Jeff Wong [Mon, 6 Jul 2020 23:28:56 +0000 (16:28 -0700)]
Revert "Revert rake call to pull_compatible_all"
This reverts commit
0edf993a55953c9d5ee8856c87825659401c92c3.
Jeff Wong [Mon, 6 Jul 2020 23:23:17 +0000 (16:23 -0700)]
Revert rake call to pull_compatible_all
Jeff Wong [Mon, 6 Jul 2020 23:14:01 +0000 (16:14 -0700)]
FIX: run pull_compatible_all as discourse
Jeff Wong [Mon, 6 Jul 2020 21:48:22 +0000 (11:48 -1000)]
FEATURE: add support for plugin-pinning (#470)
* FEATURE: add support for plugin-pinning
checks out pinned plugin versions, if defined, by way of the rake task
* refactor rake task name
Kane York [Fri, 5 Jun 2020 16:01:40 +0000 (09:01 -0700)]
FIX: Typo in retried image pull
Rafael dos Santos Silva [Wed, 27 May 2020 19:28:43 +0000 (16:28 -0300)]
Handle dangling pg data folders from previous updates
Rafael dos Santos Silva [Tue, 26 May 2020 20:58:01 +0000 (17:58 -0300)]
Simpler instruction in case of pg_upgrade failure
There are many cases (database had bad shutdown, missing locale env)
where the manual export isn't needed, so point the admin to meta so
some easier solutions can be tried first.
Kane York [Tue, 26 May 2020 01:14:12 +0000 (18:14 -0700)]
FIX: Automatically retry image pull once (#468)
Sam Saffron [Mon, 25 May 2020 02:36:39 +0000 (12:36 +1000)]
Bump to optional jemalloc 5.2.1
Rafael dos Santos Silva [Thu, 14 May 2020 16:10:45 +0000 (13:10 -0300)]
Some content on the sshd template so pups don't explodes
Rafael dos Santos Silva [Wed, 13 May 2020 18:41:47 +0000 (15:41 -0300)]
wait a bit more if necessary for container stop
Rafael dos Santos Silva [Wed, 13 May 2020 17:53:55 +0000 (14:53 -0300)]
Remove Vagrant references as they are no longer used
Rafael dos Santos Silva [Wed, 13 May 2020 00:18:55 +0000 (21:18 -0300)]
Remove all pg12 traces so pg_wrapper doesn't get confused
Rafael dos Santos Silva [Tue, 12 May 2020 22:44:11 +0000 (19:44 -0300)]
Teach pg10 template how to install itself for rollbacks
Rafael dos Santos Silva [Tue, 12 May 2020 22:16:00 +0000 (19:16 -0300)]
Fix free disk space calculation take 2
Rafael dos Santos Silva [Tue, 12 May 2020 21:33:43 +0000 (18:33 -0300)]
Fix disk detection units
df was reporting bytes while du was reporting Kilobytes.
Rafael dos Santos Silva [Tue, 12 May 2020 17:46:55 +0000 (14:46 -0300)]
Fix dev image for new pg
Rafael dos Santos Silva [Tue, 12 May 2020 17:41:22 +0000 (14:41 -0300)]
New base image with PostgreSQL 12
Rafael dos Santos Silva [Tue, 12 May 2020 15:25:53 +0000 (12:25 -0300)]
PostgreSQL 12 (#462)
Jay Pfaffman [Mon, 11 May 2020 22:10:24 +0000 (15:10 -0700)]
UI: discourse-setup tweak dns problem message (#460)
Make the "your domain doesn't resolve" message more clear.
Rafael dos Santos Silva [Fri, 8 May 2020 19:06:22 +0000 (16:06 -0300)]
Bump Ruby to 2.6.6
Kane York [Wed, 6 May 2020 18:27:35 +0000 (11:27 -0700)]
FIX: Add a blank sshd.template.yml (#463)
Sam Saffron [Thu, 30 Apr 2020 22:35:23 +0000 (08:35 +1000)]
DEV: remove unused sshd template
No need to carry this template anymore we do not use it.
