From 3dc653fb9336cb046d86b70672629dc23754076b Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 09:59:27 +0100 Subject: [PATCH 01/12] Fixes outdated build references --- build-contracts/docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build-contracts/docker-compose.yml b/build-contracts/docker-compose.yml index 6db2d25..b823465 100644 --- a/build-contracts/docker-compose.yml +++ b/build-contracts/docker-compose.yml @@ -59,13 +59,13 @@ services: links: - rweb-httpd:svn - debian-svnclient: - build: ../debian-svnclient - image: solsson/debian-svnclient + svnclient: + build: ../svnclient + image: solsson/svnclient svntest: depends_on: - - debian-svnclient + - svnclient build: ./svntest labels: com.yolean.build-contract: "*" From 438a412345b76c214fb4638b753e8dc12c34e01b Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 10:00:10 +0100 Subject: [PATCH 02/12] Demonstrates that svn in httpd gets: Unrecognized URL scheme for 'https --- build-contracts/docker-compose.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/build-contracts/docker-compose.yml b/build-contracts/docker-compose.yml index b823465..1e1ee57 100644 --- a/build-contracts/docker-compose.yml +++ b/build-contracts/docker-compose.yml @@ -72,3 +72,10 @@ services: links: - svn - svn_adminrest + + httpd-svn-client: + build: ../httpd + labels: + - com.yolean.build-contract + entrypoint: svn + command: [info, "https://github.com/Reposoft/docker-svn"] From 6b59173ed0db867932ee06bae5290b2fa99eb3da Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 10:32:27 +0100 Subject: [PATCH 03/12] Fixes svn client http/https support, though no server certs are trusted (same issue with curl) --- build-contracts/docker-compose.yml | 9 ++++++++- httpd/Dockerfile | 3 +++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/build-contracts/docker-compose.yml b/build-contracts/docker-compose.yml index 1e1ee57..c6904bb 100644 --- a/build-contracts/docker-compose.yml +++ b/build-contracts/docker-compose.yml @@ -73,9 +73,16 @@ services: - svn - svn_adminrest + httpd-svn-curl: + build: ../httpd + labels: + - com.yolean.build-contract + entrypoint: curl + command: [-I, "https://svn.apache.org/repos/asf/subversion/trunk/"] + httpd-svn-client: build: ../httpd labels: - com.yolean.build-contract entrypoint: svn - command: [info, "https://github.com/Reposoft/docker-svn"] + command: [info, "https://svn.apache.org/repos/asf/subversion/trunk/"] diff --git a/httpd/Dockerfile b/httpd/Dockerfile index 5d2ef14..5afa270 100644 --- a/httpd/Dockerfile +++ b/httpd/Dockerfile @@ -11,6 +11,7 @@ ENV DEBIAN_FRONTEND noninteractive RUN depsRuntime=" \ libsqlite3-0 \ curl \ + libserf-1-1 \ " \ && depsBuild=" \ ca-certificates \ @@ -21,6 +22,8 @@ RUN depsRuntime=" \ make \ libsqlite3-dev \ libz-dev \ + libneon27-dev \ + libserf-dev \ " \ set -x \ && apt-get update \ From 4de0caf10c4e55fc17c92178b0058eba97943bd0 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 10:33:25 +0100 Subject: [PATCH 04/12] Installs the most recent ca-certificates (into /etc/ssl/certs) but curl and svn still fails --- httpd/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/httpd/Dockerfile b/httpd/Dockerfile index 5afa270..ab6c247 100644 --- a/httpd/Dockerfile +++ b/httpd/Dockerfile @@ -8,8 +8,12 @@ ENV SVN_BZ2_SHA1 0999f5e16b146f824b952a5552826b9cb5c47b13 ENV DEBIAN_FRONTEND noninteractive +# we have the stretch package repo from upstream, so let's use https://packages.debian.org/stretch/ca-certificates +ENV CA_CERTIFICATES_VERSION 20161130 + RUN depsRuntime=" \ libsqlite3-0 \ + ca-certificates=$CA_CERTIFICATES_VERSION \ curl \ libserf-1-1 \ " \ From 