Updates to support 1.0.0 RC2

Updates to support version 1.0.0 release
candidate 2.

comanage-match-base/Dockerfile

@@ -16,7 +16,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM php:7.3.31-apache-bullseye
+FROM php:7.4.27-apache-bullseye
 
 # Official PHP image with Apache HTTPD includes
 # --with-openssl
@@ -56,12 +56,6 @@ RUN mkdir -p ${COMANAGE_MATCH_DIR} \
       && wget -O comanage.tar.gz ${COMANAGE_MATCH_SRC_URL} \
       && tar -zxf comanage.tar.gz -C ${COMANAGE_MATCH_DIR} --strip-components=1 \
       && rm -f comanage.tar.gz \
-      && rm -f ${COMANAGE_MATCH_DIR}/app/tmp \
-      && rm -f ${COMANAGE_MATCH_DIR}/app/logs \
-      && mkdir ${COMANAGE_MATCH_DIR}/app/tmp \
-      && mkdir ${COMANAGE_MATCH_DIR}/app/logs \
-      && chown -R www-data:www-data ${COMANAGE_MATCH_DIR}/app/tmp \
-      && chown -R www-data:www-data ${COMANAGE_MATCH_DIR}/app/logs \
       && cd /var/www/html \
       && ln -s ${COMANAGE_MATCH_DIR}/app/webroot match
 

comanage-match-base/comanage_utils.sh

@@ -58,13 +58,12 @@ function comanage_utils::configure_tier_logging() {
     comanage_utils::manage_tier_environment
 
     # Create pipes to use for COmanage Match instead of standard log files.
-    rm -rf "$COMANAGE_MATCH_DIR/app/logs" > "$OUTPUT" 2>&1
-    mkfifo -m 666 "$COMANAGE_MATCH_DIR/app/logs/error.log" > "$OUTPUT" 2>&1
-    mkfifo -m 666 "$COMANAGE_MATCH_DIR/app/logs/debug.log" > "$OUTPUT" 2>&1
+    mkfifo -m 666 "$COMANAGE_MATCH_DIR/local/logs/error.log" > "$OUTPUT" 2>&1
+    mkfifo -m 666 "$COMANAGE_MATCH_DIR/local/logs/debug.log" > "$OUTPUT" 2>&1
 
     # Format any output from COmanange Registry into standard TIER form.
-    (cat <> "$COMANAGE_MATCH_DIR/app/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_match;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
-    (cat <> "$COMANAGE_MATCH_DIR/app/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_match;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
+    (cat <> "$COMANAGE_MATCH_DIR/local/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_match;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
+    (cat <> "$COMANAGE_MATCH_DIR/local/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_match;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
 }
 
 ##########################################
@@ -399,6 +398,8 @@ function comanage_utils::prepare_local_directory() {
     local directories
 
     declare -a directories=("Config"
+                            "logs"
+                            "tmp"
                             )
 
     local dir
@@ -536,14 +537,44 @@ function comanage_utils::tmp_ownership() {
         ownership='apache:apache'
     fi
 
-    tmp_dir="${COMANAGE_MATCH_DIR}/app/tmp"
+    tmp_dir="${COMANAGE_MATCH_DIR}/local/tmp"
 
     chown -R "${ownership}" "${tmp_dir}"
 
     echo "Recursively set ownership of ${tmp_dir} to ${ownership}" > "$OUTPUT"
 
 }
 
+##########################################
+# Set logs directory file ownership
+# Globals:
+#   COMANAGE_MATCH_DIR
+# Arguments:
+#   None
+# Returns:
+#   None
+##########################################
+function comanage_utils::logs_ownership() {
+
+    # Ensure that the web server user owns the tmp directory
+    # and all children.
+    local logs_dir
+    local ownership
+
+    if [[ -e '/etc/debian_version' ]]; then
+        ownership='www-data:www-data'
+    elif [[ -e '/etc/centos-release' ]]; then
+        ownership='apache:apache'
+    fi
+
+    logs_dir="${COMANAGE_MATCH_DIR}/local/logs"
+
+    chown -R "${ownership}" "${logs_dir}"
+
+    echo "Recursively set ownership of ${logs_dir} to ${ownership}" > "$OUTPUT"
+
+}
+
 ##########################################
 # Wait until able to connect to database
 # Globals:

comanage-match-internet2-tap-base/Dockerfile

@@ -20,7 +20,12 @@ FROM centos/python-38-centos7 AS php-build
 
 USER root
 
-ARG PHP_VERSION=7.3.31
+RUN yum -y remove \
+    postgresql-libs \
+    postgresql-devel \
+    postgresql
+
+ARG PHP_VERSION=7.4.27
 ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
 
