Merge branch 'freddev' into 'master'

Freddev See merge request fredbcode-images/squid!2
2021-10-28 12:04:47 +00:00 · 2021-10-28 12:04:47 +00:00 · 3ed66bd944
commit 3ed66bd944
parent 40faffda55 4b399e7498
5 changed files with 73 additions and 161 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -6,6 +6,7 @@ cache:
  key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"

 stages:
+  - quality
  - Docker-hub-build
  - Docker-hub-test
  - Docker-hub-pushtag
@ -16,3 +17,11 @@ stages:
 include:
  - 'gitlabci/docker-hub.yml'
  - 'gitlabci/docker-hub-arm.yml'
+
+hadolint:
+  image: hadolint/hadolint:latest-debian
+  stage: quality
+  before_script:
+    - cd $CI_PROJECT_DIR 
+  script:
+    - hadolint --ignore DL3008 Dockerfile 
--- a/79
+++ b/79
@ -1,13 +1,10 @@
-FROM debian:bullseye-slim
-
+FROM debian:bullseye-slim as buildamd
 ARG SQUID_VERSION
 ENV ENV_SQUID_VERSION=$SQUID_VERSION
-
 WORKDIR /tmp
 RUN echo "deb-src http://deb.debian.org/debian bullseye main contrib" >> /etc/apt/sources.list && apt-get update && apt-get --no-upgrade --no-install-recommends -y build-dep squid && apt-get --no-install-recommends -y install wget tar xz-utils libssl-dev libssl1.1 winbind \
-    && wget http://www.squid-cache.org/Versions/v5/$SQUID_VERSION \
-    && mkdir squid && tar -C squid --strip-components=1 -xzf $SQUID_VERSION \
-    && cd squid \
+    && wget --progress=dot:giga http://www.squid-cache.org/Versions/v5/$SQUID_VERSION \
+    && tar -C /tmp --strip-components=1 -xzf $SQUID_VERSION \
    && ./configure \
        --prefix=/usr \
        --datadir=/usr/share/squid \
@ -58,40 +55,42 @@ RUN echo "deb-src http://deb.debian.org/debian bullseye main contrib" >> /etc/ap
 		--with-large-files \
 		--enable-removal-policies="lru,heap" \
    && make \
+    && find /tmp/ -type f -name "Makefil*" -delete \
+    && find /tmp/ -type f -name "*.in" -delete 
+
 # Instal
-    && cd /tmp/squid && apt-get install --no-install-recommends -y libxml2 ca-certificates \
-    && adduser --no-create-home --uid 1161 --group --system squid \
+FROM debian:bullseye-slim
+COPY --from=buildamd --chown=1161 /tmp/src/auth/basic/LDAP/basic_ldap_auth /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/auth/digest/LDAP/digest_ldap_auth /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/auth/negotiate/kerberos/negotiate_kerberos_auth /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/log/DB/log_db_daemon /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/log/file/log_file_daemon /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/unlinkd /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/http/url_rewriters/LFS/url_lfs_rewrite /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/http/url_rewriters/fake/url_fake_rewrite /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/http/url_rewriters/fake/url_fake_rewrite.sh /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/mime.conf.default /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/security/cert_validators/fake/security_fake_certverify /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/security/cert_generators/file/security_file_certgen /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/acl/external/delayer/ext_delayer_acl /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/acl/external/SQL_session/ext_sql_session_acl /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/acl/external/wbinfo_group/ext_wbinfo_group_acl /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/acl/external/LDAP_group/ext_ldap_group_acl /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/acl/external/eDirectory_userip/ext_edirectory_userip_acl /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/acl/external/unix_group/ext_unix_group_acl /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/store/id_rewriters/file/storeid_file_rewrite /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/src/DiskIO/DiskDaemon/diskd /usr/lib/squid/ 
+COPY --from=buildamd --chown=1161 /tmp/errors /usr/share/squid/errors 
+COPY --from=buildamd --chown=1161 /tmp/icons /usr/share/squid/icons 
+COPY --from=buildamd --chown=1161 /tmp/src/squid /usr/sbin/ 
+COPY --from=buildamd --chown=1161 /tmp/tools/squidclient/squidclient /usr/sbin/ 
+COPY --from=buildamd --chown=1161 /tmp/src/mime.conf.default /etc/squid/mime.conf 
+COPY --from=buildamd --chown=1161 /tmp/src/squid.conf.default /etc/squid/squid.conf 
+RUN adduser --no-create-home --uid 1161 --group --system squid \
    && mkdir -p /usr/share/squid \
    && mkdir -p /usr/lib/squid \
-    && mkdir /etc/squid/ \
    && mkdir -p /var/log/squid \
    && mkdir -p /var/cache/squid \
-    && cp src/auth/basic/LDAP/basic_ldap_auth /usr/lib/squid/ \
-    && cp src/auth/digest/LDAP/digest_ldap_auth /usr/lib/squid/ \
-    && cp src/auth/negotiate/kerberos/negotiate_kerberos_auth /usr/lib/squid/ \
-    && cp src/log/DB/log_db_daemon /usr/lib/squid/ \
-    && cp src/log/file/log_file_daemon /usr/lib/squid/ \
-    && cp src/unlinkd /usr/lib/squid/ \
-    && cp src/http/url_rewriters/LFS/url_lfs_rewrite /usr/lib/squid/ \
-    && cp src/http/url_rewriters/fake/url_fake_rewrite /usr/lib/squid/ \
-    && cp src/http/url_rewriters/fake/url_fake_rewrite.sh /usr/lib/squid/ \
-    && cp src/mime.conf.default /usr/lib/squid/ \
-    && cp src/security/cert_validators/fake/security_fake_certverify /usr/lib/squid/ \
-    && cp src/security/cert_generators/file/security_file_certgen /usr/lib/squid/ \
-    && cp src/acl/external/delayer/ext_delayer_acl /usr/lib/squid/ \
-    && cp src/acl/external/SQL_session/ext_sql_session_acl /usr/lib/squid/ \
-    && cp src/acl/external/wbinfo_group/ext_wbinfo_group_acl /usr/lib/squid/ \
-    && cp src/acl/external/LDAP_group/ext_ldap_group_acl /usr/lib/squid/ \
-    && cp src/acl/external/eDirectory_userip/ext_edirectory_userip_acl /usr/lib/squid/ \
-    && cp src/acl/external/unix_group/ext_unix_group_acl /usr/lib/squid/ \
-    && cp src/store/id_rewriters/file/storeid_file_rewrite /usr/lib/squid/ \
-    && cp src/DiskIO/DiskDaemon/diskd /usr/lib/squid/ \
-    && cp -r errors /usr/share/squid/ \
-    && cp -r icons /usr/share/squid/ \
-    && cp src/squid /usr/sbin/ \
-    && cp tools/squidclient/squidclient /usr/sbin/ \
-    && cp src/mime.conf.default /etc/squid/mime.conf \
-    && cp src/squid.conf.default /etc/squid/squid.conf \
    && chown -Rf squid /etc/squid \
    && chown -Rf squid /usr/lib/squid \
