Verified Commit 53775585 authored by Quentin Duchemin's avatar Quentin Duchemin
Browse files

Re-add jq for default config generation, ignore CVE

parent c25ae68f
......@@ -13,6 +13,7 @@ ARG PGID=5000
RUN apk add --no-cache \
ca-certificates \
curl \
jq \
libc6-compat \
libffi-dev \
libcap \
......
......@@ -13,16 +13,16 @@ Aussi, on n'utilise pas le système de sauvegarde `WAL-e`, ce qui nous permet d'
Enfin, le Docker Compose est adapté à notre configuration.
### Utilisation
### Création d'une nouvelle instance
Assurez-vous que les volumes suivants existent (`docker volume`). Sinon, créez-les avec `docker volume create`.
* mattermost-config
* mattermost-db
* mattermost-data
* mattermost-plugins
Assurez-vous que les volumes suivants existent (`docker volume ls`). Sinon, créez-les avec `docker volume create`.
* `mattermost-config`
* `mattermost-db`
* `mattermost-data`
* `mattermost-plugins`
qduchemi@pica01-test:~/dockerfiles/pica-mattermost$ docker volume create mattermost-plugins
Copier `secrets/mattermost-db.secrets.example` dans `secrets/mattermost-db.secrets` et remplacer les valeurs des identifiants.
Lancer `docker-compose up -d`. On notera l'utilisation de la variable `DB_HOST` dans le fichier Docker Compose, qui ne devrait pas avoir à être modifiée si on ne touche pas le nom du service de base de données.
### Procédure de mise à jour
......
generalwhitelist:
CVE-2016-4074: jq -> pas de contre mesure, pas utilisé par Mattermost mais juste par l'entrypoint, pas de risque en remote
......@@ -11,11 +11,49 @@ if [ "${1:0:1}" = '-' ]; then
fi
if [ "$1" = 'mattermost' ]; then
# Check CLI args for a -config option
for ARG in $@;
do
case "$ARG" in
-config=*)
MM_CONFIG=${ARG#*=};;
esac
done
if [ ! -f $MM_CONFIG ]
then
# If there is no configuration file, create it with some default values
echo "No configuration file" $MM_CONFIG
echo "Creating a new one"
# Copy default configuration file
cp /config.json.save $MM_CONFIG
# Substitue some parameters with jq
jq '.ServiceSettings.ListenAddress = ":8000"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.LogSettings.EnableConsole = true' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.LogSettings.ConsoleLevel = "ERROR"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.FileSettings.Directory = "/mattermost/data/"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.FileSettings.EnablePublicLink = true' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.FileSettings.PublicLinkSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.EmailSettings.SendEmailNotifications = false' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.EmailSettings.FeedbackEmail = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.EmailSettings.SMTPServer = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.EmailSettings.SMTPPort = ""' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.EmailSettings.InviteSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.EmailSettings.PasswordResetSalt = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.RateLimitSettings.Enable = true' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.SqlSettings.DriverName = "postgres"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.SqlSettings.AtRestEncryptKey = "'$(generate_salt)'"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
jq '.PluginSettings.Directory = "/mattermost/plugins/"' $MM_CONFIG > $MM_CONFIG.tmp && mv $MM_CONFIG.tmp $MM_CONFIG
else
echo "Using existing config file" $MM_CONFIG
fi
# Configure database access
if [[ -z "$MM_SQLSETTINGS_DATASOURCE" && ! -z "$MM_USERNAME" && ! -z "$MM_PASSWORD" ]]
then
echo -ne "Configure database connection..."
export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$MM_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=disable&connect_timeout=10"
# URLEncode the password, allowing for special characters
ENCODED_PASSWORD=$(printf %s $MM_PASSWORD | jq -s -R -r @uri)
export MM_SQLSETTINGS_DATASOURCE="postgres://$MM_USERNAME:$ENCODED_PASSWORD@$DB_HOST:$DB_PORT_NUMBER/$MM_DBNAME?sslmode=disable&connect_timeout=10"
echo OK
else
echo "Using existing database connection"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment