Mercurial > sat_docs
view docker/base/Dockerfile @ 43:4c5bd7ddaaca
xep: updated XEP-0356 (privileged entity):
Several updates according to feedbacks + review:
- added links to PEP and namespace delegation XEPs
- removed MUST for default values in configuration
- <forwarded/> element is now a child of a <privilege/> element
- <perm/> "namespace" attribute has been renamed to "access"
- "headline" type restriction for "message" privilege has been removed
- "message" permission violation now result in a "forbidden" message error
- for "presence" permission, only <presence/> stanza with no type or with a "unavailable" type are sent to privileged entity
- added specifitation for "presence" if a managed entity is unavailable and if a privileged entity is available after first <presence/> stanzas have been received
- added Business Rules section
- Updated namespace to reflect incompatible changes
author | Goffi <goffi@goffi.org> |
---|---|
date | Mon, 23 Mar 2015 18:41:01 +0100 |
parents | 0e78c8a4626e |
children | 686a8c982c3f |
line wrap: on
line source
############################################################### # # # Salut à Toi/base # # This Dockerfile build a « Salut à Toi » base image # # Salut à Toi is a multi-frontends multi-purposes XMPP client # # # ############################################################### FROM debian:jessie MAINTAINER Goffi <goffi@goffi.org> ######## # BASE # ######## ENV DEBIAN_FRONTEND noninteractive RUN apt-get update RUN apt-get upgrade -y RUN apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial RUN apt-get clean # we need UTF-8 locale RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen RUN locale-gen ENV LC_ALL en_US.UTF-8 # it's better to have a dedicated user RUN useradd -m sat # will be used to put many SàT specific data RUN mkdir -p /usr/share/sat ################ # URWID SÀTEXT # ################ WORKDIR /tmp RUN hg clone http://repos.goffi.org/urwid-satext WORKDIR urwid-satext RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages WORKDIR /tmp RUN rm -rf urwid-satext ##################### # CORE INSTALLATION # ##################### WORKDIR /tmp RUN hg clone http://repos.goffi.org/sat WORKDIR sat RUN SAT_INSTALL=nox python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages WORKDIR /tmp RUN rm -rf sat ###################### # SàT CONFIGURATION # ###################### # Following scripts make the configuration as automatic and easy as possible # we auto-create libervia account if it doesn't exists in Libervia container # so we remove it from reserved_list in plugin account RUN echo '[plugin account]\nreserved_list=' >> /etc/sat.conf # This script set account domain in sat.conf is not already set # if not set, domain is gotted from prosody container or DOMAIN environment variable RUN echo '#!/usr/bin/env python2\n\ import os, xmlrpclib, ConfigParser, socket, subprocess\n\ from sat.core.constants import Const as C\n\ from sat.tools import config as sat_config\n\ SECTION = "plugin account"\n\ OPTION = "new_account_domain"\n\ CONFIG_PATH = "/home/sat/sat.conf"\n\ config = ConfigParser.SafeConfigParser()\n\ config.read(C.CONFIG_FILES)\n\ domain = sat_config.getConfig(config, SECTION, OPTION)\n\ if domain is None:\n\ os.getenv("DOMAIN")\n\ if domain is None:\n\ proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\ try:\n\ if "prosody" not in open("/etc/hosts").read():\n\ raise socket.gaierror # this avoid waiting for timeout if prosody is not linked\n\ domain = proxy.getenv("DOMAIN")\n\ except socket.gaierror:\n\ print "No prosody container connected or known domain, using \"localhost\" for new domains"\n\ domain = "localhost"\n\ config = ConfigParser.SafeConfigParser()\n\ config.readfp(open(CONFIG_PATH, "a+"))\n\ try:\n\ config.add_section(SECTION)\n\ except ConfigParser.DuplicateSectionError:\n\ pass\n\ config.set(SECTION, OPTION, domain)\n\ config.write(open(CONFIG_PATH, "w"))\n\ subprocess.call(["add_host", domain, "prosody"])\n\ ' > /usr/local/bin/set_account_domain && chmod 0555 /usr/local/bin/set_account_domain # account domain is set, then sat is launcher with D-Bus activated RUN echo '#!/bin/sh\n\ chmod a+w /etc/hosts\n\ su -c "set_account_domain && dbus-launch /usr/bin/sat $@" sat\n\ '> /usr/local/bin/sat && chmod 0500 /usr/local/bin/sat # this script add aliases to /etc/hosts RUN echo '#!/usr/bin/env python2\n\ import sys, re\n\ if len(sys.argv) < 2 or len(sys.argv) > 3:\n\ sys.exit(1)\n\ host = sys.argv[1]\n\ alias = sys.argv[2] if len(sys.argv) == 3 else "localhost"\n\ if host == "localhost" or host == alias:\n\ sys.exit(0)\n\ print "Adding host {} as an alias of {}".format(host, alias)\n\ with open("/etc/hosts", "r+") as f:\n\ buf = re.sub(r"\\b{}\\b".format(alias), "{}\\t{}".format(alias, host), f.read(), 1)\n\ f.seek(0)\n\ f.write(buf)\ ' > /usr/local/bin/add_host && chmod 0555 /usr/local/bin/add_host # This script simulate prosodyctl adduser/passwd/deluser and call it on the prosody container RUN echo '#!/usr/bin/env python2\n\ import sys, xmlrpclib\n\ proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\ def pwd():\n\ pwd1=raw_input(); pwd2=raw_input(); assert pwd1==pwd2\n\ return pwd1\n\ password = pwd() if sys.argv[1] in ["adduser", "passwd"] else ""\n\ sys.exit(proxy.prosodyctl(sys.argv[1], sys.argv[2], password))\n\ ' > /usr/local/bin/prosodyctl ######### # D-Bus # ######### # we need a TCP socket RUN sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n <auth>ANONYMOUS</auth>\n <allow_anonymous/>&" /etc/dbus-1/session.conf # this script will launch the command with good D-BUS parameters # it needs to be copied and made executable by frontends RUN echo "#!/bin/sh\nexport DBUS_SESSION_BUS_ADDRESS=tcp:host=sat,port=55555,family=ipv4\nexec /usr/bin/\$(basename \$0) \$@" > /usr/local/bin/dbus_wrap ########## # LAUNCH # ########## WORKDIR /home/sat ENTRYPOINT ["/bin/bash"]