Merge remote-tracking branch 'upstream/master' into Dulanic-patch-1

aptalca · aptalca · commit b58e7f866452 · 2019-12-19T17:01:43.000-05:00
diff --git a/Dockerfile b/Dockerfile
@@ -53,6 +53,7 @@ RUN \
 	php7-ftp \
 	php7-gd \
 	php7-iconv \
+	php7-imap \
 	php7-intl \
 	php7-ldap \
 	php7-mcrypt \
@@ -65,6 +66,7 @@ RUN \
 	php7-pdo_pgsql \
 	php7-pdo_sqlite \
 	php7-pear \
+	php7-pecl-apcu \
 	php7-pecl-imagick \
 	php7-pecl-redis \
 	php7-pgsql \
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
@@ -53,6 +53,7 @@ RUN \
 	php7-ftp \
 	php7-gd \
 	php7-iconv \
+	php7-imap \
 	php7-intl \
 	php7-ldap \
 	php7-mcrypt \
@@ -65,6 +66,7 @@ RUN \
 	php7-pdo_pgsql \
 	php7-pdo_sqlite \
 	php7-pear \
+	php7-pecl-apcu \
 	php7-pecl-imagick \
 	php7-pecl-redis \
 	php7-pgsql \
diff --git a/Dockerfile.armhf b/Dockerfile.armhf
@@ -53,6 +53,7 @@ RUN \
 	php7-ftp \
 	php7-gd \
 	php7-iconv \
+	php7-imap \
 	php7-intl \
 	php7-ldap \
 	php7-mcrypt \
@@ -65,6 +66,7 @@ RUN \
 	php7-pdo_pgsql \
 	php7-pdo_sqlite \
 	php7-pear \
+	php7-pecl-apcu \
 	php7-pecl-imagick \
 	php7-pecl-redis \
 	php7-pgsql \
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -617,7 +617,7 @@ pipeline {
                   docker manifest push --purge ${MANIFESTIMAGE}:latest
                   docker manifest push --purge ${MANIFESTIMAGE}:${META_TAG} 
                 done
-                for LEGACYIMAGE in "${QUAYIMAGE}" "${GITHUBIMAGE}"; do
+                for LEGACYIMAGE in "${GITHUBIMAGE}" "${QUAYIMAGE}"; do
                   docker tag ${IMAGE}:amd64-${META_TAG} ${LEGACYIMAGE}:amd64-${META_TAG}
                   docker tag ${IMAGE}:arm32v7-${META_TAG} ${LEGACYIMAGE}:arm32v7-${META_TAG}
                   docker tag ${IMAGE}:arm64v8-${META_TAG} ${LEGACYIMAGE}:arm64v8-${META_TAG}
@@ -731,12 +731,12 @@ pipeline {
           sh 'echo "build aborted"'
         }
         else if (currentBuild.currentResult == "SUCCESS"){
-          sh ''' curl -X POST --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 1681177,\
                  "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  Success\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }
         else {
-          sh ''' curl -X POST --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
+          sh ''' curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://wiki.jenkins-ci.org/download/attachments/2916393/headshot.png","embeds": [{"color": 16711680,\
                  "description": "**Build:**  '${BUILD_NUMBER}'\\n**CI Results:**  '${CI_URL}'\\n**ShellCheck Results:**  '${SHELLCHECK_URL}'\\n**Status:**  failure\\n**Job:** '${RUN_DISPLAY_URL}'\\n**Change:** '${CODE_URL}'\\n**External Release:**: '${RELEASE_LINK}'\\n**DockerHub:** '${DOCKERHUB_LINK}'\\n"}],\
                  "username": "Jenkins"}' ${BUILDS_DISCORD} '''
         }
diff --git a/README.md b/README.md
@@ -5,7 +5,6 @@
 [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?style=flat-square&color=E68523&logo=discourse&logoColor=FFFFFF)](https://discourse.linuxserver.io "post on our community forum.")
 [![Fleet](https://img.shields.io/static/v1.svg?style=flat-square&color=E68523&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.")
 [![GitHub](https://img.shields.io/static/v1.svg?style=flat-square&color=E68523&label=linuxserver.io&message=GitHub&logo=github&logoColor=FFFFFF)](https://github.com/linuxserver "view the source for all of our repositories.")
-[![Podcast](https://img.shields.io/static/v1.svg?style=flat-square&color=E68523&label=linuxserver.io&message=Podcast)](https://anchor.fm/linuxserverio "on hiatus. Coming back soon (late 2018).")
 [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?style=flat-square&color=E68523&label=Supporters&logo=open%20collective&logoColor=FFFFFF)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget")
 
