRY_DATABASE_USER
- COMANAGE_REGISTRY_DATABASE_USER_PASSWORD
- COMANAGE_REGISTRY_EMAIL_FROM
- COMANAGE_REGISTRY_EMAIL_TRANSPORT
- COMANAGE_REGISTRY_EMAIL_HOST
- COMANAGE_REGISTRY_EMAIL_PORT
- COMANAGE_REGISTRY_EMAIL_ACCOUNT
- COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD
- COMANAGE_REGISTRY_SECURITY_SALT
- COMANAGE_REGISTRY_SECURITY_SEED
- ENV
- HTTPS_CERT_FILE
- HTTPS_PRIVKEY_FILE
- SERVER_NAME
- USERTOKEN
-)
+comanage_utils::consume_injected_environment
-# If the file associated with a configuration variable is present then
-# read the value from it into the appropriate variable. So for example
-# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
-# value points to a file on the file system then read the contents
-# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.
+comanage_utils::prepare_local_directory
-for config_var in "${injectable_config_vars[@]}"
-do
- eval file_name=\$"${config_var}_FILE";
+comanage_utils::configure_tier_logging
- if [ -e "$file_name" ]; then
- declare "${config_var}"=`cat $file_name`
- fi
-done
+comanage_utils::prepare_database_config
-# Make sure the directory structure we need is available
-# in the data volume for $COMANAGE_REGISTRY_DIR/local
-mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config"
-mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin"
-mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public"
-mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img"
+comanage_utils::prepare_email_config
-# If the COmanage Registry database configuration file does not exist
-# then try to create it from injected information with reasonable defaults
-# that aid simple evaluation deployments.
-if [ ! -e "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then
- cat > "$COMANAGE_REGISTRY_DIR/local/Config/database.php" <<EOF
-<?php
+comanage_utils::prepare_https_cert_key
-class DATABASE_CONFIG {
+comanage_utils::prepare_server_name
- public \$default = array(
- 'datasource' => '${COMANAGE_REGISTRY_DATASOURCE:-Database/Mysql}',
- 'persistent' => false,
- 'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}',
- 'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}',
- 'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}',
- 'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}',
- 'prefix' => 'cm_',
- );
+comanage_utils::wait_database_connectivity
-}
-EOF
-fi
+comanage_utils::registry_setup
-# If the COmanage Registry email configuration file does not exist
-# then try to create it from injected information with reasonable defaults
-# that aid simple evaluation deployments.
-email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php"
+comanage_utils::registry_upgrade
-if [ ! -e "$email_config" ]; then
- # If the deployer has injected an email for from then use it,
- # otherwise set a default purely as a template that can edited
- # easier later.
- if [ -n "$COMANAGE_REGISTRY_EMAIL_FROM" ]; then
- email_from="$COMANAGE_REGISTRY_EMAIL_FROM"
- else
- email_from="array('account@gmail.com' => 'Registry')"
- fi
+comanage_utils::enable_plugins
- # If the injected email from does not include a single quote (')
- # then add them to make it a PHP string.
- if [[ ! $email_from =~ .*"'".* ]]; then
- email_from="'$email_from'"
- fi
+comanage_utils::registry_clear_cache
- cat > "$email_config" <<EOF
-<?php
-
-class EmailConfig {
-
- public \$default = array(
- 'from' => $email_from,
- 'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}',
- 'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}',
- 'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465},
-EOF
-
- # If the deployer has injected a username then add it to the configuration.
- if [ -n "$COMANAGE_REGISTRY_EMAIL_ACCOUNT" ]; then
- cat >> "$email_config" <<EOF
- 'username' => '$COMANAGE_REGISTRY_EMAIL_ACCOUNT',
-EOF
- fi
-
- # If the deployer has injected a password then add it to the configuration.
- if [ -n "$COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD" ]; then
- cat >> "$email_config" <<EOF
- 'password' => '$COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD',
-EOF
- fi
-
- # Complete the PHP array.
- cat >> "$email_config" <<EOF
- );
-}
-EOF
-
-fi
-
-# Loop until we are able to open a connection to the database.
