From 51d94228e092b2d58a0b4640fb18afba99b30c2d Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Thu, 13 Jan 2022 13:46:16 -0600
Subject: [PATCH] Updates to support 1.0.0 RC2

Updates to support version 1.0.0 release
candidate 2.
---
 comanage-match-base/Dockerfile                |  8 +---
 comanage-match-base/comanage_utils.sh         | 43 ++++++++++++++++---
 comanage-match-internet2-tap-base/Dockerfile  | 16 +++++--
 comanage-match-internet2-tap/Dockerfile       |  8 +++-
 .../docker-comanage-entrypoint                |  4 ++
 .../docker-supervisord-entrypoint             |  5 ++-
 comanage-match-internet2-tap/shibboleth.repo  |  3 +-
 comanage-match-shibboleth-sp/Dockerfile       |  2 +-
 8 files changed, 68 insertions(+), 21 deletions(-)

diff --git a/comanage-match-base/Dockerfile b/comanage-match-base/Dockerfile
index f88d471..eb85cb9 100644
--- a/comanage-match-base/Dockerfile
+++ b/comanage-match-base/Dockerfile
@@ -16,7 +16,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM php:7.3.31-apache-bullseye
+FROM php:7.4.27-apache-bullseye
 
 # Official PHP image with Apache HTTPD includes
 # --with-openssl
@@ -56,12 +56,6 @@ RUN mkdir -p ${COMANAGE_MATCH_DIR} \
       && wget -O comanage.tar.gz ${COMANAGE_MATCH_SRC_URL} \
       && tar -zxf comanage.tar.gz -C ${COMANAGE_MATCH_DIR} --strip-components=1 \
       && rm -f comanage.tar.gz \
-      && rm -f ${COMANAGE_MATCH_DIR}/app/tmp \
-      && rm -f ${COMANAGE_MATCH_DIR}/app/logs \
-      && mkdir ${COMANAGE_MATCH_DIR}/app/tmp \
-      && mkdir ${COMANAGE_MATCH_DIR}/app/logs \
-      && chown -R www-data:www-data ${COMANAGE_MATCH_DIR}/app/tmp \
-      && chown -R www-data:www-data ${COMANAGE_MATCH_DIR}/app/logs \
       && cd /var/www/html \
       && ln -s ${COMANAGE_MATCH_DIR}/app/webroot match
 
diff --git a/comanage-match-base/comanage_utils.sh b/comanage-match-base/comanage_utils.sh
index 596219a..2f1e40c 100644
--- a/comanage-match-base/comanage_utils.sh
+++ b/comanage-match-base/comanage_utils.sh
@@ -58,13 +58,12 @@ function comanage_utils::configure_tier_logging() {
     comanage_utils::manage_tier_environment
 
     # Create pipes to use for COmanage Match instead of standard log files.
-    rm -rf "$COMANAGE_MATCH_DIR/app/logs" > "$OUTPUT" 2>&1
-    mkfifo -m 666 "$COMANAGE_MATCH_DIR/app/logs/error.log" > "$OUTPUT" 2>&1
-    mkfifo -m 666 "$COMANAGE_MATCH_DIR/app/logs/debug.log" > "$OUTPUT" 2>&1
+    mkfifo -m 666 "$COMANAGE_MATCH_DIR/local/logs/error.log" > "$OUTPUT" 2>&1
+    mkfifo -m 666 "$COMANAGE_MATCH_DIR/local/logs/debug.log" > "$OUTPUT" 2>&1
 
     # Format any output from COmanange Registry into standard TIER form.
-    (cat <> "$COMANAGE_MATCH_DIR/app/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_match;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
-    (cat <> "$COMANAGE_MATCH_DIR/app/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_match;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
+    (cat <> "$COMANAGE_MATCH_DIR/local/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_match;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
+    (cat <> "$COMANAGE_MATCH_DIR/local/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_match;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
 }
 
 ##########################################
@@ -399,6 +398,8 @@ function comanage_utils::prepare_local_directory() {
     local directories
 
     declare -a directories=("Config"
+                            "logs"
+                            "tmp"
                             )
 
     local dir
@@ -536,7 +537,7 @@ function comanage_utils::tmp_ownership() {
         ownership='apache:apache'
     fi
 
-    tmp_dir="${COMANAGE_MATCH_DIR}/app/tmp"
+    tmp_dir="${COMANAGE_MATCH_DIR}/local/tmp"
 
     chown -R "${ownership}" "${tmp_dir}"
 
@@ -544,6 +545,36 @@ function comanage_utils::tmp_ownership() {
 
 }
 
+##########################################
+# Set logs directory file ownership
+# Globals:
+#   COMANAGE_MATCH_DIR
+# Arguments:
+#   None
+# Returns:
+#   None
+##########################################
+function comanage_utils::logs_ownership() {
+
+    # Ensure that the web server user owns the tmp directory
+    # and all children.
+    local logs_dir
+    local ownership
+
+    if [[ -e '/etc/debian_version' ]]; then
+        ownership='www-data:www-data'
+    elif [[ -e '/etc/centos-release' ]]; then
+        ownership='apache:apache'
+    fi
+
+    logs_dir="${COMANAGE_MATCH_DIR}/local/logs"
+
+    chown -R "${ownership}" "${logs_dir}"
+
+    echo "Recursively set ownership of ${logs_dir} to ${ownership}" > "$OUTPUT"
+
+}
+
 ##########################################
 # Wait until able to connect to database
 # Globals:
diff --git a/comanage-match-internet2-tap-base/Dockerfile b/comanage-match-internet2-tap-base/Dockerfile
index 4ad468e..8488b6a 100644
--- a/comanage-match-internet2-tap-base/Dockerfile
+++ b/comanage-match-internet2-tap-base/Dockerfile
@@ -20,7 +20,12 @@ FROM centos/python-38-centos7 AS php-build
 