 The [LinuxServer.io](https://linuxserver.io) team brings you another container release featuring :-
@@ -22,7 +21,6 @@ Find us at:
 * [Discourse](https://discourse.linuxserver.io) - post on our community forum.
 * [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images.
 * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories.
-* [Podcast](https://anchor.fm/linuxserverio) - on hiatus. Coming back soon (late 2018).
 * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget
 
 # [linuxserver/letsencrypt](https://github.com/linuxserver/docker-letsencrypt)
@@ -137,7 +135,7 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e URL=yourdomain.url` | Top url you have control over (`customdomain.com` if you own it, or `customsubdomain.ddnsprovider.com` if dynamic dns). |
 | `-e SUBDOMAINS=www,` | Subdomains you'd like the cert to cover (comma separated, no spaces) ie. `www,ftp,cloud`. For a wildcard cert, set this _exactly_ to `wildcard` (wildcard cert is available via `dns` and `duckdns` validation only) |
 | `-e VALIDATION=http` | Letsencrypt validation method to use, options are `http`, `tls-sni`, `dns` or `duckdns` (`dns` method also requires `DNSPLUGIN` variable set) (`duckdns` method requires `DUCKDNSTOKEN` variable set, and the `SUBDOMAINS` variable must be either empty or set to `wildcard`). |
-| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `cloudflare`, `cloudxns`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `google`, `inwx`, `linode`, `luadns`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini file under `/config/dns-conf`. |
+| `-e DNSPLUGIN=cloudflare` | Required if `VALIDATION` is set to `dns`. Options are `cloudflare`, `cloudxns`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `google`, `inwx`, `linode`, `luadns`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`. |
 | `-e DUCKDNSTOKEN=<token>` | Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org |
 | `-e EMAIL=<e-mail>` | Optional e-mail address used for cert expiration notifications. |
 | `-e DHLEVEL=2048` | Dhparams bit value (default=2048, can be set to `1024` or `4096`). |
@@ -146,6 +144,18 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
 | `-v /config` | All the config files including the webroot reside here. |
 
+## Environment variables from files (Docker secrets)
+
+You can set any environment variable from a file by using a special prepend `FILE__`. 
+
+As an example:
+
+```
+-e FILE__PASSWORD=/run/secrets/mysecretpassword
+```
+
+Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
+
 ## User / Group Identifiers
 