-DATABASE_TEST_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/DatabaseTestShell.php"
-
-cat > $DATABASE_TEST_SCRIPT <<"EOF"
-<?php
-
-App::import('Model', 'ConnectionManager');
-
-class DatabaseTestShell extends AppShell {
- function main() {
- try {
- $db = ConnectionManager::getDataSource('default');
- } catch (Exception $e) {
- $this->error("Unable to connect to datasource");
- }
- $this->out("Connected to datasource");
- }
-}
-EOF
-
-pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
-
-until ./Console/cake databaseTest > "$OUTPUT" 2>&1; do
- >&2 echo "Database is unavailable - sleeping"
- sleep 1
-done
-
-rm -f "$DATABASE_TEST_SCRIPT"
-
-popd > "$OUTPUT" 2>&1
-
-# We only want to run the setup script once since it creates
-# state in the database. Until COmanage Registry has a better
-# mechanism for telling us if setup has already been run
-# we create an ephemeral CakePHP script to tell us.
-SETUP_ALREADY_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/SetupAlreadyShell.php"
-
-cat > $SETUP_ALREADY_SCRIPT <<"EOF"
-<?php
-
-class SetupAlreadyShell extends AppShell {
- var $uses = array('Co');
-
- function main() {
- $args = array();
- $args['conditions']['Co.name'] = 'COmanage';
- $args['contain'] = false;
-
- try {
- $co = $this->Co->find('first', $args);
- } catch (CakeException $e) {
- $this->out('Not setup already');
- }
-
- if(empty($co)) {
- $this->out('Not setup already');
- } else {
- $this->error('Setup already');
- }
- }
-}
-EOF
-
-pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
-./Console/cake setupAlready > "$OUTPUT" 2>&1
-setup_already=$?
-
-rm -f "$SETUP_ALREADY_SCRIPT"
-
-if [ $setup_already -eq 0 ]; then
- rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" > "$OUTPUT" 2>&1
- rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" > "$OUTPUT" 2>&1
- # Run database twice until issue on develop branch is resolved. Since
- # the command is idempotent normally it is not a problem to have it run
- # more than once.
- ./Console/cake database > "$OUTPUT" 2>&1 && \
- ./Console/cake database > "$OUTPUT" 2>&1 && \
- ./Console/cake setup --admin-given-name "${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}" \
- --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \
- --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \
- --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1
- AUTO_GENERATED_SECURITY=1
-fi
-
-popd > "$OUTPUT" 2>&1
-
-# If COmanage Registry CakePHP security salt and seed have been
-# injected and the files do not otherwise exist create them.
-if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then
- echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt"
-fi
-
-if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then
- echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed"
-fi
-
-# We always run upgradeVersion since it will not make any changes
-# if the current and target versions are the same or if
-# an upgrade from the current to the target version is not allowed.
-pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
-
-./Console/cake upgradeVersion "${COMANAGE_REGISTRY_UPGRADE_VERSION_OPTS}" > "$OUTPUT" 2>&1
-
-popd > "$OUTPUT" 2>&1
-
-# Force a datbase update if requested. This is helpful when deploying
-# a new version of the code that does not result in a change in the
-# version number and so upgradeVersion does not fire. An example
-# of this scenario is when new code is introduced in the develop
-# branch but before a release happens.
-if [ -n "$COMANAGE_REGISTRY_DATABASE_SCHEMA_FORCE" ]; then
- echo "Forcing a database schema update..." > "$OUTPUT" 2>&1
- pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
- ./Console/cake database > "$OUTPUT" 2>&1
- popd > "$OUTPUT" 2>&1
-fi
-
-# Enable any supported non-core plugins if requested.
-if [ -n "$COMANAGE_REGISTRY_ENABLE_PLUGIN" ]; then
- plugins=(`echo "$COMANAGE_REGISTRY_ENABLE_PLUGIN" | sed -e 's@,@ @'`) > "$OUTPUT" 2>&1
- for plugin in "${plugins[@]}";
- do
- echo "Enabling available plugin $plugin..." > "$OUTPUT" 2>&1
- pushd "$COMANAGE_REGISTRY_DIR/local/Plugin" > "$OUTPUT" 2>&1
- ln -s "../../app/AvailablePlugin/$plugin" "$plugin" > "$OUTPUT" 2>&1
- popd > "$OUTPUT" 2>&1
- pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
- ./Console/cake database > "$OUTPUT" 2>&1
- popd > "$OUTPUT" 2>&1
- done
-fi
-
-# Remove any cache files generated thus far.
-find "$COMANAGE_REGISTRY_DIR/app/tmp/cache" -type f -exec rm -f {} \;
-
-# If defined use configured location of Apache HTTP Server
-# HTTPS certificate and key files. The certificate file may also
-# include intermediate CA certificates, sorted from leaf to root.
