[bitnami/dokuwiki] Release 20220731.1.0-debian-11-r9 (#9808)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/dokuwiki/20220731/debian-11/Dockerfile

@@ -4,7 +4,7 @@ ARG TARGETARCH
 
 LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
       org.opencontainers.image.description="Application packaged by Bitnami" \
-      org.opencontainers.image.ref.name="20220731.1.0-debian-11-r8" \
+      org.opencontainers.image.ref.name="20220731.1.0-debian-11-r9" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/dokuwiki" \
       org.opencontainers.image.title="dokuwiki" \
       org.opencontainers.image.vendor="VMware, Inc." \
@@ -18,7 +18,7 @@ ENV HOME="/" \
 COPY prebuildfs /
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # Install required system packages and dependencies
-RUN install_packages acl ca-certificates curl libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi7 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhogweed6 libicu67 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.4-2 libldap-common liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmcrypt4 libmd0 libmemcached11 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl1.1 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp6 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 procps zlib1g
+RUN install_packages acl ca-certificates curl ldap-utils libbrotli1 libbsd0 libbz2-1.0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi7 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhogweed6 libicu67 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.4-2 libldap-common liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmcrypt4 libmd0 libmemcached11 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam-ldapd libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl1.1 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp6 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 nslcd procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
     COMPONENTS=( \
       "php-7.4.32-1-linux-${OS_ARCH}-debian-11" \
@@ -35,7 +35,7 @@ RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
       fi && \
       sha256sum -c "${COMPONENT}.tar.gz.sha256" && \
       tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
-      rm -rf "${COMPONENT}.tar.gz{,sha256}" ; \
+      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
     done
 RUN apt-get update && apt-get upgrade -y && \
     apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

bitnami/dokuwiki/20220731/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh

@@ -519,7 +519,7 @@ get_machine_id() {
 get_disk_device_id() {
     local device_id=""
     if grep -q ^/dev /proc/mounts; then
-        device_id="$(grep -q ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
+        device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
     fi
     # If it could not be autodetected, fallback to /dev/sda1 as a default
     if [[ -z "$device_id" || ! -b "$device_id" ]]; then
@@ -538,7 +538,7 @@ get_disk_device_id() {
 #   Root disk ID
 #########################
 get_root_disk_device_id() {
-    get_disk_device_id | sed 's/[0-9]\+$//'
+    get_disk_device_id | sed -E 's/p?[0-9]+$//'
 }
 
