diff --git a/bitnami/drupal/11/debian-12/Dockerfile b/bitnami/drupal/11/debian-12/Dockerfile new file mode 100644 index 0000000000000..1b137446ddcba --- /dev/null +++ b/bitnami/drupal/11/debian-12/Dockerfile @@ -0,0 +1,69 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +FROM docker.io/bitnami/minideb:bookworm + +ARG TARGETARCH + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ + org.opencontainers.image.created="2024-08-22T06:28:38Z" \ + org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/drupal/README.md" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.ref.name="11.0.1-debian-12-r1" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/drupal" \ + org.opencontainers.image.title="drupal" \ + org.opencontainers.image.vendor="Broadcom, Inc." \ + org.opencontainers.image.version="11.0.1" + +ENV HOME="/" \ + OS_ARCH="${TARGETARCH:-amd64}" \ + OS_FLAVOUR="debian-12" \ + OS_NAME="linux" + +COPY prebuildfs / +SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] +# Install required system packages and dependencies +RUN install_packages acl ca-certificates curl gnupg libaudit1 libbrotli1 libbsd0 libbz2-1.0 libcap-ng0 libcom-err2 libcrypt1 libcurl4 libexpat1 libffi8 libfftw3-double3 libfontconfig1 libfreetype6 libgcc-s1 libgcrypt20 libglib2.0-0 libgmp10 libgnutls30 libgomp1 libgpg-error0 libgssapi-krb5-2 libhashkit2 libhogweed6 libicu72 libidn2-0 libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libldap-2.5-0 liblqr-1-0 libltdl7 liblzma5 libmagickcore-6.q16-6 libmagickwand-6.q16-6 libmd0 libmemcached11 libncurses6 libnettle8 libnghttp2-14 libonig5 libp11-kit0 libpam0g libpcre2-8-0 libpcre3 libpng16-16 libpq5 libpsl5 libreadline8 librtmp1 libsasl2-2 libsodium23 libsqlite3-0 libssh2-1 libssl3 libstdc++6 libsybdb5 libtasn1-6 libtidy5deb1 libtinfo6 libunistring2 libuuid1 libwebp7 libx11-6 libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxslt1.1 libzip4 libzstd1 openssl procps unzip zlib1g +RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \ + COMPONENTS=( \ + "render-template-1.0.7-3-linux-${OS_ARCH}-debian-12" \ + "php-8.3.10-2-linux-${OS_ARCH}-debian-12" \ + "mysql-client-11.4.3-0-linux-${OS_ARCH}-debian-12" \ + "libphp-8.3.10-0-linux-${OS_ARCH}-debian-12" \ + "apache-2.4.62-0-linux-${OS_ARCH}-debian-12" \ + "drupal-11.0.1-0-linux-${OS_ARCH}-debian-12" \ + ) ; \ + for COMPONENT in "${COMPONENTS[@]}"; do \ + if [ ! -f "${COMPONENT}.tar.gz" ]; then \ + curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \ + curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \ + fi ; \ + sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \ + tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ + rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ + done +RUN apt-get autoremove --purge -y curl && \ + apt-get update && apt-get upgrade -y && \ + apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN chmod g+rwX /opt/bitnami +RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true + +COPY rootfs / +RUN /opt/bitnami/scripts/apache/postunpack.sh +RUN /opt/bitnami/scripts/php/postunpack.sh +RUN /opt/bitnami/scripts/apache-modphp/postunpack.sh +RUN /opt/bitnami/scripts/drupal/postunpack.sh +RUN /opt/bitnami/scripts/mysql-client/postunpack.sh +ENV APACHE_HTTPS_PORT_NUMBER="" \ + APACHE_HTTP_PORT_NUMBER="" \ + APP_VERSION="11.0.1" \ + BITNAMI_APP_NAME="drupal" \ + PATH="/opt/bitnami/common/bin:/opt/bitnami/php/bin:/opt/bitnami/php/sbin:/opt/bitnami/mysql/bin:/opt/bitnami/apache/bin:/opt/bitnami/drupal/vendor/bin:$PATH" + +EXPOSE 8080 8443 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/drupal/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/apache/run.sh" ] diff --git a/bitnami/drupal/11/debian-12/docker-compose.yml b/bitnami/drupal/11/debian-12/docker-compose.yml new file mode 100644 index 0000000000000..2ac4e045ac6a8 --- /dev/null +++ b/bitnami/drupal/11/debian-12/docker-compose.yml @@ -0,0 +1,35 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +version: '2' +services: + mariadb: + image: docker.io/bitnami/mariadb:11.4 + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - MARIADB_USER=bn_drupal + - MARIADB_DATABASE=bitnami_drupal + volumes: + - 'mariadb_data:/bitnami/mariadb' + drupal: + image: docker.io/bitnami/drupal:11 + ports: + - '80:8080' + - '443:8443' + environment: + - DRUPAL_DATABASE_HOST=mariadb + - DRUPAL_DATABASE_PORT_NUMBER=3306 + - DRUPAL_DATABASE_USER=bn_drupal + - DRUPAL_DATABASE_NAME=bitnami_drupal + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + volumes: + - 'drupal_data:/bitnami/drupal' + depends_on: + - mariadb +volumes: + mariadb_data: + driver: local + drupal_data: + driver: local diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 0000000000000..222867878b606 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1,38 @@ +{ + "apache": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "2.4.62-0" + }, + "drupal": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.0.1-0" + }, + "libphp": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.3.10-0" + }, + "mysql-client": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "11.4.3-0" + }, + "php": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "8.3.10-2" + }, + "render-template": { + "arch": "amd64", + "distro": "debian-12", + "type": "NAMI", + "version": "1.0.7-3" + } +} \ No newline at end of file diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt new file mode 100644 index 0000000000000..76956b38e82c6 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt @@ -0,0 +1,2 @@ +Bitnami containers ship with software bundles. You can find the licenses under: +/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh new file mode 100644 index 0000000000000..d239f98535735 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami custom library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Constants +BOLD='\033[1m' + +# Functions + +######################## +# Print the welcome page +# Globals: +# DISABLE_WELCOME_MESSAGE +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_welcome_page() { + if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$BITNAMI_APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +######################## +# Print the welcome page for a Bitnami Docker image +# Globals: +# BITNAMI_APP_NAME +# Arguments: +# None +# Returns: +# None +######################### +print_image_welcome_page() { + local github_url="https://github.com/bitnami/containers" + + info "" + info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" + info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" + info "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" + info "Upgrade to Tanzu Application Catalog for production environments to access custom-configured and pre-packaged software components. Gain enhanced features, including Software Bill of Materials (SBOM), CVE scan result reports, and VEX documents. To learn more, visit ${BOLD}https://bitnami.com/enterprise${RESET}" + info "" +} + diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh new file mode 100644 index 0000000000000..1c69e0e48a5d0 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh @@ -0,0 +1,141 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing files + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libos.sh + +# Functions + +######################## +# Replace a regex-matching string in a file +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - substitute regex +# $4 - use POSIX regex. Default: true +# Returns: +# None +######################### +replace_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + local posix_regex=${4:-true} + + local result + + # We should avoid using 'sed in-place' substitutions + # 1) They are not compatible with files mounted from ConfigMap(s) + # 2) We found incompatibility issues with Debian10 and "in-place" substitutions + local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues + if [[ $posix_regex = true ]]; then + result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" + else + result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" + fi + echo "$result" > "$filename" +} + +######################## +# Replace a regex-matching multiline string in a file +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - substitute regex +# Returns: +# None +######################### +replace_in_file_multiline() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + + local result + local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues + result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" + echo "$result" > "$filename" +} + +######################## +# Remove a line in a file based on a regex +# Arguments: +# $1 - filename +# $2 - match regex +# $3 - use POSIX regex. Default: true +# Returns: +# None +######################### +remove_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local posix_regex=${3:-true} + local result + + # We should avoid using 'sed in-place' substitutions + # 1) They are not compatible with files mounted from ConfigMap(s) + # 2) We found incompatibility issues with Debian10 and "in-place" substitutions + if [[ $posix_regex = true ]]; then + result="$(sed -E "/$match_regex/d" "$filename")" + else + result="$(sed "/$match_regex/d" "$filename")" + fi + echo "$result" > "$filename" +} + +######################## +# Appends text after the last line matching a pattern +# Arguments: +# $1 - file +# $2 - match regex +# $3 - contents to add +# Returns: +# None +######################### +append_file_after_last_match() { + local file="${1:?missing file}" + local match_regex="${2:?missing pattern}" + local value="${3:?missing value}" + + # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again + result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" + echo "$result" > "$file" +} + +######################## +# Wait until certain entry is present in a log file +# Arguments: +# $1 - entry to look for +# $2 - log file +# $3 - max retries. Default: 12 +# $4 - sleep between retries (in seconds). Default: 5 +# Returns: +# Boolean +######################### +wait_for_log_entry() { + local -r entry="${1:-missing entry}" + local -r log_file="${2:-missing log file}" + local -r retries="${3:-12}" + local -r interval_time="${4:-5}" + local attempt=0 + + check_log_file_for_entry() { + if ! grep -qE "$entry" "$log_file"; then + debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" + return 1 + fi + } + debug "Checking that ${log_file} log file contains entry \"${entry}\"" + if retry_while check_log_file_for_entry "$retries" "$interval_time"; then + debug "Found entry \"${entry}\" in ${log_file}" + true + else + error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" + debug_execute cat "$log_file" + return 1 + fi +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh new file mode 100644 index 0000000000000..970d624179642 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh @@ -0,0 +1,193 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for file system actions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Ensure a file/directory is owned (user and group) but the given user +# Arguments: +# $1 - filepath +# $2 - owner +# Returns: +# None +######################### +owned_by() { + local path="${1:?path is missing}" + local owner="${2:?owner is missing}" + local group="${3:-}" + + if [[ -n $group ]]; then + chown "$owner":"$group" "$path" + else + chown "$owner":"$owner" "$path" + fi +} + +######################## +# Ensure a directory exists and, optionally, is owned by the given user +# Arguments: +# $1 - directory +# $2 - owner +# Returns: +# None +######################### +ensure_dir_exists() { + local dir="${1:?directory is missing}" + local owner_user="${2:-}" + local owner_group="${3:-}" + + [ -d "${dir}" ] || mkdir -p "${dir}" + if [[ -n $owner_user ]]; then + owned_by "$dir" "$owner_user" "$owner_group" + fi +} + +######################## +# Checks whether a directory is empty or not +# arguments: +# $1 - directory +# returns: +# boolean +######################### +is_dir_empty() { + local -r