-if [ -n "$HTTPS_CERT_FILE" ]; then
- rm -f /etc/httpd/cert.pem
- cp "$HTTPS_CERT_FILE" /etc/httpd/cert.pem
- chown apache /etc/httpd/cert.pem
- chmod 0644 /etc/httpd/cert.pem
-fi
-
-if [ -n "$HTTPS_PRIVKEY_FILE" ]; then
- rm -f /etc/httpd/privkey.pem
- cp "$HTTPS_PRIVKEY_FILE" /etc/httpd/privkey.pem
- chown apache /etc/httpd/privkey.pem
- chmod 0600 /etc/httpd/privkey.pem
-fi
-
-# If SERVER_NAME has not been injected try to determine
-# it from the HTTPS_CERT_FILE.
-if [ -z "$SERVER_NAME" ]; then
- SERVER_NAME=`openssl x509 -in /etc/httpd/cert.pem -text -noout | sed -n '/X509v3 Subject Alternative Name:/ {n;p}' | sed -E 's/.*DNS:(.*)\s*$/\1/'`
- if [ -z "$SERVER_NAME" ]; then
- SERVER_NAME=`openssl x509 -in /etc/httpd/cert.pem -subject -noout | sed -E 's/subject=.*CN=(.*)\s*/\1/'`
- fi
-fi
-
-# Configure Apache HTTP Server with the server name.
-sed -i -e s@%%SERVER_NAME%%@"${SERVER_NAME:-unknown}"@g /etc/httpd/conf.d/000-comanage.conf
-
-# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
-if [[ $ENV =~ .*";".* ]]; then
- ENV=`echo $ENV | tr -d ';'`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ .*";".* ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d ';'`
- export USERTOKEN
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
-if [[ $ENV =~ [[:space:]] ]]; then
- ENV=`echo $ENV | tr -d [:space:]`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ [[:space:]] ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
- export USERTOKEN
-fi
-
-# Create pipes to use for COmanage Registry instead of standard log files.
-rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1
-rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1
-mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1
-mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1
-
-# Format any output from COmanange Registry into standard TIER form.
-(cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
-(cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
+comanage_utils::tmp_ownership
# Start Apache HTTP Server
exec /usr/sbin/httpd -DFOREGROUND
diff --git a/docker-comanage-shibboleth-sp-entrypoint b/docker-comanage-shibboleth-sp-entrypoint
index 11527b8..62c27a1 100755
--- a/docker-comanage-shibboleth-sp-entrypoint
+++ b/docker-comanage-shibboleth-sp-entrypoint
@@ -19,109 +19,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-if [ -n "$COMANAGE_DEBUG" ]
-then
- OUTPUT=/dev/stdout
-else
- OUTPUT=/dev/null
-fi
+source /usr/local/lib/comanage_utils.sh
-# Configuration details that may be injected through environment
-# variables or the contents of files.
-#
-# SHIBBOLETH_SP_METADATA_PROVIDER_XML may also be injected in the
-# same way but because of the presence of special characters in the
-# XML it is handled differently.
-
-injectable_config_vars=(
- SHIBBOLETH_SP_ENTITY_ID
- SHIBBOLETH_SP_CERT
- SHIBBOLETH_SP_PRIVKEY
- SHIBBOLETH_SP_SAMLDS_URL
-)
-
-# If the file associated with a configuration variable is present then
-# read the value from it into the appropriate variable. So for example
-# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
-# value points to a file on the file system then read the contents
-# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.
-
-for config_var in "${injectable_config_vars[@]}"
-do
- eval file_name=\$"${config_var}_FILE";
-
- if [ -e "$file_name" ]; then
- payload=`cat $file_name`
- declare "${config_var}"="${payload}"
- fi
-done
-
-# If no shibboleth2.xml file is present then create one using
-# injected information or defaults that are not particularly
-# useful in a federated context but will allow shibd to start.
