update sealer key rotation script and bump base from rocky 8.9 to 8.10

docker · Aug 16, 2024 · 43a1723 · 43a1723
1 parent 5f78603
commit 43a1723
Showing 3 changed files with 22 additions and 19 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$TARGETPLATFORM rockylinux:8.9
+FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10
 
 ########################
 ### VERSION SETTINGS ###
@@ -10,7 +10,7 @@ ENV TOMCAT_MAJOR=10 \
 ##shib-idp \
     VERSION=5.1.3 \
 ##TIER \
-    TIERVERSION=20240813_rocky8_multiarch \
+    TIERVERSION=20240816_rocky8_multiarch \
 #################### \
 #### OTHER VARS #### \
 #################### \

diff --git a/container_files/idp/rotateSealerKey.sh b/container_files/idp/rotateSealerKey.sh
@@ -16,22 +16,17 @@ then
     exit 1
  fi
 
- # Default JAVA_HOME if not already set
- if [ -d "${JAVA_HOME:=/usr}" ]
- then
-    export JAVA_HOME=${JAVA_HOME:=/usr}
- else
-    echo "ERROR: JAVA_HOME Directory does not exist: ${JAVA_HOME:=/usr}" >&2
-    exit 1
- fi
-
  function get_config {
     # Key to lookup (escape . for regex lookup)
     local KEY=${1:?"No key provided to look up value"}
     # Passed default value
     local DEFAULT="${2:-}"
     # Lookup key, strip spaces, replace idp.home with IDP_HOME value
     local RESULT=$(sed -rn '/^'"${KEY//./\\.}"'\s*=/ { s|^[^=]*=(.*)\s*$|\1|; s|%\{idp\.home\}|'"${IDP_HOME}"'|g; p}' ${IDP_HOME}/conf/idp.properties)
+    if [ -z "$RESULT" ]
+    then
+       local RESULT=$(sed -rn '/^'"${KEY//./\\.}"'\s*=/ { s|^[^=]*=(.*)\s*$|\1|; s|%\{idp\.home\}|'"${IDP_HOME}"'|g; p}' ${IDP_HOME}/credentials/secrets.properties)
+    fi
     # Set if no result with default - exit if no default
     echo ${RESULT:-${DEFAULT:?"No value in config and no default defined for: '${KEY}'"}}
  }
@@ -48,12 +43,19 @@ then
  sync_hosts=$(get_config idp.sealer._sync_hosts ${HOSTNAME})
 
  # Run the keygen utility
- ${0%/*}/runclass.sh net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool \
-    --storefile "${storefile}" \
-    --storepass "${storepass}" \
-    --versionfile "${versionfile}" \
-    --alias "${alias}" \
-    --count "${count}"
+ ${0%/*}/seckeygen.sh \
+     --storefile "${storefile}" \
+     --storepass "${storepass}" \
+     --versionfile "${versionfile}" \
+     --alias "${alias}" \
+     --count "${count}"
+
+# ${0%/*}/runclass.sh net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool \
+#    --storefile "${storefile}" \
+#    --storepass "${storepass}" \
+#    --versionfile "${versionfile}" \
+#    --alias "${alias}" \
+#    --count "${count}"
 
  # Display current version
  echo "INFO: $(tac "${versionfile}" | tr "\n" " ")" >&2
@@ -73,3 +75,4 @@ then
  done
 
 fi
+
diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile
@@ -1,12 +1,12 @@
-FROM i2incommon/shibboleth_sp:latest
+FROM i2incommon/shibboleth_sp:3.4.1_05152024_rocky9_multiarch
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
       Vendor="TIER" \
       ImageType="Shibboleth SP" \
       ImageName=$imagename \
       ImageOS=centos7
 
-RUN yum -y update; yum -y install php
+RUN dnf -y update; dnf -y install php
 
 ADD container_files/shibboleth2.xml /etc/shibboleth/
 ADD container_files/idp-metadata.xml /etc/shibboleth/