path="${1:?missing directory}" + # Calculate real path in order to avoid issues with symlinks + local -r dir="$(realpath "$path")" + if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then + true + else + false + fi +} + +######################## +# Checks whether a mounted directory is empty or not +# arguments: +# $1 - directory +# returns: +# boolean +######################### +is_mounted_dir_empty() { + local dir="${1:?missing directory}" + + if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then + true + else + false + fi +} + +######################## +# Checks whether a file can be written to or not +# arguments: +# $1 - file +# returns: +# boolean +######################### +is_file_writable() { + local file="${1:?missing file}" + local dir + dir="$(dirname "$file")" + + if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then + true + else + false + fi +} + +######################## +# Relativize a path +# arguments: +# $1 - path +# $2 - base +# returns: +# None +######################### +relativize() { + local -r path="${1:?missing path}" + local -r base="${2:?missing base}" + pushd "$base" >/dev/null || exit + realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' + popd >/dev/null || exit +} + +######################## +# Configure permisions and ownership recursively +# Globals: +# None +# Arguments: +# $1 - paths (as a string). +# Flags: +# -f|--file-mode - mode for directories. +# -d|--dir-mode - mode for files. +# -u|--user - user +# -g|--group - group +# Returns: +# None +######################### +configure_permissions_ownership() { + local -r paths="${1:?paths is missing}" + local dir_mode="" + local file_mode="" + local user="" + local group="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -f | --file-mode) + shift + file_mode="${1:?missing mode for files}" + ;; + -d | --dir-mode) + shift + dir_mode="${1:?missing mode for directories}" + ;; + -u | --user) + shift + user="${1:?missing user}" + ;; + -g | --group) + shift + group="${1:?missing group}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + read -r -a filepaths <<<"$paths" + for p in "${filepaths[@]}"; do + if [[ -e "$p" ]]; then + find -L "$p" -printf "" + if [[ -n $dir_mode ]]; then + find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode" + fi + if [[ -n $file_mode ]]; then + find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode" + fi + if [[ -n $user ]] && [[ -n $group ]]; then + find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}" + elif [[ -n $user ]] && [[ -z $group ]]; then + find -L "$p" -print0 | xargs -r -0 chown "${user}" + elif [[ -z $user ]] && [[ -n $group ]]; then + find -L "$p" -print0 | xargs -r -0 chgrp "${group}" + fi + else + stderr_print "$p does not exist" + fi + done +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh new file mode 100644 index 0000000000000..f3a5fe7868eed --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library to use for scripts expected to be used as Kubernetes lifecycle hooks + +# shellcheck disable=SC1091 + +# Load generic libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh + +# Override functions that log to stdout/stderr of the current process, so they print to process 1 +for function_to_override in stderr_print debug_execute; do + # Output is sent to output of process 1 and thus end up in the container log + # The hook output in general isn't saved + eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" +done diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh new file mode 100644 index 0000000000000..450f05bd823ff --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for logging functions + +# Constants +RESET='\033[0m' +RED='\033[38;5;1m' +GREEN='\033[38;5;2m' +YELLOW='\033[38;5;3m' +MAGENTA='\033[38;5;5m' +CYAN='\033[38;5;6m' + +# Functions + +######################## +# Print to STDERR +# Arguments: +# Message to print +# Returns: +# None +######################### +stderr_print() { + # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it + local bool="${BITNAMI_QUIET:-false}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + printf "%b\\n" "${*}" >&2 + fi +} + +######################## +# Log message +# Arguments: +# Message to log +# Returns: +# None +######################### +log() { + stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" +} +######################## +# Log an 'info' message +# Arguments: +# Message to log +# Returns: +# None +######################### +info() { + log "${GREEN}INFO ${RESET} ==> ${*}" +} +######################## +# Log message +# Arguments: +# Message to log +# Returns: +# None +######################### +warn() { + log "${YELLOW}WARN ${RESET} ==> ${*}" +} +######################## +# Log an 'error' message +# Arguments: +# Message to log +# Returns: +# None +######################### +error() { + log "${RED}ERROR${RESET} ==> ${*}" +} +######################## +# Log a 'debug' message +# Globals: +# BITNAMI_DEBUG +# Arguments: +# None +# Returns: +# None +######################### +debug() { + # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it + local bool="${BITNAMI_DEBUG:-false}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + log "${MAGENTA}DEBUG${RESET} ==> ${*}" + fi +} + +######################## +# Indent a string +# Arguments: +# $1 - string +# $2 - number of indentation characters (default: 4) +# $3 - indentation character (default: " ") +# Returns: +# None +######################### +indent() { + local string="${1:-}" + local num="${2:?missing num}" + local char="${3:-" "}" + # Build the indentation unit string + local indent_unit="" + for ((i = 0; i < num; i++)); do + indent_unit="${indent_unit}${char}" + done + # shellcheck disable=SC2001 + # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions + echo "$string" | sed "s/^/${indent_unit}/" +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh new file mode 100644 index 0000000000000..004e426fba178 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh @@ -0,0 +1,171 