 RUN yum -y install epel-release \
@@ -41,8 +46,11 @@ RUN yum -y update \
             libxml2-devel \
             libxslt-devel \
             make \
+            oniguruma \
+            oniguruma-devel \
             openssl-devel \
-            rh-postgresql13-devel \
+            rh-postgresql13 \
+            rh-postgresql13-postgresql-devel \
             re2c \
             wget \
         && yum clean all
@@ -72,8 +80,8 @@ RUN cd php-src \
             --with-libedit \
             --with-openssl \
             --with-password-argon2 \
-            --with-pdo-pgsql \
-            --with-pgsql \
+            --with-pdo-pgsql=/opt/rh/rh-postgresql13/root \
+            --with-pgsql=/opt/rh/rh-postgresql13/root \
             --with-sodium \
             --with-zlib \
         && export CFLAGS="$PHP_CFLAGS" \

comanage-match-internet2-tap/Dockerfile

@@ -44,6 +44,11 @@ ARG COMANAGE_MATCH_DIR
 ENV COMANAGE_MATCH_DIR ${COMANAGE_MATCH_DIR:-/srv/comanage-match}
 LABEL comanage_match_dir=${COMANAGE_MATCH_DIR}
 
+RUN yum -y remove \
+    postgresql-libs \
+    postgresql-devel \
+    postgresql
+
 RUN yum -y install epel-release
 
 COPY shibboleth.repo /etc/yum.repos.d/
@@ -59,7 +64,8 @@ RUN yum -y update && yum -y install \
         libxml2 \
         libxslt \
         mod_ssl \
-        postgresql \
+        oniguruma \
+        rh-postgresql13-postgresql \
         python-pip \
         shibboleth \
         sudo \

comanage-match-internet2-tap/docker-comanage-entrypoint

@@ -30,6 +30,8 @@ comanage_utils::configure_tier_logging
 
 comanage_utils::prepare_database_config
 
+comanage_utils::prepare_email_config
+
 comanage_utils::prepare_https_cert_key
 
 comanage_utils::prepare_server_name
@@ -42,5 +44,7 @@ comanage_utils::match_clear_cache
 
 comanage_utils::tmp_ownership
 
+comanage_utils::logs_ownership
+
 # Start Apache HTTP Server
 exec /usr/sbin/httpd -DFOREGROUND

comanage-match-internet2-tap/docker-supervisord-entrypoint

@@ -56,5 +56,8 @@ ln -s /tmp/logcrond /var/log/cron > "$OUTPUT" 2>&1
 exec 1<&-
 exec 2<&-
 
+# Enable the SCL PostgreSQL installation
+source scl_source enable rh-postgresql13
+
 # Start supervisord
-exec /usr/bin/supervisord -c /usr/local/etc/supervisord.conf
+exec /opt/app-root/bin/supervisord -c /usr/local/etc/supervisord.conf

comanage-match-internet2-tap/shibboleth.repo

@@ -1,8 +1,9 @@
 [shibboleth]
 name=Shibboleth (CentOS_7)
-# Please report any problems to https://issues.shibboleth.net
+# Please report any problems to https://shibboleth.atlassian.net/jira
 type=rpm-md
 mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
 gpgcheck=1
 gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
+        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
 enabled=1

comanage-match-shibboleth-sp/Dockerfile

@@ -18,7 +18,7 @@
 # limitations under the License.
 ARG COMANAGE_MATCH_VERSION=develop
 ARG COMANAGE_MATCH_BASE_IMAGE_VERSION=1
-ARG COMANAGE_SHIBBOLETH_SP_VERSION="3.2.3"
+ARG COMANAGE_SHIBBOLETH_SP_VERSION="3.3.0"
 ARG COMANAGE_SHIBBOLETH_SP_BASE_IMAGE_VERSION=1
 
 FROM comanage-shibboleth-sp-base:${COMANAGE_SHIBBOLETH_SP_VERSION}-${COMANAGE_SHIBBOLETH_SP_BASE_IMAGE_VERSION} AS shib-base