view docker/base/Dockerfile @ 43:4c5bd7ddaaca

xep: updated XEP-0356 (privileged entity): Several updates according to feedbacks + review: - added links to PEP and namespace delegation XEPs - removed MUST for default values in configuration - <forwarded/> element is now a child of a <privilege/> element - <perm/> "namespace" attribute has been renamed to "access" - "headline" type restriction for "message" privilege has been removed - "message" permission violation now result in a "forbidden" message error - for "presence" permission, only <presence/> stanza with no type or with a "unavailable" type are sent to privileged entity - added specifitation for "presence" if a managed entity is unavailable and if a privileged entity is available after first <presence/> stanzas have been received - added Business Rules section - Updated namespace to reflect incompatible changes
author Goffi <goffi@goffi.org>
date Mon, 23 Mar 2015 18:41:01 +0100
parents 0e78c8a4626e
children 686a8c982c3f
line wrap: on
line source

###############################################################
#                                                             #
#                      Salut à Toi/base                       #
#     This Dockerfile build a « Salut à Toi » base image      #
# Salut à Toi is a multi-frontends multi-purposes XMPP client #
#                                                             #
###############################################################

FROM debian:jessie

MAINTAINER Goffi <goffi@goffi.org>

########
# BASE #
########

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install -y --no-install-recommends locales dbus-x11 python python-gobject-2 python-dbus python-lxml python-mutagen python-pil python-crypto python-feed python-potr python-twisted-core python-twisted-mail python-twisted-web python-twisted-words python-wokkel python-xdg python-xe python-zope.interface python-gi python-urwid python-markdown python-html2text mercurial
RUN apt-get clean

# we need UTF-8 locale
RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen
RUN locale-gen
ENV LC_ALL en_US.UTF-8

# it's better to have a dedicated user
RUN useradd -m sat

# will be used to put many SàT specific data
RUN mkdir -p /usr/share/sat

################
# URWID SÀTEXT #
################

WORKDIR /tmp

RUN hg clone http://repos.goffi.org/urwid-satext

WORKDIR urwid-satext

RUN python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages

WORKDIR /tmp

RUN rm -rf urwid-satext

#####################
# CORE INSTALLATION #
#####################

WORKDIR /tmp

RUN hg clone http://repos.goffi.org/sat

WORKDIR sat

RUN SAT_INSTALL=nox python setup.py install --prefix /usr --install-lib /usr/lib/python2.7/dist-packages

WORKDIR /tmp

RUN rm -rf sat

######################
# SàT CONFIGURATION  #
######################

# Following scripts make the configuration as automatic and easy as possible

# we auto-create libervia account if it doesn't exists in Libervia container
# so we remove it from reserved_list in plugin account
RUN echo '[plugin account]\nreserved_list=' >> /etc/sat.conf

# This script set account domain in sat.conf is not already set
# if not set, domain is gotted from prosody container or DOMAIN environment variable
RUN echo '#!/usr/bin/env python2\n\
import os, xmlrpclib, ConfigParser, socket, subprocess\n\
from sat.core.constants import Const as C\n\
from sat.tools import config as sat_config\n\
SECTION = "plugin account"\n\
OPTION = "new_account_domain"\n\
CONFIG_PATH = "/home/sat/sat.conf"\n\
config = ConfigParser.SafeConfigParser()\n\
config.read(C.CONFIG_FILES)\n\
domain = sat_config.getConfig(config, SECTION, OPTION)\n\
if domain is None:\n\
    os.getenv("DOMAIN")\n\
    if domain is None:\n\
        proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\
        try:\n\
            if "prosody" not in open("/etc/hosts").read():\n\
                raise socket.gaierror # this avoid waiting for timeout if prosody is not linked\n\
            domain = proxy.getenv("DOMAIN")\n\
        except socket.gaierror:\n\
            print "No prosody container connected or known domain, using \"localhost\" for new domains"\n\
            domain = "localhost"\n\
    config = ConfigParser.SafeConfigParser()\n\
    config.readfp(open(CONFIG_PATH, "a+"))\n\
    try:\n\
        config.add_section(SECTION)\n\
    except ConfigParser.DuplicateSectionError:\n\
        pass\n\
    config.set(SECTION, OPTION, domain)\n\
    config.write(open(CONFIG_PATH, "w"))\n\
subprocess.call(["add_host", domain, "prosody"])\n\
' > /usr/local/bin/set_account_domain && chmod 0555 /usr/local/bin/set_account_domain

# account domain is set, then sat is launcher with D-Bus activated
RUN echo '#!/bin/sh\n\
chmod a+w /etc/hosts\n\
su -c "set_account_domain && dbus-launch /usr/bin/sat $@" sat\n\
'> /usr/local/bin/sat && chmod 0500 /usr/local/bin/sat

# this script add aliases to /etc/hosts
RUN echo '#!/usr/bin/env python2\n\
import sys, re\n\
if len(sys.argv) < 2 or len(sys.argv) > 3:\n\
    sys.exit(1)\n\
host = sys.argv[1]\n\
alias = sys.argv[2] if len(sys.argv) == 3 else "localhost"\n\
if host == "localhost" or host == alias:\n\
    sys.exit(0)\n\
print "Adding host {} as an alias of {}".format(host, alias)\n\
with open("/etc/hosts", "r+") as f:\n\
    buf = re.sub(r"\\b{}\\b".format(alias), "{}\\t{}".format(alias, host), f.read(), 1)\n\
    f.seek(0)\n\
    f.write(buf)\
' > /usr/local/bin/add_host && chmod 0555 /usr/local/bin/add_host

# This script simulate prosodyctl adduser/passwd/deluser and call it on the prosody container
RUN echo '#!/usr/bin/env python2\n\
import sys, xmlrpclib\n\
proxy = xmlrpclib.ServerProxy("http://prosody:9999/")\n\
def pwd():\n\
    pwd1=raw_input(); pwd2=raw_input(); assert pwd1==pwd2\n\
    return pwd1\n\
password = pwd() if sys.argv[1] in ["adduser", "passwd"] else ""\n\
sys.exit(proxy.prosodyctl(sys.argv[1], sys.argv[2], password))\n\
' > /usr/local/bin/prosodyctl

#########
# D-Bus #
#########

# we need a TCP socket
RUN sed -i "s&<listen>unix:tmpdir=/tmp</listen>&\0\n  <listen>tcp:host=localhost,bind=*,port=55555,family=ipv4</listen>\n  <auth>ANONYMOUS</auth>\n  <allow_anonymous/>&" /etc/dbus-1/session.conf

# this script will launch the command with good D-BUS parameters
# it needs to be copied and made executable by frontends
RUN echo "#!/bin/sh\nexport DBUS_SESSION_BUS_ADDRESS=tcp:host=sat,port=55555,family=ipv4\nexec /usr/bin/\$(basename \$0) \$@" > /usr/local/bin/dbus_wrap

##########
# LAUNCH #
##########

WORKDIR /home/sat

ENTRYPOINT ["/bin/bash"]