 When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
@@ -167,7 +177,7 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel
 * Before running this container, make sure that the url and subdomains are properly forwarded to this container's host, and that port 443 (and/or 80) is not being used by another service on the host (NAS gui, another webserver, etc.).
 * For `http` validation, port 80 on the internet side of the router should be forwarded to this container's port 80
 * For `tls-sni` validation, port 443 on the internet side of the router should be forwarded to this container's port 443
-* For `dns` validation, make sure to enter your credentials into the corresponding ini file under `/config/dns-conf`
+* For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
   * Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
   * Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
 * For `duckdns` validation, either leave the `SUBDOMAINS` variable empty or set it to `wildcard`, and set the `DUCKDNSTOKEN` variable with your duckdns token. Due to a limitation of duckdns, the resulting cert will only cover either main subdomain (ie. `yoursubdomain.duckdns.org`), or sub-subdomains (ie. `*.yoursubdomain.duckdns.org`), but will not both at the same time. You can use our [duckdns image](https://hub.docker.com/r/linuxserver/duckdns/) to update your IP on duckdns.org.
@@ -273,6 +283,8 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **18.12.19:** - Add php7-imap and php7-pecl-apcu.
+* **11.12.19:** - Fix Google Cloud DNS to use .json file for authentication.
 * **20.11.19:** - Fix cryptography version mismatch due to pip issue.
 * **17.11.19:** - Add php7-pdo_odbc.
 * **17.11.19:** - Add transip dns validation plugin.
diff --git a/package_versions.txt b/package_versions.txt
@@ -7,6 +7,7 @@ apr-util-1.6.1-r6
 argon2-libs-20171227-r2
 bash-5.0.0-r0
 busybox-1.30.1-r3
+c-client-2007f-r10
 ca-certificates-20190108-r0
 ca-certificates-cacert-20190108-r0
 coreutils-8.31-r0
@@ -17,14 +18,14 @@ fail2ban-0.10.4-r1
 fontconfig-2.13.1-r0
 freetype-2.10.0-r0
 gdbm-1.13-r1
-git-2.22.0-r0
-git-perl-2.22.0-r0
+git-2.22.2-r0
+git-perl-2.22.2-r0
 glib-2.60.4-r0
 gmp-6.1.2-r1
-gnupg-2.2.16-r0
+gnupg-2.2.19-r0
 gnutls-3.6.8-r0
 icu-libs-64.2-r0
-imagemagick-libs-7.0.8.58-r0
+imagemagick-libs-7.0.8.68-r0
 ip6tables-1.8.3-r0
 iptables-1.8.3-r0
 lcms2-2.9-r1
@@ -122,7 +123,7 @@ pcre-8.43-r0
 pcre2-10.33-r0
 perl-5.28.2-r1
 perl-error-0.17027-r0
-perl-git-2.22.0-r0
+perl-git-2.22.2-r0
 php7-7.3.11-r0
 php7-bcmath-7.3.11-r0
 php7-bz2-7.3.11-r0
@@ -136,6 +137,7 @@ php7-fpm-7.3.11-r0
 php7-ftp-7.3.11-r0
 php7-gd-7.3.11-r0
 php7-iconv-7.3.11-r0
+php7-imap-7.3.11-r0
 php7-intl-7.3.11-r0
 php7-json-7.3.11-r0
 php7-ldap-7.3.11-r0
@@ -150,6 +152,7 @@ php7-pdo_odbc-7.3.11-r0
 php7-pdo_pgsql-7.3.11-r0
 php7-pdo_sqlite-7.3.11-r0
 php7-pear-7.3.11-r0
+php7-pecl-apcu-5.1.17-r1
 php7-pecl-igbinary-3.0.1-r1
 php7-pecl-imagick-3.4.4-r1
 php7-pecl-mcrypt-1.0.2-r1
@@ -182,7 +185,7 @@ python3-3.7.5-r1
 readline-8.0.0-r0
 scanelf-1.2.3-r0
 shadow-4.6-r2
-sqlite-libs-3.28.0-r1
+sqlite-libs-3.28.0-r2
 ssl_client-1.30.1-r3
 tzdata-2019c-r0
 unixodbc-2.3.7-r1
diff --git a/readme-vars.yml b/readme-vars.yml
@@ -51,7 +51,7 @@ cap_add_param_vars:
 # optional container parameters
 opt_param_usage_include_env: true
 opt_param_env_vars:
-  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `cloudflare`, `cloudxns`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `google`, `inwx`, `linode`, `luadns`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini file under `/config/dns-conf`." }
+  - { env_var: "DNSPLUGIN", env_value: "cloudflare", desc: "Required if `VALIDATION` is set to `dns`. Options are `cloudflare`, `cloudxns`, `digitalocean`, `dnsimple`, `dnsmadeeasy`, `google`, `inwx`, `linode`, `luadns`, `nsone`, `ovh`, `rfc2136`, `route53` and `transip`. Also need to enter the credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`." }
   - { env_var: "DUCKDNSTOKEN", env_value: "<token>", desc: "Required if `VALIDATION` is set to `duckdns`. Retrieve your token from https://www.duckdns.org" }
   - { env_var: "EMAIL", env_value: "<e-mail>", desc: "Optional e-mail address used for cert expiration notifications." }
   - { env_var: "DHLEVEL", env_value: "2048", desc: "Dhparams bit value (default=2048, can be set to `1024` or `4096`)." }
@@ -81,7 +81,7 @@ app_setup_block: |
   * Before running this container, make sure that the url and subdomains are properly forwarded to this container's host, and that port 443 (and/or 80) is not being used by another service on the host (NAS gui, another webserver, etc.).
   * For `http` validation, port 80 on the internet side of the router should be forwarded to this container's port 80
   * For `tls-sni` validation, port 443 on the internet side of the router should be forwarded to this container's port 443
-  * For `dns` validation, make sure to enter your credentials into the corresponding ini file under `/config/dns-conf`
+  * For `dns` validation, make sure to enter your credentials into the corresponding ini (or json for some plugins) file under `/config/dns-conf`
     * Cloudflare provides free accounts for managing dns and is very easy to use with this image. Make sure that it is set up for "dns only" instead of "dns + proxy"
     * Google dns plugin is meant to be used with "Google Cloud DNS", a paid enterprise product, and not for "Google Domains DNS"
   * For `duckdns` validation, either leave the `SUBDOMAINS` variable empty or set it to `wildcard`, and set the `DUCKDNSTOKEN` variable with your duckdns token. Due to a limitation of duckdns, the resulting cert will only cover either main subdomain (ie. `yoursubdomain.duckdns.org`), or sub-subdomains (ie. `*.yoursubdomain.duckdns.org`), but will not both at the same time. You can use our [duckdns image](https://hub.docker.com/r/linuxserver/duckdns/) to update your IP on duckdns.org.
@@ -126,6 +126,8 @@ app_setup_nginx_reverse_proxy_block: ""
 