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for network functions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libvalidations.sh + +# Functions + +######################## +# Resolve IP address for a host/domain (i.e. DNS lookup) +# Arguments: +# $1 - Hostname to resolve +# $2 - IP address version (v4, v6), leave empty for resolving to any version +# Returns: +# IP +######################### +dns_lookup() { + local host="${1:?host is missing}" + local ip_version="${2:-}" + getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 +} + +######################### +# Wait for a hostname and return the IP +# Arguments: +# $1 - hostname +# $2 - number of retries +# $3 - seconds to wait between retries +# Returns: +# - IP address that corresponds to the hostname +######################### +wait_for_dns_lookup() { + local hostname="${1:?hostname is missing}" + local retries="${2:-5}" + local seconds="${3:-1}" + check_host() { + if [[ $(dns_lookup "$hostname") == "" ]]; then + false + else + true + fi + } + # Wait for the host to be ready + retry_while "check_host ${hostname}" "$retries" "$seconds" + dns_lookup "$hostname" +} + +######################## +# Get machine's IP +# Arguments: +# None +# Returns: +# Machine IP +######################### +get_machine_ip() { + local -a ip_addresses + local hostname + hostname="$(hostname)" + read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" + if [[ "${#ip_addresses[@]}" -gt 1 ]]; then + warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" + elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then + error "Could not find any IP address associated to hostname ${hostname}" + exit 1 + fi + # Check if the first IP address is IPv6 to add brackets + if validate_ipv6 "${ip_addresses[0]}" ; then + echo "[${ip_addresses[0]}]" + else + echo "${ip_addresses[0]}" + fi +} + +######################## +# Check if the provided argument is a resolved hostname +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_hostname_resolved() { + local -r host="${1:?missing value}" + if [[ -n "$(dns_lookup "$host")" ]]; then + true + else + false + fi +} + +######################## +# Parse URL +# Globals: +# None +# Arguments: +# $1 - uri - String +# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String +# Returns: +# String +parse_uri() { + local uri="${1:?uri is missing}" + local component="${2:?component is missing}" + + # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with + # additional sub-expressions to split authority into userinfo, host and port + # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) + local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' + # || | ||| | | | | | | | | | + # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment + # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... + # | 4 authority + # 3 //... + local index=0 + case "$component" in + scheme) + index=2 + ;; + authority) + index=4 + ;; + userinfo) + index=6 + ;; + host) + index=7 + ;; + port) + index=9 + ;; + path) + index=10 + ;; + query) + index=13 + ;; + fragment) + index=14 + ;; + *) + stderr_print "unrecognized component $component" + return 1 + ;; + esac + [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" +} + +######################## +# Wait for a HTTP connection to succeed +# Globals: +# * +# Arguments: +# $1 - URL to wait for +# $2 - Maximum amount of retries (optional) +# $3 - Time between retries (optional) +# Returns: +# true if the HTTP connection succeeded, false otherwise +######################### +wait_for_http_connection() { + local url="${1:?missing url}" + local retries="${2:-}" + local sleep_time="${3:-}" + if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then + error "Could not connect to ${url}" + return 1 + fi +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh new file mode 100644 index 0000000000000..9d908c48579b9 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh @@ -0,0 +1,657 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for operating system actions + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libvalidations.sh + +# Functions + +######################## +# Check if an user exists in the system +# Arguments: +# $1 - user +# Returns: +# Boolean +######################### +user_exists() { + local user="${1:?user is missing}" + id "$user" >/dev/null 2>&1 +} + +######################## +# Check if a group exists in the system +# Arguments: +# $1 - group +# Returns: +# Boolean +######################### +group_exists() { + local group="${1:?group is missing}" + getent group "$group" >/dev/null 2>&1 +} + +######################## +# Create a group in the system if it does not exist already +# Arguments: +# $1 - group +# Flags: +# -i|--gid - the ID for the new group +# -s|--system - Whether to create new user as system user (uid <= 999) +# Returns: +# None +######################### +ensure_group_exists() { + local group="${1:?group is missing}" + local gid="" + local is_system_user=false + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -i | --gid) + shift + gid="${1:?missing gid}" + ;; + -s | --system) + is_system_user=true + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + if ! group_exists "$group"; then + local -a args=("$group") + if [[ -n "$gid" ]]; then + if group_exists "$gid"; then + error "The GID $gid is already in use." >&2 + return 1 + fi + args+=("--gid" "$gid") + fi + $is_system_user && args+=("--system") + groupadd "${args[@]}" >/dev/null 2>&1 + fi +} + +######################## +# Create an user in the system if it does not exist already +# Arguments: +# $1 - user +# Flags: +# -i|--uid - the ID for the new user +# -g|--group - the group the new user should belong to +# -a|--append-groups - comma-separated list of supplemental groups to append to the new user +# -h|--home - the home directory for the new user +# -s|--system - whether to create new user as system user (uid <= 999) +# Returns: +# None +######################### +ensure_user_exists() { + local user="${1:?user is missing}" + local