Michael Brown [Thu, 30 Apr 2020 21:33:02 +0000 (17:33 -0400)]
FIX: sshd template
* sshd template users were unable to rebuild
* the replace command was trying to modify a file from the package before it was installed
Michael Brown [Thu, 30 Apr 2020 03:00:24 +0000 (23:00 -0400)]
Update Discourse base image to 2.0.
20200429-2110
Michael Brown [Wed, 29 Apr 2020 20:24:29 +0000 (16:24 -0400)]
FIX: remove broken symlinks from removed plugins
* if plugins have been removed or renamed, we end up with a dangling symlink in this directory
* this causes the build to fail later during a chown
Michael Brown [Thu, 9 Apr 2020 18:54:01 +0000 (14:54 -0400)]
Revert "Remove nginx-common package"
This reverts commit
30e0c58d1dd851a00bf7decc6182e3948c10a545.
* turns out we do depend on the default nginx.conf and directories provided by the distribution package
* notably /etc/nginx.conf and /etc/nginx/conf.d
Michael Brown [Thu, 9 Apr 2020 17:52:59 +0000 (13:52 -0400)]
Remove nginx-common package
* I don't think we need it at all
Michael Brown [Thu, 9 Apr 2020 17:52:38 +0000 (13:52 -0400)]
Add hash checks to downloaded source files
* we had one in place for redis but nowhere else
Michael Brown [Thu, 9 Apr 2020 17:51:21 +0000 (13:51 -0400)]
Bump ImageMagick and nginx versions
Michael Brown [Thu, 9 Apr 2020 01:47:50 +0000 (21:47 -0400)]
Move openssh-server from the base image to the sshd template
Michael Brown [Thu, 9 Apr 2020 01:47:28 +0000 (21:47 -0400)]
Prevent unused packages from being pulled into the base image
* e.g. X11 libraries, mysql libraries, mailutils, NTLM libraries
Justin DiRose [Wed, 11 Mar 2020 18:55:10 +0000 (13:55 -0500)]
FEATURE: Give option to publish log file publicly (#459)
Mark Vainomaa [Wed, 11 Mar 2020 06:52:51 +0000 (08:52 +0200)]
FEATURE: Don't use fully qualified path for bash in host (#458)
Gerhard Schlager [Mon, 2 Mar 2020 16:08:19 +0000 (17:08 +0100)]
Unfreeze Gemfile in import templates
Co-authored-by: Jay Pfaffman <pfaffman@gmail.com>
Sam Saffron [Thu, 27 Feb 2020 04:53:38 +0000 (15:53 +1100)]
DEV: Bump baseimage
This includes updated dependencies required for the codereview plugin and
additional fixes
Daniel Waterworth [Thu, 20 Feb 2020 17:54:39 +0000 (17:54 +0000)]
Add cmake as a base dependency
Rafael dos Santos Silva [Wed, 19 Feb 2020 19:27:34 +0000 (16:27 -0300)]
Early hostname check (#456)
* Move hostname check to earlier in the process
* Provide instruction on hostname check failure
* Fix instruction in case of hostname failure
Ranjan Purbey [Mon, 20 Jan 2020 20:58:20 +0000 (02:28 +0530)]
Update README.md (#455)
Fix indentation at L56
Rafael dos Santos Silva [Mon, 23 Dec 2019 16:36:38 +0000 (13:36 -0300)]
Bump base image
Rafael dos Santos Silva [Mon, 2 Dec 2019 18:16:45 +0000 (15:16 -0300)]
FEATURE: Default to HTTPS
Blake Erickson [Fri, 15 Nov 2019 14:25:07 +0000 (07:25 -0700)]
update mail-receiver version
Gerhard Schlager [Thu, 31 Oct 2019 20:32:49 +0000 (21:32 +0100)]
Try to force certificate issuance on second try
Todd Sharp [Mon, 28 Oct 2019 01:58:56 +0000 (21:58 -0400)]
Change check for linux memory (#452)
* Change check for linux memory
Some VMs clock in at *just under* 1GB, so checking for 1GB of RAM will miss these. Instead, check for MB, divide by 1000 and round up.