1aa3ed44b814f7c9bbea129280a6035e94260a01 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 10:35:04 +0100 Subject: [PATCH 05/12] Trust any cert during tests --- build-contracts/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-contracts/docker-compose.yml b/build-contracts/docker-compose.yml index c6904bb..198c6ed 100644 --- a/build-contracts/docker-compose.yml +++ b/build-contracts/docker-compose.yml @@ -73,16 +73,16 @@ services: - svn - svn_adminrest - httpd-svn-curl: + httpd-curl: build: ../httpd labels: - com.yolean.build-contract entrypoint: curl - command: [-I, "https://svn.apache.org/repos/asf/subversion/trunk/"] + command: [-I, "https://svn.apache.org/repos/asf/subversion/trunk/", "-k"] httpd-svn-client: build: ../httpd labels: - com.yolean.build-contract entrypoint: svn - command: [info, "https://svn.apache.org/repos/asf/subversion/trunk/"] + command: [info, "https://svn.apache.org/repos/asf/subversion/trunk/", "--trust-server-cert"] From c13dd55c77df869856eea92143857d2ba4772860 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 10:35:37 +0100 Subject: [PATCH 06/12] Removes ca-certificates runtime deps as it doesn't help neither curl nor svn possibly because of custom openssl version This reverts commit 4de0caf10c4e55fc17c92178b0058eba97943bd0. --- httpd/Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/httpd/Dockerfile b/httpd/Dockerfile index ab6c247..5afa270 100644 --- a/httpd/Dockerfile +++ b/httpd/Dockerfile @@ -8,12 +8,8 @@ ENV SVN_BZ2_SHA1 0999f5e16b146f824b952a5552826b9cb5c47b13 ENV DEBIAN_FRONTEND noninteractive -# we have the stretch package repo from upstream, so let's use https://packages.debian.org/stretch/ca-certificates -ENV CA_CERTIFICATES_VERSION 20161130 - RUN depsRuntime=" \ libsqlite3-0 \ - ca-certificates=$CA_CERTIFICATES_VERSION \ curl \ libserf-1-1 \ " \ From 681bc328c4319779ec761191df2943f3add64566 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 12:36:06 +0100 Subject: [PATCH 07/12] Fixes a test failure caused by AUTHZ option inconsistency --- httpd/conf/httpd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/httpd/conf/httpd.conf b/httpd/conf/httpd.conf index 62a7072..4a24172 100644 --- a/httpd/conf/httpd.conf +++ b/httpd/conf/httpd.conf @@ -6,7 +6,7 @@ Include conf/svn/load.conf Include conf/svn/load-authz.conf - + Include conf/svn/load-authz.conf From 30fd0743228b779535a33ce2c3dd4de2c6c4c5a7 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 14:52:50 +0100 Subject: [PATCH 08/12] Svntest gets statsu 400 Bad Request on /svn/, but the same request from external curl doesn't --- build-contracts/svntest/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-contracts/svntest/Dockerfile b/build-contracts/svntest/Dockerfile index 8603efd..1bbbe26 100644 --- a/build-contracts/svntest/Dockerfile +++ b/build-contracts/svntest/Dockerfile @@ -1,5 +1,5 @@ -FROM solsson/debian-svnclient +FROM solsson/svnclient COPY . /test/ From 98ea8936abb63fdcf4e2aeec10a3e8ac33d3ee80 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 15:07:22 +0100 Subject: [PATCH 09/12] Switches from libz-dev to zlib1g-dev because the httpd image build uses the latter --- httpd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/httpd/Dockerfile b/httpd/Dockerfile index 5afa270..c6940f2 100644 --- a/httpd/Dockerfile +++ b/httpd/Dockerfile @@ -21,7 +21,7 @@ RUN depsRuntime=" \ libssl-dev=$OPENSSL_VERSION \ make \ libsqlite3-dev \ - libz-dev \ + zlib1g-dev \ libneon27-dev \ libserf-dev \ " \ From ede79921bd467e6e21be447db0dd117284f7609a Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 15:13:16 +0100 Subject: [PATCH 10/12] LogLevel debug