uid="" + local group="" + local append_groups="" + local home="" + local is_system_user=false + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -i | --uid) + shift + uid="${1:?missing uid}" + ;; + -g | --group) + shift + group="${1:?missing group}" + ;; + -a | --append-groups) + shift + append_groups="${1:?missing append_groups}" + ;; + -h | --home) + shift + home="${1:?missing home directory}" + ;; + -s | --system) + is_system_user=true + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + if ! user_exists "$user"; then + local -a user_args=("-N" "$user") + if [[ -n "$uid" ]]; then + if user_exists "$uid"; then + error "The UID $uid is already in use." + return 1 + fi + user_args+=("--uid" "$uid") + else + $is_system_user && user_args+=("--system") + fi + useradd "${user_args[@]}" >/dev/null 2>&1 + fi + + if [[ -n "$group" ]]; then + local -a group_args=("$group") + $is_system_user && group_args+=("--system") + ensure_group_exists "${group_args[@]}" + usermod -g "$group" "$user" >/dev/null 2>&1 + fi + + if [[ -n "$append_groups" ]]; then + local -a groups + read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" + for group in "${groups[@]}"; do + ensure_group_exists "$group" + usermod -aG "$group" "$user" >/dev/null 2>&1 + done + fi + + if [[ -n "$home" ]]; then + mkdir -p "$home" + usermod -d "$home" "$user" >/dev/null 2>&1 + configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" + fi +} + +######################## +# Check if the script is currently running as root +# Arguments: +# $1 - user +# $2 - group +# Returns: +# Boolean +######################### +am_i_root() { + if [[ "$(id -u)" = "0" ]]; then + true + else + false + fi +} + +######################## +# Print OS metadata +# Arguments: +# $1 - Flag name +# Flags: +# --id - Distro ID +# --version - Distro version +# --branch - Distro branch +# --codename - Distro codename +# --name - Distro name +# --pretty-name - Distro pretty name +# Returns: +# String +######################### +get_os_metadata() { + local -r flag_name="${1:?missing flag}" + # Helper function + get_os_release_metadata() { + local -r env_name="${1:?missing environment variable name}" + ( + . /etc/os-release + echo "${!env_name}" + ) + } + case "$flag_name" in + --id) + get_os_release_metadata ID + ;; + --version) + get_os_release_metadata VERSION_ID + ;; + --branch) + get_os_release_metadata VERSION_ID | sed 's/\..*//' + ;; + --codename) + get_os_release_metadata VERSION_CODENAME + ;; + --name) + get_os_release_metadata NAME + ;; + --pretty-name) + get_os_release_metadata PRETTY_NAME + ;; + *) + error "Unknown flag ${flag_name}" + return 1 + ;; + esac +} + +######################## +# Get total memory available +# Arguments: +# None +# Returns: +# Memory in bytes +######################### +get_total_memory() { + echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) +} + +######################## +# Get machine size depending on specified memory +# Globals: +# None +# Arguments: +# None +# Flags: +# --memory - memory size (optional) +# Returns: +# Detected instance size +######################### +get_machine_size() { + local memory="" + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + --memory) + shift + memory="${1:?missing memory}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if [[ -z "$memory" ]]; then + debug "Memory was not specified, detecting available memory automatically" + memory="$(get_total_memory)" + fi + sanitized_memory=$(convert_to_mb "$memory") + if [[ "$sanitized_memory" -gt 26000 ]]; then + echo 2xlarge + elif [[ "$sanitized_memory" -gt 13000 ]]; then + echo xlarge + elif [[ "$sanitized_memory" -gt 6000 ]]; then + echo large + elif [[ "$sanitized_memory" -gt 3000 ]]; then + echo medium + elif [[ "$sanitized_memory" -gt 1500 ]]; then + echo small + else + echo micro + fi +} + +######################## +# Get machine size depending on specified memory +# Globals: +# None +# Arguments: +# $1 - memory size (optional) +# Returns: +# Detected instance size +######################### +get_supported_machine_sizes() { + echo micro small medium large xlarge 2xlarge +} + +######################## +# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) +# Globals: +# None +# Arguments: +# $1 - memory size +# Returns: +# Result of the conversion +######################### +convert_to_mb() { + local amount="${1:-}" + if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then + size="${BASH_REMATCH[1]}" + unit="${BASH_REMATCH[2]}" + if [[ "$unit" = "g" || "$unit" = "G" ]]; then + amount="$((size * 1024))" + else + amount="$size" + fi + fi + echo "$amount" +} + +######################### +# Redirects output to /dev/null if debug mode is disabled +# Globals: +# BITNAMI_DEBUG +# Arguments: +# $@ - Command to execute +# Returns: +# None +######################### +debug_execute() { + if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then + "$@" + else + "$@" >/dev/null 2>&1 + fi +} + +######################## +# Retries a command a given number of times +# Arguments: +# $1 - cmd (as a string) +# $2 - max retries. Default: 12 +# $3 - sleep between retries (in seconds). Default: 5 +# Returns: +# Boolean +######################### +retry_while() { + local cmd="${1:?cmd is missing}" + local retries="${2:-12}" + local sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<<"$cmd" + for ((i = 1; i <= retries; i += 1)); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value +} + +######################## +# Generate a random string +# Arguments: +# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii +# -c|--count - Number of characters, defaults to 32 +# Arguments: +# None +# Returns: +# None +# Returns: +# String +######################### +generate_random_string() { + local type="ascii" + local count="32" + local filter + local result + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + -t | --type) + shift + type="$1" + ;; + -c | --count) + shift + count="$1" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Validate type + case "$type" in + ascii) + filter="[:print:]" + ;; + numeric) + filter="0-9" + ;; + alphanumeric) + filter="a-zA-Z0-9" + ;; + alphanumeric+special|special+alphanumeric) + # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters + # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex + filter='a-zA-Z0-9:@.,/+!