* Refine the check_linux_memory function
Be a little more precise and only make an exception for VMs with >= 990MB RAM
Ruben Homs [Thu, 24 Oct 2019 00:40:36 +0000 (02:40 +0200)]
Make port check optional, add y/n prompt (#448)
romanrizzi [Wed, 16 Oct 2019 18:28:57 +0000 (15:28 -0300)]
Bump base image to update uglifyJS to v3
Roman Rizzi [Thu, 10 Oct 2019 05:17:46 +0000 (02:17 -0300)]
DEV: Bump uglifyjs
We now support uglifyjs version 3 in Discourse core, no need to hold back the upgrade.
Sam Saffron [Thu, 3 Oct 2019 23:59:17 +0000 (09:59 +1000)]
SECURITY: base image updates
- Ruby upgraded from 2.6.4 -> 2.6.5 to address CVEs
- Image Magick from 7.0.8-61 -> 66
- NGINX 1.17.3 -> 4 (bug fixes only)
Daniel Waterworth [Wed, 2 Oct 2019 00:29:19 +0000 (00:29 +0000)]
Check that redis archive matches hash (#450)
Redis is downloaded without TLS
Gerhard Schlager [Tue, 1 Oct 2019 14:59:22 +0000 (10:59 -0400)]
Update MySQL privileges when starting phpBB3 import
MySQL isn't running in the init script yet, so updating the privileges doesn't work. Duh!
Follow-up to
3df237a6
Gerhard Schlager [Tue, 1 Oct 2019 00:20:01 +0000 (20:20 -0400)]
Make phpBB3 import template work with latest image (#449)
Saj Goonatilleke [Fri, 20 Sep 2019 07:43:02 +0000 (17:43 +1000)]
FIX: Pass through stdout when running interactively
Follow up to commit
70aaf45.
Saj Goonatilleke [Wed, 18 Sep 2019 17:58:47 +0000 (03:58 +1000)]
FIX: Never prune Docker volumes
`system prune` on older Docker releases will remove volumes. The
accidental removal of container volumes may result in user data loss.
This patch should ensure that any users on Docker CE <17.06.1 benefit
from the same, safer behaviour enjoyed by users on contemporary Docker
releases.
Jay Pfaffman [Wed, 11 Sep 2019 22:16:50 +0000 (15:16 -0700)]
FIX: Install mariadb lib instead of mysql
Gerhard Schlager [Tue, 10 Sep 2019 00:44:52 +0000 (02:44 +0200)]
Correctly install ECDSA certificate
Follow-up to
f6ec21851dcf417c13333179a0f933d1dcc3faa1
Gerhard Schlager [Mon, 9 Sep 2019 23:02:45 +0000 (01:02 +0200)]
FEATURE: Elliptic Curve certificate (#444)
[Mozilla](https://wiki.mozilla.org/Security/Server_Side_TLS) recommends (P-256) as certificate type for intermediate compatibility.
> ECDSA certificates are recommended over RSA certificates, as they allow the use of ECDHE with Windows 7 clients using Internet Explorer 11
Most modern browsers will use cipher suites with the ECDSA certificate. Older browsers will select the RSA certificate and a RSA cipher suite.
Rafael dos Santos Silva [Fri, 6 Sep 2019 17:56:14 +0000 (14:56 -0300)]
Bump base image
Rafael dos Santos Silva [Fri, 6 Sep 2019 04:27:17 +0000 (01:27 -0300)]
FIX: Backup Restore was broken because rsync was missing
Rafael dos Santos Silva [Tue, 3 Sep 2019 19:37:14 +0000 (16:37 -0300)]
Make sshd compatible with Debian image
Rafael dos Santos Silva [Mon, 2 Sep 2019 18:15:01 +0000 (15:15 -0300)]
Bump base image
Rafael dos Santos Silva [Fri, 30 Aug 2019 03:59:50 +0000 (00:59 -0300)]
Update ruby to 2.6.4
Jay Pfaffman [Wed, 1 Aug 2018 08:56:20 +0000 (10:56 +0200)]
FEATURE: launcher suggests discourse-doctor on fail
Jay Pfaffman [Fri, 12 Apr 2019 16:04:24 +0000 (09:04 -0700)]
Add commented sections to enable incoming TLS
Use Let's Encrypt certs from app to enable incoming TLS for mail-receiver.
Andrew Schleifer [Wed, 26 Jun 2019 06:24:46 +0000 (14:24 +0800)]
fallocate swapfile instead of dd
Joffrey JAFFEUX [Thu, 9 Aug 2018 21:09:16 +0000 (23:09 +0200)]
spacing
Jay Pfaffman [Wed, 1 Aug 2018 08:40:36 +0000 (10:40 +0200)]
FEATURE: discourse-doctor restart existing container if possible
Rafael dos Santos Silva [Fri, 16 Aug 2019 19:11:28 +0000 (16:11 -0300)]
Update SSL config using Mozilla SSL Intermediate config
Rafael dos Santos Silva [Thu, 22 Aug 2019 20:05:41 +0000 (17:05 -0300)]
Update dependencies
Rafael dos Santos Silva [Mon, 19 Aug 2019 21:34:04 +0000 (18:34 -0300)]
Remove nginx modules from the package manager
Rafael dos Santos Silva [Mon, 19 Aug 2019 18:17:28 +0000 (15:17 -0300)]
On Debian rsyslog is running under root
Rafael dos Santos Silva [Mon, 19 Aug 2019 18:17:01 +0000 (15:17 -0300)]
Revert "Revert "First pass in moving to debian""
This reverts commit
29204e415846c121554d41c34f241f2291e7a587.
Rafael dos Santos Silva [Fri, 16 Aug 2019 21:03:14 +0000 (18:03 -0300)]
Revert "First pass in moving to debian"
This reverts commit
223b69e775c61a7fb05386262281f7fa2f0e9520.
Rafael dos Santos Silva [Tue, 2 Jul 2019 04:40:26 +0000 (01:40 -0300)]
First pass in moving to debian
Rafael dos Santos Silva [Tue, 13 Aug 2019 21:06:56 +0000 (18:06 -0300)]
Update nginx for HTTP2 related CVEs
Saj Goonatilleke [Tue, 6 Aug 2019 23:07:36 +0000 (09:07 +1000)]
Make merge_user_args idempotent (#438)
The `merge_user_args` function may be called more than once within a
single `launcher` process. e.g.: on `launcher rebuild ...`:
```
[main] -> rebuild -> run_bootstrap -> set_template_info -> merge_user_args
[main] -> rebuild -> run_start -> set_template_info -> merge_user_args
```
If the user had included a `docker_args` map key in their container
YAML, the `user_args` global would be incorrectly populated with
duplicate docker CLI flags.
https://meta.discourse.org/t/-/123696
Fixes a regression introduced in https://meta.discourse.org/t/-/49401/9
Andrew Schleifer [Thu, 1 Aug 2019 04:05:00 +0000 (12:05 +0800)]
remove unrelated comment
SSH was long ago moved into a different template
Gerhard Schlager [Thu, 27 Jun 2019 08:45:16 +0000 (10:45 +0200)]
Bump base image
Gerhard Schlager [Tue, 25 Jun 2019 08:53:51 +0000 (10:53 +0200)]
Update ImageMagick
Rafael dos Santos Silva [Wed, 19 Jun 2019 18:38:47 +0000 (15:38 -0300)]
FIX: Make storage detection compatible with docker 19.x
Sam Saffron [Tue, 18 Jun 2019 06:14:38 +0000 (16:14 +1000)]
DEV: bump dependencies
- new ImageMagick
- new NGINX moved to stable from mailine
- new Redis
- new PNG Quant
- updated libjemalloc
Matic Mežnar [Sun, 16 Jun 2019 23:47:03 +0000 (01:47 +0200)]
Repo key should be downloaded securely (#432)
Penar Musaraj [Fri, 14 Jun 2019 12:40:57 +0000 (08:40 -0400)]
Include official plugins and install their gems in discourse_test (#431)
Michael Brown [Mon, 10 Jun 2019 17:24:22 +0000 (13:24 -0400)]
FIX: we cannot prompt for user input if we have no tty
Guo Xiang Tan [Tue, 21 May 2019 05:38:28 +0000 (13:38 +0800)]
Update to `discourse/base:2.0.