    && chown -Rf squid /var/log/squid \
@ -100,17 +99,13 @@ RUN echo "deb-src http://deb.debian.org/debian bullseye main contrib" >> /etc/ap
    && echo "access_log stdio:/var/log/squid/access.log" >> /etc/squid/squid.conf \
    && echo "cache_log /var/log/squid/cache.log" >> /etc/squid/squid.conf \
    && echo "cache_effective_user squid" >> /etc/squid/squid.conf \
-# Clean
-    && apt-get remove -y --purge libssl-dev wget make gcc g++ xz-utils libldap2-dev libpam0g-dev libdb-dev cdbs libsasl2-dev debhelper libcppunit-dev libkrb5-dev comerr-dev libcap2-dev libecap3-dev libexpat1-dev libxml2-dev autotools-dev libltdl-dev dpkg-dev pkg-config libnetfilter-conntrack-dev nettle-dev libgnutls28-dev lsb-release libldap2-dev libpam0g-dev libdb-dev cdbs libsasl2-dev debhelper libcppunit-dev libkrb5-dev comerr-dev libcap2-dev libecap3-dev libexpat1-dev libxml2-dev autotools-dev libltdl-dev dpkg-dev pkg-config libnetfilter-conntrack-dev nettle-dev libgnutls28-dev lsb-release \
-    && apt-get auto-remove -y && apt-get clean autoclean \
-# Remove for first layer 
-    && rm -rf /var/lib/apt/lists/* && rm -Rf /tmp/* 
 # Packages dependencies installation for running and clean again 
-RUN apt-get update && apt-get install -y --no-install-recommends net-tools rsync libexpat1 libltdl7 libxml2 openssl ca-certificates libldap-2.4-2 libecap3 libdb5.3 libatomic1 \
+    && apt-get update && apt-get install -y --no-install-recommends ca-certificates net-tools rsync libexpat1 libltdl7 libxml2 openssl ca-certificates libldap-2.4-2 libecap3 libcap2 libdb5.3 libatomic1 \
+    && apt-get auto-remove -y && apt-get clean autoclean \
    && rm -rf /var/lib/apt/lists/* && rm -Rf /tmp/* 

 COPY run.sh /
 RUN chmod +x /run.sh
-HEALTHCHECK CMD squidclient -p 3128 || exit 1
+HEALTHCHECK CMD squidclient mgr:index | grep "HTTP/1.1 200 OK" || exit 1
 EXPOSE 3128
 ENTRYPOINT ["/run.sh"]
--- a/Dockerfile.arm
+++ b/Dockerfile.arm
@ -1,116 +0,0 @@
-FROM debian:bullseye-slim
-
-ARG SQUID_VERSION
-ENV ENV_SQUID_VERSION=$SQUID_VERSION
-
-WORKDIR /tmp
-RUN echo "deb-src http://deb.debian.org/debian bullseye main contrib" >> /etc/apt/sources.list && apt-get update && apt-get --no-install-recommends -y build-dep squid && apt-get --no-install-recommends -y install wget tar xz-utils libssl-dev libssl1.1 winbind \
-    && wget http://www.squid-cache.org/Versions/v5/$SQUID_VERSION \
-    && mkdir squid && tar -C squid --strip-components=1 -xzf $SQUID_VERSION \
-    && cd squid \
-    && ./configure \
-        --prefix=/usr \
-        --datadir=/usr/share/squid \
-		--build=arm-linux-gnueabihf \
-		--enable-cache-digests \
-		--includedir=/usr/include \
-		--program-prefix= \
-		--libdir=/usr/lib \
-		--libexecdir=/usr/lib/squid \
-		--localstatedir=/var \
-		--sharedstatedir=/usr/com \
-		--mandir=/usr/share/man \
-		--infodir=/usr/share/info \
-		--enable-icap-client \
-		--enable-icap-support \
-		--enable-async-io \
-		--with-pthreads \
-        --with-winbind \
-		--bindir=/usr/sbin \
-		--sbindir=/usr/sbin \
-		--with-squid=/usr/lib/squid \
-		--disable-ipv6 \
-		--enable-ltdl-convenience \
-		--enable-http-violations \
-		build_alias="arm-linux-gnueabihf" \
-		CFLAGS="-g -O2 -g -Wall -O2" \
-		LDFLAGS= \
