From ba8902f0b18ccf58d30081aa9cf80eb8574dd0f9 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Wed, 5 Jun 2024 11:52:48 +0200 Subject: [PATCH] os: updated all Alpine containers to 3.20 --- data/Dockerfiles/acme/Dockerfile | 8 +++----- data/Dockerfiles/backup/Dockerfile | 2 +- data/Dockerfiles/clamd/Dockerfile | 2 +- data/Dockerfiles/dockerapi/Dockerfile | 2 +- .../dockerapi/modules/DockerApi.py | 4 ++-- data/Dockerfiles/dovecot/Dockerfile | 6 ++---- data/Dockerfiles/netfilter/Dockerfile | 2 +- data/Dockerfiles/netfilter/main.py | 20 +++++++++---------- data/Dockerfiles/olefy/Dockerfile | 2 +- data/Dockerfiles/phpfpm/Dockerfile | 2 +- data/Dockerfiles/unbound/Dockerfile | 2 +- data/Dockerfiles/watchdog/Dockerfile | 2 +- docker-compose.yml | 18 ++++++++--------- 13 files changed, 34 insertions(+), 38 deletions(-) diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile index 39ac4c26..f22c7162 100644 --- a/data/Dockerfiles/acme/Dockerfile +++ b/data/Dockerfiles/acme/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.18 +FROM alpine:3.20 LABEL maintainer "The Infrastructure Company GmbH " -ARG PIP_BREAK_SYSTEM_PACKAGES=1 + RUN apk upgrade --no-cache \ && apk add --update --no-cache \ bash \ @@ -15,9 +15,7 @@ RUN apk upgrade --no-cache \ tini \ tzdata \ python3 \ - py3-pip \ - && pip3 install --upgrade pip \ - && pip3 install acme-tiny + acme-tiny --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ COPY acme.sh /srv/acme.sh COPY functions.sh /srv/functions.sh diff --git a/data/Dockerfiles/backup/Dockerfile b/data/Dockerfiles/backup/Dockerfile index f9d849b1..61c8bbe5 100644 --- a/data/Dockerfiles/backup/Dockerfile +++ b/data/Dockerfiles/backup/Dockerfile @@ -1,3 +1,3 @@ -FROM debian:bullseye-slim +FROM debian:bookworm-slim RUN apt update && apt install pigz \ No newline at end of file diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile index cdeedfdd..ab1e2550 100644 --- a/data/Dockerfiles/clamd/Dockerfile +++ b/data/Dockerfiles/clamd/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer "The Infrastructure Company GmbH " diff --git a/data/Dockerfiles/dockerapi/Dockerfile b/data/Dockerfiles/dockerapi/Dockerfile index d11f5dda..511c4623 100644 --- a/data/Dockerfiles/dockerapi/Dockerfile +++ b/data/Dockerfiles/dockerapi/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer "The Infrastructure Company GmbH " diff --git a/data/Dockerfiles/dockerapi/modules/DockerApi.py b/data/Dockerfiles/dockerapi/modules/DockerApi.py index ea1c104e..56019909 100644 --- a/data/Dockerfiles/dockerapi/modules/DockerApi.py +++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py @@ -358,8 +358,8 @@ class DockerApi: for line in cmd_response.split("\n"): if '$2$' in line: hash = line.strip() - hash_out = re.search('\$2\$.+$', hash).group(0) - rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip()) + hash_out = re.search(r'\$2\$.+$', hash).group(0) + rspamd_passphrase_hash = re.sub(r'[^0-9a-zA-Z\$]+', '', hash_out.rstrip()) rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc" cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename) cmd_response = self.exec_cmd_container(container, cmd, user="_rspamd") diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile index 586d8a73..c33772db 100644 --- a/data/Dockerfiles/dovecot/Dockerfile +++ b/data/Dockerfiles/dovecot/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer "The Infrastructure Company GmbH " # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?.*)$ @@ -62,7 +62,7 @@ RUN addgroup -g 5000 vmail \ perl-package-stash-xs \ perl-par-packer \ perl-parse-recdescent \ - perl-lockfile-simple --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community/ \ + perl-lockfile-simple \ libproc \ perl-readonly \ perl-regexp-common \ @@ -109,8 +109,6 @@ RUN addgroup -g 5000 vmail \ && chmod +x /usr/local/bin/gosu \ && gosu nobody true -# RUN cpan LockFile::Simple - COPY trim_logs.sh /usr/local/bin/trim_logs.sh COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf diff --git a/data/Dockerfiles/netfilter/Dockerfile b/data/Dockerfiles/netfilter/Dockerfile index 8a561f06..4f65f8e0 100644 --- a/data/Dockerfiles/netfilter/Dockerfile +++ b/data/Dockerfiles/netfilter/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer "The Infrastructure Company GmbH " WORKDIR /app diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py index c3ca379c..c5667dc5 100644 --- a/data/Dockerfiles/netfilter/main.py +++ b/data/Dockerfiles/netfilter/main.py @@ -80,16 +80,16 @@ def refreshF2bregex(): global exit_code if not r.get('F2B_REGEX'): f2bregex = {} - f2bregex[1] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)' - f2bregex[2] = 'Rspamd UI: Invalid password by ([0-9a-f\.:]+)' - f2bregex[3] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+' - f2bregex[4] = 'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+' - f2bregex[5] = 'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+' - f2bregex[6] = '-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),' - f2bregex[7] = '-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' - f2bregex[8] = '-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' - f2bregex[9] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked' - f2bregex[10] = '([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+' + f2bregex[1] = r'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)' + f2bregex[2] = r'Rspamd UI: Invalid password by ([0-9a-f\.:]+)' + f2bregex[3] = r'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+' + f2bregex[4] = r'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+' + f2bregex[5] = r'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+' + f2bregex[6] = r'-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),' + f2bregex[7] = r'-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' + f2bregex[8] = r'-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+' + f2bregex[9] = r'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked' + f2bregex[10] = r'([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+' r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False)) else: try: diff --git a/data/Dockerfiles/olefy/Dockerfile b/data/Dockerfiles/olefy/Dockerfile index bd6e0af3..e71ea9ff 100644 --- a/data/Dockerfiles/olefy/Dockerfile +++ b/data/Dockerfiles/olefy/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 LABEL maintainer "The Infrastructure Company GmbH " ARG PIP_BREAK_SYSTEM_PACKAGES=1 diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile index 22036b9b..ef600fef 100644 --- a/data/Dockerfiles/phpfpm/Dockerfile +++ b/data/Dockerfiles/phpfpm/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.2-fpm-alpine3.18 +FROM php:8.2-fpm-alpine3.20 LABEL maintainer "The Infrastructure Company GmbH " # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?.*)$ diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile index e7204481..0ad5a05f 100644 --- a/data/Dockerfiles/unbound/Dockerfile +++ b/data/Dockerfiles/unbound/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 +FROM alpine:3.20 LABEL maintainer "The Infrastructure Company GmbH " diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile index 73acde68..a844d73b 100644 --- a/data/Dockerfiles/watchdog/Dockerfile +++ b/data/Dockerfiles/watchdog/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 +FROM alpine:3.20 LABEL maintainer "The Infrastructure Company GmbH " # Installation diff --git a/docker-compose.yml b/docker-compose.yml index 3efd6a42..8b6a676b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2.1' services: unbound-mailcow: - image: mailcow/unbound:1.21 + image: mailcow/unbound:1.22 environment: - TZ=${TZ} - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n} @@ -62,7 +62,7 @@ services: - redis clamd-mailcow: - image: mailcow/clamd:1.65 + image: mailcow/clamd:1.66 restart: always depends_on: unbound-mailcow: @@ -111,7 +111,7 @@ services: - rspamd php-fpm-mailcow: - image: mailcow/phpfpm:1.87 + image: mailcow/phpfpm:1.88 command: "php-fpm -d date.timezone=${TZ} -d expose_php=0" depends_on: - redis-mailcow @@ -222,7 +222,7 @@ services: - sogo dovecot-mailcow: - image: mailcow/dovecot:1.28.2 + image: mailcow/dovecot:1.29 depends_on: - mysql-mailcow - netfilter-mailcow @@ -405,7 +405,7 @@ services: condition: service_started unbound-mailcow: condition: service_healthy - image: mailcow/acme:1.87 + image: mailcow/acme:1.88 dns: - ${IPV4_NETWORK:-172.22.1}.254 environment: @@ -441,7 +441,7 @@ services: - acme netfilter-mailcow: - image: mailcow/netfilter:1.58 + image: mailcow/netfilter:1.59 stop_grace_period: 30s restart: always privileged: true @@ -460,7 +460,7 @@ services: - /lib/modules:/lib/modules:ro watchdog-mailcow: - image: mailcow/watchdog:2.02 + image: mailcow/watchdog:2.03 dns: - ${IPV4_NETWORK:-172.22.1}.254 tmpfs: @@ -532,7 +532,7 @@ services: - watchdog dockerapi-mailcow: - image: mailcow/dockerapi:2.07 + image: mailcow/dockerapi:2.08 security_opt: - label=disable restart: always @@ -572,7 +572,7 @@ services: ################################ olefy-mailcow: - image: mailcow/olefy:1.12 + image: mailcow/olefy:1.13 restart: always environment: - TZ=${TZ}