 ########################

bitnami/dokuwiki/20220731/debian-11/rootfs/opt/bitnami/scripts/libldapclient.sh

@@ -0,0 +1,220 @@
+#!/bin/bash
+#
+# Bitnami LDAP library
+
+# shellcheck disable=SC1090,SC1091
+
+# Load libraries
+. /opt/bitnami/scripts/libfs.sh
+. /opt/bitnami/scripts/liblog.sh
+. /opt/bitnami/scripts/libos.sh
+
+########################
+# Loads global variables used on LDAP configuration.
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   Series of exports to be used as 'eval' arguments
+#########################
+ldap_env() {
+    cat <<"EOF"
+export LDAP_NSLCD_USER="nslcd"
+export LDAP_URI="${LDAP_URI:-}"
+export LDAP_BASE="${LDAP_BASE:-}"
+export LDAP_BIND_DN="${LDAP_BIND_DN:-}"
+export LDAP_BIND_PASSWORD="${LDAP_BIND_PASSWORD:-}"
+export LDAP_BASE_LOOKUP="${LDAP_BASE_LOOKUP:-}"
+export LDAP_NSS_INITGROUPS_IGNOREUSERS="${LDAP_NSS_INITGROUPS_IGNOREUSERS:-root,nslcd}"
+export LDAP_SCOPE="${LDAP_SCOPE:-}"
+export LDAP_TLS_REQCERT="${LDAP_TLS_REQCERT:-}"
+export LDAP_SEARCH_FILTER="${LDAP_SEARCH_FILTER:-}"
+export LDAP_SEARCH_MAP="${LDAP_SEARCH_MAP:-}"
+
+EOF
+    if [[ "$OS_FLAVOUR" =~ ^debian-.*$ ]]; then
+        cat <<"EOF"
+export LDAP_NSLCD_GROUP="nslcd"
+EOF
+    elif [[ "$OS_FLAVOUR" =~ ^(centos|photon)-.*$ ]]; then
+        cat <<"EOF"
+export LDAP_NSLCD_GROUP="ldap"
+EOF
+    fi
+}
+
+########################
+# Return LDAP config file path depending on distro
+# Globals:
+#   OS_FLAVOUR
+# Arguments:
+#   None
+# Returns:
+#   (String) LDAP config file path
+#########################
+ldap_openldap_config_path() {
+    local openldap_config
+    case "$OS_FLAVOUR" in
+    debian-* | ubuntu-*) openldap_config=/etc/ldap/ldap.conf ;;
+    centos-* | photon-* | redhatubi-*) openldap_config=/etc/openldap/ldap.conf ;;
+    *) error "Unsupported OS flavor ${OS_FLAVOUR}" && exit 1 ;;
+    esac
+    echo "$openldap_config"
+}
+
+########################
+# Configure LDAP permissions (to be used at postunpack leve).
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_configure_permissions() {
+    ensure_dir_exists "/var/run/nslcd" && configure_permissions_ownership "/var/run/nslcd" -u "root" -g "root" -d "775"
+    # The nslcd.conf file may not exist in distros like UBI, so we need to create it first
+    touch "/etc/nslcd.conf"
+    configure_permissions_ownership "/etc/nslcd.conf" -u "root" -g "root" -f "660"
+    configure_permissions_ownership "$(ldap_openldap_config_path)" -u "root" -g "root" -f "660"
+}
+
+########################
+# Create nslcd.conf file
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_create_nslcd_config() {
+    if am_i_root; then
+        chown "root:${LDAP_NSLCD_GROUP}" "/etc/nslcd.conf"
+        chown -R "${LDAP_NSLCD_USER}:${LDAP_NSLCD_GROUP}" "/var/run/nslcd"
+        cat >"/etc/nslcd.conf" <<EOF
+# The user and group nslcd should run as
+uid $LDAP_NSLCD_USER
+gid $LDAP_NSLCD_GROUP
+EOF
+    else
+        cat >"/etc/nslcd.conf" <<EOF
+# Comment out uid,gid to avoid attempting change user/group to run as
+# uid
+# gid
+EOF
+    fi
+    cat >>"/etc/nslcd.conf" <<EOF
+nss_initgroups_ignoreusers $LDAP_NSS_INITGROUPS_IGNOREUSERS
+
+# The location at which the LDAP server(s) should be reachable.
+uri $LDAP_URI
+# The search base that will be used for all queries
+base $LDAP_BASE
+# The DN to bind with for normal lookups
+binddn $LDAP_BIND_DN
+bindpw $LDAP_BIND_PASSWORD
+EOF
+    if [[ -n "${LDAP_BASE_LOOKUP}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+base passwd $LDAP_BASE_LOOKUP
+EOF
+    fi
+    if [[ -n "${LDAP_SCOPE}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+# The search scope
+scope $LDAP_SCOPE
+EOF
+    fi
+    if [[ -n "${LDAP_SEARCH_FILTER}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+# LDAP search filter to use for posix users
+filter passwd (objectClass=$LDAP_SEARCH_FILTER)
+EOF
+    fi
+    if [[ -n "${LDAP_SEARCH_MAP}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+# Used for lookup of custom attributes
+map passwd uid $LDAP_SEARCH_MAP
+EOF
+    fi
+    if [[ -n "${LDAP_TLS_REQCERT}" ]]; then
+        cat >>"/etc/nslcd.conf" <<EOF
+# TLS options
+tls_reqcert $LDAP_TLS_REQCERT
+EOF
+    fi
+    if am_i_root; then
+        chmod "600" "/etc/nslcd.conf"
+    fi
+}
+
+########################
+# Create ldap.conf file
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_create_openldap_config() {
+    cat >>"$(ldap_openldap_config_path)" <<EOF
+BASE $LDAP_BASE
+URI $LDAP_URI
+
+TLS_CACERTDIR   /etc/openldap/certs
+
+# Turning this off breaks GSSAPI used with krb5 when rdns = false
+SASL_NOCANON    on
+EOF
+}
+
+########################
+# Create PAM configuration file
+# Globals:
+#   LDAP_*
+# Arguments:
+#   filename - PAM configuration file name
+# Returns:
+#   None
+#########################
+ldap_create_pam_config() {
+    local filename="${1:?ip is missing}"
+    cat >"/etc/pam.d/${filename}" <<EOF
+auth     required  pam_ldap.so  try_first_pass debug
+account  required  pam_ldap.so  debug
+EOF
+}
+
+########################
+# Initialize LDAP services
+# Globals:
+#   LDAP_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_initialize() {
+    if [[ -n "${LDAP_URI}" && "${LDAP_BASE}" && "${LDAP_BIND_DN}" && "${LDAP_BIND_PASSWORD}" ]]; then
+        info "Configuring LDAP connection"
+        ldap_create_nslcd_config
+        ldap_create_openldap_config
+    else
+        info "Missing LDAP settings. Skipping LDAP initialization"
+    fi
+}
+
+########################
+# Start nslcd in background
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+ldap_start_nslcd_bg() {
+    info "Starting nslcd in background"
+    nslcd
+}