=' + ;; + *) + echo "Invalid type ${type}" >&2 + return 1 + ;; + esac + # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size + # Note there is a very small chance of strings starting with EOL character + # Therefore, the higher amount of lines read, this will happen less frequently + result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" + echo "$result" +} + +######################## +# Create md5 hash from a string +# Arguments: +# $1 - string +# Returns: +# md5 hash - string +######################### +generate_md5_hash() { + local -r str="${1:?missing input string}" + echo -n "$str" | md5sum | awk '{print $1}' +} + +######################## +# Create sha1 hash from a string +# Arguments: +# $1 - string +# $2 - algorithm - 1 (default), 224, 256, 384, 512 +# Returns: +# sha1 hash - string +######################### +generate_sha_hash() { + local -r str="${1:?missing input string}" + local -r algorithm="${2:-1}" + echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' +} + +######################## +# Converts a string to its hexadecimal representation +# Arguments: +# $1 - string +# Returns: +# hexadecimal representation of the string +######################### +convert_to_hex() { + local -r str=${1:?missing input string} + local -i iterator + local char + for ((iterator = 0; iterator < ${#str}; iterator++)); do + char=${str:iterator:1} + printf '%x' "'${char}" + done +} + +######################## +# Get boot time +# Globals: +# None +# Arguments: +# None +# Returns: +# Boot time metadata +######################### +get_boot_time() { + stat /proc --format=%Y +} + +######################## +# Get machine ID +# Globals: +# None +# Arguments: +# None +# Returns: +# Machine ID +######################### +get_machine_id() { + local machine_id + if [[ -f /etc/machine-id ]]; then + machine_id="$(cat /etc/machine-id)" + fi + if [[ -z "$machine_id" ]]; then + # Fallback to the boot-time, which will at least ensure a unique ID in the current session + machine_id="$(get_boot_time)" + fi + echo "$machine_id" +} + +######################## +# Get the root partition's disk device ID (e.g. /dev/sda1) +# Globals: +# None +# Arguments: +# None +# Returns: +# Root partition disk ID +######################### +get_disk_device_id() { + local device_id="" + if grep -q ^/dev /proc/mounts; then + device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)" + fi + # If it could not be autodetected, fallback to /dev/sda1 as a default + if [[ -z "$device_id" || ! -b "$device_id" ]]; then + device_id="/dev/sda1" + fi + echo "$device_id" +} + +######################## +# Get the root disk device ID (e.g. /dev/sda) +# Globals: +# None +# Arguments: +# None +# Returns: +# Root disk ID +######################### +get_root_disk_device_id() { + get_disk_device_id | sed -E 's/p?[0-9]+$//' +} + +######################## +# Get the root disk size in bytes +# Globals: +# None +# Arguments: +# None +# Returns: +# Root disk size in bytes +######################### +get_root_disk_size() { + fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true +} + +######################## +# Run command as a specific user and group (optional) +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Returns: +# Exit code of the specified command +######################### +run_as_user() { + run_chroot "$@" +} + +######################## +# Execute command as a specific user and group (optional), +# replacing the current process image +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Returns: +# Exit code of the specified command +######################### +exec_as_user() { + run_chroot --replace-process "$@" +} + +######################## +# Run a command using chroot +# Arguments: +# $1 - USER(:GROUP) to switch to +# $2..$n - command to execute +# Flags: +# -r | --replace-process - Replace the current process image (optional) +# Returns: +# Exit code of the specified command +######################### +run_chroot() { + local userspec + local user + local homedir + local replace=false + local -r cwd="$(pwd)" + + # Parse and validate flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -r | --replace-process) + replace=true + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + # Parse and validate arguments + if [[ "$#" -lt 2 ]]; then + echo "expected at least 2 arguments" + return 1 + else + userspec=$1 + shift + + # userspec can optionally include the group, so we parse the user + user=$(echo "$userspec" | cut -d':' -f1) + fi + + if ! am_i_root; then + error "Could not switch to '${userspec}': Operation not permitted" + return 1 + fi + + # Get the HOME directory for the user to switch, as chroot does + # not properly update this env and some scripts rely on it + homedir=$(eval echo "~${user}") + if [[ ! -d $homedir ]]; then + homedir="${HOME:-/}" + fi + + # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion + if [[ "$replace" = true ]]; then + exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" + else + chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" + fi +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh new file mode 100644 index 0000000000000..18445e7d27fa3 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh @@ -0,0 +1,124 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami persistence library +# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libversion.sh + +# Functions + +######################## +# Persist an application directory +# Globals: +# BITNAMI_ROOT_DIR +# BITNAMI_VOLUME_DIR +# Arguments: +# $1 - App folder name +# $2 - List of app files to persist +# Returns: +# true if all steps succeeded, false otherwise +######################### +persist_app() { + local -r app="${1:?missing app}" + local -a files_to_restore + read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" + local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + # Persist the individual files + if [[ "${#files_to_persist[@]}" -le 0 ]]; then + warn "No files are configured to be persisted" + return + fi + pushd "$install_dir" >/dev/null || exit + local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder + local -r tmp_file="/tmp/perms.acl" + for file_to_persist in "${files_to_persist[@]}"; do + if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then + error "Cannot persist '${file_to_persist}' because it does not exist" + return 1 + fi + file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" + file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" + file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" + # Get original permissions for existing files, which will be applied later + # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume + getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" + # Copy directories to the volume + ensure_dir_exists "$file_to_persist_destination_folder" + cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" + # Restore permissions + pushd "$persist_dir" >/dev/null || exit + if am_i_root; then + setfacl --restore="$tmp_file" + else + # When running as non-root, don't change ownership + setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") + fi + popd >/dev/null || exit + done + popd >/dev/null || exit + rm -f "$tmp_file" + # Install the persisted files into the installation directory, via symlinks + restore_persisted_app "$@" +} + +######################## +# Restore a persisted application directory +# Globals: +# BITNAMI_ROOT_DIR +# BITNAMI_VOLUME_DIR +# FORCE_MAJOR_UPGRADE +# Arguments: +# $1 - App folder name +# $2 - List of app files to restore +# Returns: +# true if all steps succeeded, false otherwise +######################### +restore_persisted_app() { + local -r app="${1:?missing app}" + local -a files_to_restore + read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" + local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + # Restore the individual persisted files + if [[ "${#files_to_restore[@]}" -le 0 ]]; then + warn "No persisted files are configured to be restored" + return + fi + local file_to_restore_relative file_to_restore_origin file_to_restore_destination + for file_to_restore in "${files_to_restore[@]}"; do + file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" + # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed + file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" + file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" + rm -rf "$file_to_restore_origin" + ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" + done +} + +######################## +# Check if an application directory was already persisted +# Globals: +# BITNAMI_VOLUME_DIR +# Arguments: +# $1 - App folder name +# Returns: +# true if all steps succeeded, false otherwise +######################### +is_app_initialized() { + local -r app="${1:?missing app}" + local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" + if ! is_mounted_dir_empty "$persist_dir"; then + true + else + false + fi +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh new file mode 100644 index 0000000000000..1f9b33096b026 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh @@ -0,0 +1,496 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing services + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/liblog.sh + +# Functions + +######################## +# Read the provided pid file and returns a PID +# Arguments: +# $1 - Pid file +# Returns: +# PID +######################### +get_pid_from_file() { + local pid_file="${1:?pid file is missing}" + + if [[ -f "$pid_file" ]]; then + if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then + echo "$(< "$pid_file")" + fi + fi +} + +######################## +# Check if a provided PID corresponds to a running service +# Arguments: +# $1 - PID +# Returns: +# Boolean +######################### +is_service_running() { + local pid="${1:?pid is missing}" + + kill -0 "$pid" 2>/dev/null +} + +######################## +# Stop a service by sending a termination signal to its pid +# Arguments: +# $1 - Pid file +# $2 - Signal number (optional) +# Returns: +# None +######################### +stop_service_using_pid() { + local pid_file="${1:?pid file is missing}" + local signal="${2:-}" + local pid + + pid="$(get_pid_from_file "$pid_file")" + [[ -z "$pid" ]] || ! is_service_running "$pid" && return + + if [[ -n "$signal" ]]; then + kill "-${signal}" "$pid" + else + kill "$pid" + fi + + local counter=10 + while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do + sleep 1 + counter=$((counter - 1)) + done +} + +######################## +# Start cron daemon +# Arguments: +# None +# Returns: +# true if started correctly, false otherwise +######################### +cron_start() { + if [[ -x "/usr/sbin/cron" ]]; then + /usr/sbin/cron + elif [[ -x "/usr/sbin/crond" ]]; then + /usr/sbin/crond + else + false + fi +} + +######################## +# Generate a cron configuration file for a given service +# Arguments: +# $1 - Service name +# $2 - Command +# Flags: +# --run-as - User to run as (default: root) +# --schedule - Cron schedule configuration (default: * * * * *) +# Returns: +# None +######################### +generate_cron_conf() { + local service_name="${1:?service name is missing}" + local cmd="${2:?command is missing}" + local run_as="root" + local schedule="* * * * *" + local clean="true" + + # Parse optional CLI flags + shift 2 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --run-as) + shift + run_as="$1" + ;; + --schedule) + shift + schedule="$1" + ;; + --no-clean) + clean="false" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + mkdir -p /etc/cron.d + if "$clean"; then + cat > "/etc/cron.d/${service_name}" <> /etc/cron.d/"$service_name" + fi +} + +######################## +# Remove a cron configuration file for