revealed that status 400 was caused by: Client sent malformed Host header: svn_adminrest --- build-contracts/docker-compose.yml | 6 +++--- build-contracts/svntest/repocreate.sh | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build-contracts/docker-compose.yml b/build-contracts/docker-compose.yml index 198c6ed..fd9b338 100644 --- a/build-contracts/docker-compose.yml +++ b/build-contracts/docker-compose.yml @@ -7,14 +7,14 @@ services: expose: - "80" - svn_adminrest: + svn-adminrest: build: ../httpd environment: ADMIN_REST_ACCESS: "true" expose: - "80" - svn_authz: + svn-authz: build: ../httpd environment: ADMIN_REST_ACCESS: "true" @@ -71,7 +71,7 @@ services: com.yolean.build-contract: "*" links: - svn - - svn_adminrest + - svn-adminrest httpd-curl: build: ../httpd diff --git a/build-contracts/svntest/repocreate.sh b/build-contracts/svntest/repocreate.sh index ab18f5e..eb88840 100755 --- a/build-contracts/svntest/repocreate.sh +++ b/build-contracts/svntest/repocreate.sh @@ -4,11 +4,11 @@ set -e [[ -z "$RETRY" ]] && RETRY="--retry 3 --retry-delay 5" -curl $RETRY -f http://svn_adminrest/svn/ -I || exit 1 +curl $RETRY -f http://svn-adminrest/svn/ -I || exit 1 -curl $RETRY -f http://svn_adminrest/admin/repocreate -d reponame=test1 || exit 1 +curl $RETRY -f http://svn-adminrest/admin/repocreate -d reponame=test1 || exit 1 -curl $RETRY -f http://svn_adminrest/svn/test1/ -I || exit 1 +curl $RETRY -f http://svn-adminrest/svn/test1/ -I || exit 1 #noaccess=$(curl $RETRY -f http://svn_noadminrest/admin/repocreate -I) #echo $noaccess From 2916a95e8b41f298e7aaaa7085e7221c735613e4 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 15:17:26 +0100 Subject: [PATCH 11/12] If you install ca-certificates in a running container you get server cert validation This reverts commit c13dd55c77df869856eea92143857d2ba4772860. --- httpd/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/httpd/Dockerfile b/httpd/Dockerfile index c6940f2..05dba3e 100644 --- a/httpd/Dockerfile +++ b/httpd/Dockerfile @@ -8,8 +8,12 @@ ENV SVN_BZ2_SHA1 0999f5e16b146f824b952a5552826b9cb5c47b13 ENV DEBIAN_FRONTEND noninteractive +# we have the stretch package repo from upstream, so let's use https://packages.debian.org/stretch/ca-certificates +ENV CA_CERTIFICATES_VERSION 20161130 + RUN depsRuntime=" \ libsqlite3-0 \ + ca-certificates=$CA_CERTIFICATES_VERSION \ curl \ libserf-1-1 \ " \ From 6dde902c5a9bbc914787e79e67057270665c1b9a Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 25 Mar 2017 15:36:55 +0100 Subject: [PATCH 12/12] Fixes server cert validation by installing ca-certificates after svn build (dunny why) --- httpd/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/httpd/Dockerfile b/httpd/Dockerfile index 05dba3e..3991dc6 100644 --- a/httpd/Dockerfile +++ b/httpd/Dockerfile @@ -13,7 +13,6 @@ ENV CA_CERTIFICATES_VERSION 20161130 RUN depsRuntime=" \ libsqlite3-0 \ - ca-certificates=$CA_CERTIFICATES_VERSION \ curl \ libserf-1-1 \ " \ @@ -33,7 +32,6 @@ RUN depsRuntime=" \ && apt-get update \ && apt-get install -y --no-install-recommends $depsRuntime \ && apt-get install -y --no-install-recommends $depsBuild \ - && rm -r /var/lib/apt/lists/* \ && curl -SL "$SVN_BZ2_URL" -o subversion-$SVN_VERSION.tar.bz2 \ && echo "$SVN_BZ2_SHA1 subversion-$SVN_VERSION.tar.bz2" | sha1sum -c - \ && mkdir -p src/svn \ @@ -47,6 +45,8 @@ RUN depsRuntime=" \ && cd ../../ \ && rm -r src/svn \ && apt-get purge -y --auto-remove $depsBuild \ + && apt-get install -y ca-certificates=$CA_CERTIFICATES_VERSION \ + && rm -r /var/lib/apt/lists/* \ && echo "Include conf/svn/httpd.conf" >> conf/httpd.conf COPY conf conf/svn