20190505-2322`.
Old base images carry test gems in the production env.
Régis Hanol [Wed, 15 May 2019 20:06:24 +0000 (22:06 +0200)]
COPY: remove unsupported storage drivers from warning message
Penar Musaraj [Tue, 14 May 2019 19:37:47 +0000 (15:37 -0400)]
FIX: Correctly match when protocol-less CDN is used
Jeff Atwood [Fri, 10 May 2019 21:08:46 +0000 (14:08 -0700)]
remove btrfs and overlay from "safe" storage drivers
Stephen [Tue, 7 May 2019 11:45:22 +0000 (04:45 -0700)]
Update bash path (#430)
Call the default bash for the environment.
Gerhard Schlager [Mon, 6 May 2019 12:55:25 +0000 (14:55 +0200)]
Update base image
It updates Ruby, nginx, ImageMagick, libpng, gifsicle and Node.js
Guo Xiang Tan [Fri, 3 May 2019 04:52:31 +0000 (12:52 +0800)]
Set the right RAILS_ENV for other base images.
Follow up to
c2c7a3d8f3aad26b0b1aea30eb5bf475d910ebc2.
Guo Xiang Tan [Fri, 3 May 2019 01:44:09 +0000 (09:44 +0800)]
Set RAILS_ENV for base image.
We can't boot the Rails app if it tries to require development
dependencies.
Guo Xiang Tan [Thu, 2 May 2019 02:18:59 +0000 (10:18 +0800)]
FIX: Don't install test gems in production.
This fixes an incorrect usage of the `--without` option.
As per the documentation, it takes groups seperated by a space `--without=GROUP[ GROUP...]`. Specifying the option twice meant we were overriding the first which lead the this bug.
Gerhard Schlager [Sat, 27 Apr 2019 08:08:16 +0000 (10:08 +0200)]
Update dependencies (#429)
* Ruby 2.6.3 which has a couple of Unicode improvements
* nginx from 1.5.9 to 1.5.12 (http://nginx.org/en/CHANGES)
* ImageMagick 7.0.8-42 and switch it back to using GitHub, because only the latest release is available on the official site and this regularly breaks our build
* libpng from 1.6.36 to 1.6.37 (security fix)
* gifsicle from 1.91 to 1.92 (http://www.lcdf.org/gifsicle/changes.html)
* Node.js v10, the latest active LTS (https://nodejs.org/en/about/releases/)
Geoff Reedy [Fri, 26 Apr 2019 08:25:27 +0000 (02:25 -0600)]
Use HEAD instead of @ shortcut for git in launcher (#428)
The abbreviation @ for HEAD was added in git 1.8.5. The launcher claims to be compatible with git version 1.8.0 but the use of this abbreviation breaks this compatibility. This change is needed to support RHEL 7.6 which has only git 1.8.3.1.
Guo Xiang Tan [Mon, 22 Apr 2019 03:02:10 +0000 (11:02 +0800)]
Update imagemagick to 7.0.8-41.
Guo Xiang Tan [Sat, 20 Apr 2019 01:03:19 +0000 (09:03 +0800)]
Run `bundle install` with 4 jobs.
Guo Xiang Tan [Mon, 15 Apr 2019 01:23:58 +0000 (09:23 +0800)]
Bump patch for imagemagick again.
Sam Saffron [Thu, 11 Apr 2019 02:43:55 +0000 (12:43 +1000)]
FEATURE: brotli support is not conditional
Due to changes in the core (backported to stable) all brotli support
is unconditional.
No need to carry any special logic here.
Guo Xiang Tan [Mon, 8 Apr 2019 00:14:46 +0000 (08:14 +0800)]
Bump imagemagick to 7.0.8-39.
Sam Saffron [Wed, 3 Apr 2019 06:01:48 +0000 (17:01 +1100)]
FIX: no longer allow protocol-less CDN
DISCOURSE_CDN_URL starting with `//` can lead to problems. Avoid allowing
people to enter it.