 # changelog
 changelogs:
+  - { date: "18.12.19:", desc: "Add php7-imap and php7-pecl-apcu." }
+  - { date: "11.12.19:", desc: "Fix Google Cloud DNS to use .json file for authentication." }
   - { date: "20.11.19:", desc: "Fix cryptography version mismatch due to pip issue." }
   - { date: "17.11.19:", desc: "Add php7-pdo_odbc." }
   - { date: "17.11.19:", desc: "Add transip dns validation plugin." }
diff --git a/root/defaults/dns-conf/google.ini b/root/defaults/dns-conf/google.ini
diff --git a/root/defaults/dns-conf/google.json b/root/defaults/dns-conf/google.json
@@ -0,0 +1,6 @@
+{
+  "instructions": "https://github.com/certbot/certbot/blob/master/certbot-dns-google/certbot_dns_google/__init__.py",
+  "_comment": "Replace with your values",
+  "type": "service_account",
+  "rest": "..."
+}
diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config
@@ -174,6 +174,8 @@ fi
 if [ "$VALIDATION" = "dns" ]; then
   if [ "$DNSPLUGIN" = "route53" ]; then
     PREFCHAL="--dns-${DNSPLUGIN} --manual-public-ip-logging-ok"
+  elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
+    PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json --manual-public-ip-logging-ok --dns-${DNSPLUGIN}-propagation-seconds 120"
   elif [[ "$DNSPLUGIN" =~ ^(inwx|transip)$ ]]; then
     PREFCHAL="-a certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini --manual-public-ip-logging-ok"
   else
@@ -224,6 +226,13 @@ fi
 # saving new variables
 echo -e "ORIGURL=\"$URL\" ORIGSUBDOMAINS=\"$SUBDOMAINS\" ORIGONLY_SUBDOMAINS=\"$ONLY_SUBDOMAINS\" ORIGEXTRA_DOMAINS=\"$EXTRA_DOMAINS\" ORIGDHLEVEL=\"$DHLEVEL\" ORIGVALIDATION=\"$VALIDATION\" ORIGDNSPLUGIN=\"$DNSPLUGIN\" ORIGSTAGING=\"$STAGING\" ORIGDUCKDNSTOKEN=\"$DUCKDNSTOKEN\"" > /config/donoteditthisfile.conf
 
+# alter extension for error message
+if [ "$DNSPLUGIN" = "google" ]; then
+  FILENAME="$DNSPLUGIN.json"
+else
+  FILENAME="$DNSPLUGIN.ini"
+fi
+
 # generating certs if necessary
 if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
   echo "Generating new certificate"
@@ -233,7 +242,7 @@ if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
     cd /config/keys/letsencrypt || exit
   else
     if [ "$VALIDATION" = "dns" ]; then
-      echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${DNSPLUGIN}.ini file."
+      echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/${FILENAME} file."
     elif [ "$VALIDATION" = "duckdns" ]; then
       echo "ERROR: Cert does not exist! Please see the validation error above. Make sure your DUCKDNSTOKEN is correct."
     else