-if [ ! -e /etc/shibboleth/shibboleth2.xml ]; then
- cp /etc/shibboleth/shibboleth2.xml.template /etc/shibboleth/shibboleth2.xml
- sed -i -e s@%%SHIBBOLETH_SP_ENTITY_ID%%@"${SHIBBOLETH_SP_ENTITY_ID:-https://comanage.registry/shibboleth}"@ /etc/shibboleth/shibboleth2.xml
- sed -i -e s@%%SHIBBOLETH_SP_SAMLDS_URL%%@"${SHIBBOLETH_SP_SAMLDS_URL:-https://localhost/registry/pages/eds/index}"@ /etc/shibboleth/shibboleth2.xml
-
- # The metadata provider injected input most likely contains special characters
- # so use a sed script instead of simple substitution on the command line.
-
- if [ -n "$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE" ]; then
- xml_content_file="$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE"
- else
- xml_content_file=`/bin/mktemp`
- echo ${SHIBBOLETH_SP_METADATA_PROVIDER_XML:-} > ${xml_content_file}
- fi
-
- sed_script_file=`/bin/mktemp`
- cat > ${sed_script_file}<<EOF
-/%%SHIBBOLETH_SP_METADATA_PROVIDER_XML%%/ {
- r ${xml_content_file}
- d
-}
-EOF
-
- sed -i -f ${sed_script_file} /etc/shibboleth/shibboleth2.xml
-
- chmod 0644 /etc/shibboleth/shibboleth2.xml
-fi
-
-# If defined use configured location of Shibboleth SP SAML certificate and key.
-if [ -n "$SHIBBOLETH_SP_CERT" ]; then
- cp "$SHIBBOLETH_SP_CERT" /etc/shibboleth/sp-cert.pem
- chown shibd /etc/shibboleth/sp-cert.pem
- chmod 0644 /etc/shibboleth/sp-cert.pem
-fi
-
-if [ -n "$SHIBBOLETH_SP_PRIVKEY" ]; then
- cp "$SHIBBOLETH_SP_PRIVKEY" /etc/shibboleth/sp-key.pem
- chown shibd /etc/shibboleth/sp-key.pem
- chmod 0600 /etc/shibboleth/sp-key.pem
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
-if [[ $ENV =~ .*";".* ]]; then
- ENV=`echo $ENV | tr -d ';'`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ .*";".* ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d ';'`
- export USERTOKEN
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
-if [[ $ENV =~ [[:space:]] ]]; then
- ENV=`echo $ENV | tr -d [:space:]`
- export ENV
-fi
+source /usr/local/lib/comanage_shibboleth_sp_utils.sh
-if [[ $USERTOKEN =~ [[:space:]] ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
- export USERTOKEN
-fi
+comanage_utils::manage_tier_environment
-# Start the daemon.
-export LD_LIBRARY_PATH=/opt/shibboleth/lib64
-exec /usr/sbin/shibd -f -u shibd -g shibd -c /etc/shibboleth/shibboleth2.xml -p /var/run/shibboleth/shibd.pid -F
+comanage_shibboleth_sp_utils::exec_shibboleth_sp_daemon
diff --git a/docker-supervisord-entrypoint b/docker-supervisord-entrypoint
index 8000116..9c218a6 100755
--- a/docker-supervisord-entrypoint
+++ b/docker-supervisord-entrypoint
@@ -19,34 +19,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-if [ -n "$DEBUG" ]
-then
- OUTPUT=/dev/stdout
-else
- OUTPUT=/dev/null
-fi
+source /usr/local/lib/comanage_utils.sh
-# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
-if [[ $ENV =~ .*";".* ]]; then
- ENV=`echo $ENV | tr -d ';'`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ .*";".* ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d ';'`
- export USERTOKEN
-fi
-
-# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
-if [[ $ENV =~ [[:space:]] ]]; then
- ENV=`echo $ENV | tr -d [:space:]`
- export ENV
-fi
-
-if [[ $USERTOKEN =~ [[:space:]] ]]; then
- USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
- export USERTOKEN
-fi
+comanage_utils::manage_tier_environment
# Make a "console" logging pipe that anyone can write to regardless of who owns the process.
rm -f /tmp/logpipe > "$OUTPUT" 2>&1
@@ -61,7 +36,7 @@ mkfifo -m 666 /tmp/loghttpd > "$OUTPUT" 2>&1
# Format any console output from shibd into standard TIER form.
rm -f /tmp/logshibd > "$OUTPUT" 2>&1
mkfifo -m 666 /tmp/logshibd > "$OUTPUT" 2>&1
-(cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
+(cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "shibd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