-		CPPFLAGS= \
-		CXXFLAGS="-g -O2 -g -Wall -O2" \
-		--without-netfilter-conntrack \
-		--disable-arch-native \
-		--enable-follow-x-forwarded-for \
-		--enable-ssl \
-		--enable-ssl-crtd \ 
-		--with-openssl \
-		--enable-storeio="aufs,diskd,ufs" \
-		--exec-prefix=/usr \
-		--enable-auth-basic="LDAP" \
-		--enable-auth-digest="LDAP" \
-		--enable-auth-ntlm \
-		--enable-auth-negotiate \
-        --enable-negotiate-auth-helpers \
-	    --with-krb5-config=yes \
-		--enable-icap-client \
-		--sysconfdir=/etc/squid \
-		--with-filedescriptors=48000 \
-		--enable-delay-pools \
-		--with-large-files \
-		--enable-removal-policies="lru,heap" \
-    && make \
-# Instal
-    && cd /tmp/squid && apt-get install --no-install-recommends -y libxml2 ca-certificates \
-    && adduser --no-create-home --uid 1161 --group --system squid \
-    && mkdir -p /usr/share/squid \
-    && mkdir -p /usr/lib/squid \
-    && mkdir /etc/squid/ \
-    && mkdir -p /var/log/squid \
-    && mkdir -p /var/cache/squid \
-    && cp src/auth/basic/LDAP/basic_ldap_auth /usr/lib/squid/ \
-    && cp src/auth/digest/LDAP/digest_ldap_auth /usr/lib/squid/ \
-    && cp src/auth/negotiate/kerberos/negotiate_kerberos_auth /usr/lib/squid/ \
-    && cp src/log/DB/log_db_daemon /usr/lib/squid/ \
-    && cp src/log/file/log_file_daemon /usr/lib/squid/ \
-    && cp src/unlinkd /usr/lib/squid/ \
-    && cp src/http/url_rewriters/LFS/url_lfs_rewrite /usr/lib/squid/ \
-    && cp src/http/url_rewriters/fake/url_fake_rewrite /usr/lib/squid/ \
-    && cp src/http/url_rewriters/fake/url_fake_rewrite.sh /usr/lib/squid/ \
-    && cp src/mime.conf.default /usr/lib/squid/ \
-    && cp src/security/cert_validators/fake/security_fake_certverify /usr/lib/squid/ \
-    && cp src/security/cert_generators/file/security_file_certgen /usr/lib/squid/ \
-    && cp src/acl/external/delayer/ext_delayer_acl /usr/lib/squid/ \
-    && cp src/acl/external/SQL_session/ext_sql_session_acl /usr/lib/squid/ \
-    && cp src/acl/external/wbinfo_group/ext_wbinfo_group_acl /usr/lib/squid/ \
-    && cp src/acl/external/LDAP_group/ext_ldap_group_acl /usr/lib/squid/ \
-    && cp src/acl/external/eDirectory_userip/ext_edirectory_userip_acl /usr/lib/squid/ \
-    && cp src/acl/external/unix_group/ext_unix_group_acl /usr/lib/squid/ \
-    && cp src/store/id_rewriters/file/storeid_file_rewrite /usr/lib/squid/ \
-    && cp src/DiskIO/DiskDaemon/diskd /usr/lib/squid/ \
-    && cp -r errors /usr/share/squid/ \
-    && cp -r icons /usr/share/squid/ \
-    && cp src/squid /usr/sbin/ \
-    && cp tools/squidclient/squidclient /usr/sbin/ \
-    && cp src/mime.conf.default /etc/squid/mime.conf \
-    && cp src/squid.conf.default /etc/squid/squid.conf \
-    && chown -Rf squid /etc/squid \
-    && chown -Rf squid /usr/lib/squid \
-    && chown -Rf squid /var/log/squid \
-    && chown -Rf squid /var/cache/squid \
-    && echo "cache_dir diskd /var/cache/squid/\${service_name} 130 51 51" >> /etc/squid/squid.conf \
-    && echo "access_log stdio:/var/log/squid/access.log" >> /etc/squid/squid.conf \
-    && echo "cache_log /var/log/squid/cache.log" >> /etc/squid/squid.conf \
-    && echo "cache_effective_user squid" >> /etc/squid/squid.conf \
-# Clean
