From d6e231e67f39ec081c55e25fb2acbecbd29a429a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Tue, 3 Dec 2024 16:32:44 +0100 Subject: [PATCH] WIP: add stunnel container image https://jira.suse.com/browse/PED-11085 --- src/bci_build/package/__init__.py | 2 ++ src/bci_build/package/appcontainers.py | 34 +++++++++++++++++++++ src/bci_build/package/stunnel/README.md.j2 | 15 +++++++++ src/bci_build/package/stunnel/entrypoint.sh | 18 +++++++++++ 4 files changed, 69 insertions(+) create mode 100644 src/bci_build/package/stunnel/README.md.j2 create mode 100755 src/bci_build/package/stunnel/entrypoint.sh diff --git a/src/bci_build/package/__init__.py b/src/bci_build/package/__init__.py index fdbfd4e7f..6c649209d 100644 --- a/src/bci_build/package/__init__.py +++ b/src/bci_build/package/__init__.py @@ -1444,6 +1444,7 @@ def generate_disk_size_constraints(size_gb: int) -> str: from .appcontainers import PCP_CONTAINERS # noqa: E402 from .appcontainers import PROMETHEUS_CONTAINERS # noqa: E402 from .appcontainers import REGISTRY_CONTAINERS # noqa: E402 +from .appcontainers import STUNNEL_CONTAINERS # noqa: E402 from .appcontainers import THREE_EIGHT_NINE_DS_CONTAINERS # noqa: E402 from .appcontainers import TRIVY_CONTAINERS # noqa: E402 from .base import BASE_CONTAINERS # noqa: E402 @@ -1526,6 +1527,7 @@ def generate_disk_size_constraints(size_gb: int) -> str: *GCC_CONTAINERS, *SPACK_CONTAINERS, *KEA_DHCP_CONTAINERS, + *STUNNEL_CONTAINERS, ) } diff --git a/src/bci_build/package/appcontainers.py b/src/bci_build/package/appcontainers.py index b26046d92..0c902c4c3 100644 --- a/src/bci_build/package/appcontainers.py +++ b/src/bci_build/package/appcontainers.py @@ -20,6 +20,7 @@ from bci_build.package.helpers import generate_package_version_check from bci_build.package.versions import format_version from bci_build.package.versions import get_pkg_version +from bci_build.registry import publish_registry def _envsubst_pkg_name(os_version: OsVersion) -> str: @@ -442,3 +443,36 @@ def _get_nginx_kwargs(os_version: OsVersion): ) for os_version in (OsVersion.TUMBLEWEED,) ] + +STUNNEL_CONTAINERS = [ + ApplicationStackContainer( + name="stunnel", + os_version=os_version, + tag_version=(tag_ver := "5"), + is_latest=os_version in CAN_BE_LATEST_OS_VERSION, + from_target_image=generate_from_image_tag(os_version, "bci-micro"), + version=(stunnel_version_re := "%%stunnel_re%%"), + pretty_name="Stunnel", + package_list=["stunnel"], + replacements_via_service=[ + Replacement(stunnel_version_re, package_name="stunnel") + ], + extra_files={ + "entrypoint.sh": ( + Path(__file__).parent / "stunnel" / "entrypoint.sh" + ).read_bytes() + }, + _publish_registry=publish_registry(os_version, app_collection=True), + build_stage_custom_end=generate_package_version_check( + "stunnel", tag_ver, ParseVersion.MAJOR, use_target=True + ), + custom_end=f"""COPY entrypoint.sh /usr/local/bin/ +{DOCKERFILE_RUN} chmod 0755 /usr/local/bin/entrypoint.sh; \ + chown --recursive stunnel /etc/stunnel +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +CMD ["/usr/sbin/stunnel"] +USER stunnel +""", + ) + for os_version in ALL_NONBASE_OS_VERSIONS +] diff --git a/src/bci_build/package/stunnel/README.md.j2 b/src/bci_build/package/stunnel/README.md.j2 new file mode 100644 index 000000000..0587d4d14 --- /dev/null +++ b/src/bci_build/package/stunnel/README.md.j2 @@ -0,0 +1,15 @@ +# {{ image.pretty_name }} Container Image + +{% include 'badges.j2' %} + + +## Description + +Stunnel is an open-source multi-platform application used to provide a universal +TLS/SSL tunneling service. + + +## How to use this Image + + +{% include 'licensing_and_eula.j2' %} diff --git a/src/bci_build/package/stunnel/entrypoint.sh b/src/bci_build/package/stunnel/entrypoint.sh new file mode 100755 index 000000000..9bb34a330 --- /dev/null +++ b/src/bci_build/package/stunnel/entrypoint.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +STUNNEL_CERT="${STUNNEL_CERT:-/etc/stunnel/stunnel.pem}" +STUNNEL_KEY="${STUNNEL_KEY:-/etc/stunnel/stunnel.key}" + +conf="/etc/stunnel/conf.d/container-ssl.conf" +echo "cert = ${STUNNEL_CERT}" > $conf +echo "key = ${STUNNEL_KEY}" >> $conf + + +if [[ -n "${STUNNEL_SERVICE_NAME}" ]] && [[ -n "${STUNNEL_ACCEPT}" ]] && [[ -n "${STUNNEL_CONNECT}" ]]; then + conf="/etc/stunnel/conf.d/container.conf" + echo "[${STUNNEL_SERVICE_NAME}]" > $conf + echo "accept = ${STUNNEL_ACCEPT}" >> $conf + echo "connect = ${STUNNEL_CONNECT}" >> $conf +fi + +exec "$@"