# Format any console output from supervisord into standard TIER form.
rm -f /tmp/logsuperd > "$OUTPUT" 2>&1
diff --git a/sendtierbeacon.sh b/sendtierbeacon.sh
index 63e27f9..ebc8a34 100755
--- a/sendtierbeacon.sh
+++ b/sendtierbeacon.sh
@@ -19,13 +19,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-LOGHOST="collector.testbed.tier.internet2.edu"
-LOGPORT="5001"
+LOGHOST='collector.testbed.tier.internet2.edu'
+LOGPORT='5001'
-messagefile="/tmp/beaconmsg"
+messagefile='/tmp/beaconmsg'
-if [ -z "$TIER_BEACON_OPT_OUT" ]; then
- cat > $messagefile <<EOF
+if [[ -z "${TIER_BEACON_OPT_OUT}" ]]; then
+ cat > ${messagefile} <<EOF
{
"msgType" : "TIERBEACON",
"msgName" : "TIER",
@@ -37,13 +37,13 @@ if [ -z "$TIER_BEACON_OPT_OUT" ]; then
}
EOF
- curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T $messagefile 1>/dev/null 2>&1
- if [ $? -eq 0 ]; then
+ curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T ${messagefile} 1>/dev/null 2>&1
+ if [[ $? -eq 0 ]]; then
echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; TIER beacon sent"
else
echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; Failed to send TIER beacon"
fi
- rm -f $messagefile 1>/dev/null 2>&1
+ rm -f ${messagefile} 1>/dev/null 2>&1
fi
diff --git a/setupcron.sh b/setupcron.sh
index 3f45f05..4c99e55 100755
--- a/setupcron.sh
+++ b/setupcron.sh
@@ -19,11 +19,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-CRONFILE=/tmp/cronfile
+CRONFILE='/tmp/cronfile'
# Build and install crontab file with random start time
# between midnight and 3:59am.
-echo "#send daily beacon to TIER Central" > ${CRONFILE}
-echo $(expr $RANDOM % 59) $(expr $RANDOM % 3) "* * * /usr/local/bin/sendtierbeacon.sh >> /tmp/logpipe 2>&1" >> ${CRONFILE}
-chmod 644 ${CRONFILE}
-crontab ${CRONFILE}
+echo '#send daily beacon to TIER Central' > "${CRONFILE}"
+echo $(expr $RANDOM % 59) $(expr $RANDOM % 3) "* * * /usr/local/bin/sendtierbeacon.sh >> /tmp/logpipe 2>&1" >> "${CRONFILE}"
+chmod 644 "${CRONFILE}"
+crontab "${CRONFILE}"
diff --git a/shibboleth.repo b/shibboleth.repo
index 393aa48..02877bb 100644
--- a/shibboleth.repo
+++ b/shibboleth.repo
@@ -1,7 +1,8 @@
-[security_shibboleth]
+[shibboleth]
name=Shibboleth (CentOS_7)
+# Please report any problems to https://issues.shibboleth.net
type=rpm-md
-baseurl=http://downloadcontent.opensuse.org/repositories/security:/shibboleth/CentOS_7/
+mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
gpgcheck=1
-gpgkey=http://downloadcontent.opensuse.org/repositories/security:/shibboleth/CentOS_7/repodata/repomd.xml.key
+gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
enabled=1
From a070e8864a789ec0eb78d64088bdf97fca47ee21 Mon Sep 17 00:00:00 2001
From: Christopher Hubing <chubing@internet2.edu>
Date: Fri, 8 Nov 2019 10:24:08 -0500
Subject: [PATCH 19/19] add tier dockerhub to From
---
Dockerfile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 61f2a11..e79b0c3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,9 +20,9 @@ ARG COMANAGE_REGISTRY_VERSION=3.2.2
ARG COMANAGE_REGISTRY_BASE_IMAGE_VERSION=20191108
ARG COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION=3.2.2-20191108
-FROM comanage-registry-base:${COMANAGE_REGISTRY_VERSION}-${COMANAGE_REGISTRY_BASE_IMAGE_VERSION} AS comanage
+FROM tier/comanage-registry-base:${COMANAGE_REGISTRY_VERSION}-${COMANAGE_REGISTRY_BASE_IMAGE_VERSION} AS comanage
-FROM comanage-registry-internet2-tier-base:${COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION} AS php-build
+FROM tier/comanage-registry-internet2-tier-base:${COMANAGE_REGISTRY_I2_BASE_IMAGE_VERSION} AS php-build
FROM centos:centos7