-    && apt-get remove -y --purge libssl-dev wget make gcc g++ xz-utils libldap2-dev libpam0g-dev libdb-dev cdbs libsasl2-dev debhelper libcppunit-dev libkrb5-dev comerr-dev libcap2-dev libecap3-dev libexpat1-dev libxml2-dev autotools-dev libltdl-dev dpkg-dev pkg-config libnetfilter-conntrack-dev nettle-dev libgnutls28-dev lsb-release libldap2-dev libpam0g-dev libdb-dev cdbs libsasl2-dev debhelper libcppunit-dev libkrb5-dev comerr-dev libcap2-dev libecap3-dev libexpat1-dev libxml2-dev autotools-dev libltdl-dev dpkg-dev pkg-config libnetfilter-conntrack-dev nettle-dev libgnutls28-dev lsb-release \
-    && apt-get auto-remove -y && apt-get clean autoclean \
-# Remove for first layer 
-    && rm -rf /var/lib/apt/lists/* && rm -Rf /tmp/* 
-# Packages dependencies installation for running and clean again 
-RUN apt-get update && apt-get install -y --no-install-recommends net-tools rsync libexpat1 libltdl7 libxml2 openssl ca-certificates libldap-2.4-2 libecap3 libdb5.3 libatomic1 \
-    && rm -rf /var/lib/apt/lists/* && rm -Rf /tmp/* 
-
-COPY run.sh /
-RUN chmod +x /run.sh
-HEALTHCHECK CMD squidclient -p 3128 || exit 1
-EXPOSE 3128
-ENTRYPOINT ["/run.sh"]
--- a/gitlabci/docker-hub-arm.yml
+++ b/gitlabci/docker-hub-arm.yml
@ -1,5 +1,5 @@
 variables:
-  CONTAINER_CLIENT_IMAGE: debian:buster      
+  CONTAINER_CLIENT_IMAGE: debian:latest      
  CONTAINER_TEST_NAME: squid
  CONTAINER_BUILD_NOPROD_NAME_ARM: $HUB_REGISTRY_IMAGE:build-noprod-arm
  SQUID_VERSION: '"$SQUID_VERSION"'
@ -18,7 +18,7 @@ docker-hub-build-arm:
    - cd $CI_PROJECT_DIR
    - apk add --no-cache curl
    - export SQUID_VERSION=$(curl -s http://www.squid-cache.org/Versions/v5/ | egrep -m 1 -oh squid-.*.tar.gz | cut -d '"' -f1)
-    - docker build -f Dockerfile.arm --build-arg SQUID_VERSION=$SQUID_VERSION --pull -t $CONTAINER_BUILD_NOPROD_NAME_ARM .
+    - docker build -f Dockerfile --build-arg SQUID_VERSION=$SQUID_VERSION --pull -t $CONTAINER_BUILD_NOPROD_NAME_ARM .
    - docker push $CONTAINER_BUILD_NOPROD_NAME_ARM

 .services-arm:
@ -40,6 +40,18 @@ docker-hub-test-arm:
    HOSTNAME: squidpipeline
  needs: ["docker-hub-build-arm"]

+dive-arm:
+  image: 
+    name: wagoodman/dive:latest
+    entrypoint: [""]
+  dependencies: []
+  stage: Docker-hub-test
+  script:
+    - docker pull $CONTAINER_BUILD_NOPROD_NAME_ARM
+    - dive $CONTAINER_BUILD_NOPROD_NAME_ARM
+  variables:
+    CI: "true"
+
 push-docker-hub-arm:
  stage: Docker-hub-pushtag
  image: docker:19.03.8-dind
--- a/gitlabci/docker-hub.yml
+++ b/gitlabci/docker-hub.yml
@ -1,5 +1,5 @@
 variables:
-  CONTAINER_CLIENT_IMAGE: debian:buster      
+  CONTAINER_CLIENT_IMAGE: debian:latest      
  CONTAINER_TEST_NAME: squid
  CONTAINER_BUILD_NOPROD_NAME_AMD64: $HUB_REGISTRY_IMAGE:build-noprod-amd64
  SQUID_VERSION: '"$SQUID_VERSION"'
@ -35,6 +35,18 @@ docker-hub-test:
    HOSTNAME: squidpipeline
  needs: ["docker-hub-build"]

+dive:
+  image: 
+    name: wagoodman/dive:latest
+    entrypoint: [""]
+  dependencies: []
+  stage: Docker-hub-test
+  script:
+    - docker pull $CONTAINER_BUILD_NOPROD_NAME_AMD64
+    - dive $CONTAINER_BUILD_NOPROD_NAME_AMD64
+  variables:
+    CI: "true"
+
 push-docker-hub:
  stage: Docker-hub-pushtag
  image: docker:dind