 USER root
 
-ARG PHP_VERSION=7.3.31
+RUN yum -y remove \
+    postgresql-libs \
+    postgresql-devel \
+    postgresql
+
+ARG PHP_VERSION=7.4.27
 ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
 
 RUN yum -y install epel-release \
@@ -41,8 +46,11 @@ RUN yum -y update \
             libxml2-devel \
             libxslt-devel \
             make \
+            oniguruma \
+            oniguruma-devel \
             openssl-devel \
-            rh-postgresql13-devel \
+            rh-postgresql13 \
+            rh-postgresql13-postgresql-devel \
             re2c \
             wget \
         && yum clean all
@@ -72,8 +80,8 @@ RUN cd php-src \
             --with-libedit \
             --with-openssl \
             --with-password-argon2 \
-            --with-pdo-pgsql \
-            --with-pgsql \
+            --with-pdo-pgsql=/opt/rh/rh-postgresql13/root \
+            --with-pgsql=/opt/rh/rh-postgresql13/root \
             --with-sodium \
             --with-zlib \
         && export CFLAGS="$PHP_CFLAGS" \
diff --git a/comanage-match-internet2-tap/Dockerfile b/comanage-match-internet2-tap/Dockerfile
index 41bfc0c..0c7cc7f 100644
--- a/comanage-match-internet2-tap/Dockerfile
+++ b/comanage-match-internet2-tap/Dockerfile
@@ -44,6 +44,11 @@ ARG COMANAGE_MATCH_DIR
 ENV COMANAGE_MATCH_DIR ${COMANAGE_MATCH_DIR:-/srv/comanage-match}
 LABEL comanage_match_dir=${COMANAGE_MATCH_DIR}
 
+RUN yum -y remove \
+    postgresql-libs \
+    postgresql-devel \
+    postgresql
+
 RUN yum -y install epel-release
 
 COPY shibboleth.repo /etc/yum.repos.d/
@@ -59,7 +64,8 @@ RUN yum -y update && yum -y install \
         libxml2 \
         libxslt \
         mod_ssl \
-        postgresql \
+        oniguruma \
+        rh-postgresql13-postgresql \
         python-pip \
         shibboleth \
         sudo \
diff --git a/comanage-match-internet2-tap/docker-comanage-entrypoint b/comanage-match-internet2-tap/docker-comanage-entrypoint
index 5ac645f..27333b3 100755
--- a/comanage-match-internet2-tap/docker-comanage-entrypoint
+++ b/comanage-match-internet2-tap/docker-comanage-entrypoint
@@ -30,6 +30,8 @@ comanage_utils::configure_tier_logging
 
 comanage_utils::prepare_database_config
 
+comanage_utils::prepare_email_config
+
 comanage_utils::prepare_https_cert_key
 
 comanage_utils::prepare_server_name
@@ -42,5 +44,7 @@ comanage_utils::match_clear_cache
 
 comanage_utils::tmp_ownership
 
+comanage_utils::logs_ownership
+
 # Start Apache HTTP Server
 exec /usr/sbin/httpd -DFOREGROUND
diff --git a/comanage-match-internet2-tap/docker-supervisord-entrypoint b/comanage-match-internet2-tap/docker-supervisord-entrypoint
index d71c994..3800301 100755
--- a/comanage-match-internet2-tap/docker-supervisord-entrypoint
+++ b/comanage-match-internet2-tap/docker-supervisord-entrypoint
@@ -56,5 +56,8 @@ ln -s /tmp/logcrond /var/log/cron > "$OUTPUT" 2>&1
 exec 1<&-
 exec 2<&-
 
+# Enable the SCL PostgreSQL installation
+source scl_source enable rh-postgresql13
+
 # Start supervisord
-exec /usr/bin/supervisord -c /usr/local/etc/supervisord.conf
+exec /opt/app-root/bin/supervisord -c /usr/local/etc/supervisord.conf
diff --git a/comanage-match-internet2-tap/shibboleth.repo b/comanage-match-internet2-tap/shibboleth.repo
index 02877bb..dabe005 100644
--- a/comanage-match-internet2-tap/shibboleth.repo
+++ b/comanage-match-internet2-tap/shibboleth.repo
@@ -1,8 +1,9 @@
 [shibboleth]
 name=Shibboleth (CentOS_7)
-# Please report any problems to https://issues.shibboleth.net
+# Please report any problems to https://shibboleth.atlassian.net/jira
 type=rpm-md
 mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
 gpgcheck=1
 gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
+        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
 enabled=1
diff --git a/comanage-match-shibboleth-sp/Dockerfile b/comanage-match-shibboleth-sp/Dockerfile
index c0f9fb2..7786aed 100644
--- a/comanage-match-shibboleth-sp/Dockerfile
+++ b/comanage-match-shibboleth-sp/Dockerfile
@@ -18,7 +18,7 @@
 # limitations under the License.
 ARG COMANAGE_MATCH_VERSION=develop
 ARG COMANAGE_MATCH_BASE_IMAGE_VERSION=1
-ARG COMANAGE_SHIBBOLETH_SP_VERSION="3.2.3"
+ARG COMANAGE_SHIBBOLETH_SP_VERSION="3.3.0"
 ARG COMANAGE_SHIBBOLETH_SP_BASE_IMAGE_VERSION=1
 
 FROM comanage-shibboleth-sp-base:${COMANAGE_SHIBBOLETH_SP_VERSION}-${COMANAGE_SHIBBOLETH_SP_BASE_IMAGE_VERSION} AS shib-base