a given service +# Arguments: +# $1 - Service name +# Returns: +# None +######################### +remove_cron_conf() { + local service_name="${1:?service name is missing}" + local cron_conf_dir="/etc/monit/conf.d" + rm -f "${cron_conf_dir}/${service_name}" +} + +######################## +# Generate a monit configuration file for a given service +# Arguments: +# $1 - Service name +# $2 - Pid file +# $3 - Start command +# $4 - Stop command +# Flags: +# --disable - Whether to disable the monit configuration +# Returns: +# None +######################### +generate_monit_conf() { + local service_name="${1:?service name is missing}" + local pid_file="${2:?pid file is missing}" + local start_command="${3:?start command is missing}" + local stop_command="${4:?stop command is missing}" + local monit_conf_dir="/etc/monit/conf.d" + local disabled="no" + + # Parse optional CLI flags + shift 4 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --disable) + disabled="yes" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + is_boolean_yes "$disabled" && conf_suffix=".disabled" + mkdir -p "$monit_conf_dir" + cat > "${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 + return 1 + ;; + esac + shift + done + + mkdir -p "$logrotate_conf_dir" + cat < "${logrotate_conf_dir}/${service_name}" +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +${log_path} { + ${period} + rotate ${rotations} + dateext + compress + copytruncate + missingok +$(indent "$extra" 2) +} +EOF +} + +######################## +# Remove a logrotate configuration file +# Arguments: +# $1 - Service name +# Returns: +# None +######################### +remove_logrotate_conf() { + local service_name="${1:?service name is missing}" + local logrotate_conf_dir="/etc/logrotate.d" + rm -f "${logrotate_conf_dir}/${service_name}" +} + +######################## +# Generate a Systemd configuration file +# Arguments: +# $1 - Service name +# Flags: +# --custom-service-content - Custom content to add to the [service] block +# --environment - Environment variable to define (multiple --environment options may be passed) +# --environment-file - Text file with environment variables (multiple --environment-file options may be passed) +# --exec-start - Start command (required) +# --exec-start-pre - Pre-start command (optional) +# --exec-start-post - Post-start command (optional) +# --exec-stop - Stop command (optional) +# --exec-reload - Reload command (optional) +# --group - System group to start the service with +# --name - Service full name (e.g. Apache HTTP Server, defaults to $1) +# --restart - When to restart the Systemd service after being stopped (defaults to always) +# --pid-file - Service PID file +# --standard-output - File where to print stdout output +# --standard-error - File where to print stderr output +# --success-exit-status - Exit code that indicates a successful shutdown +# --type - Systemd unit type (defaults to forking) +# --user - System user to start the service with +# --working-directory - Working directory at which to start the service +# Returns: +# None +######################### +generate_systemd_conf() { + local -r service_name="${1:?service name is missing}" + local -r systemd_units_dir="/etc/systemd/system" + local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service" + # Default values + local name="$service_name" + local type="forking" + local user="" + local group="" + local environment="" + local environment_file="" + local exec_start="" + local exec_start_pre="" + local exec_start_post="" + local exec_stop="" + local exec_reload="" + local restart="always" + local pid_file="" + local standard_output="journal" + local standard_error="" + local limits_content="" + local success_exit_status="" + local custom_service_content="" + local working_directory="" + # Parse CLI flags + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --name \ + | --type \ + | --user \ + | --group \ + | --exec-start \ + | --exec-stop \ + | --exec-reload \ + | --restart \ + | --pid-file \ + | --standard-output \ + | --standard-error \ + | --success-exit-status \ + | --custom-service-content \ + | --working-directory \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "$var_name"="${1:?"${var_name} value is missing"}" + ;; + --limit-*) + [[ -n "$limits_content" ]] && limits_content+=$'\n' + var_name="${1//--limit-}" + shift + limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}" + ;; + --exec-start-pre) + shift + [[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n' + exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}" + ;; + --exec-start-post) + shift + [[ -n "$exec_start_post" ]] && exec_start_post+=$'\n' + exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}" + ;; + --environment) + shift + # It is possible to add multiple environment lines + [[ -n "$environment" ]] && environment+=$'\n' + environment+="Environment=${1:?"--environment value is missing"}" + ;; + --environment-file) + shift + # It is possible to add multiple environment-file lines + [[ -n "$environment_file" ]] && environment_file+=$'\n' + environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + # Validate inputs + local error="no" + if [[ -z "$exec_start" ]]; then + error "The --exec-start option is required" + error="yes" + fi + if [[ "$error" != "no" ]]; then + return 1 + fi + # Generate the Systemd unit + cat > "$service_file" <> "$service_file" <<< "WorkingDirectory=${working_directory}" + fi + if [[ -n "$exec_start_pre" ]]; then + # This variable may contain multiple ExecStartPre= directives + cat >> "$service_file" <<< "$exec_start_pre" + fi + if [[ -n "$exec_start" ]]; then + cat >> "$service_file" <<< "ExecStart=${exec_start}" + fi + if [[ -n "$exec_start_post" ]]; then + # This variable may contain multiple ExecStartPost= directives + cat >> "$service_file" <<< "$exec_start_post" + fi + # Optional stop and reload commands + if [[ -n "$exec_stop" ]]; then + cat >> "$service_file" <<< "ExecStop=${exec_stop}" + fi + if [[ -n "$exec_reload" ]]; then + cat >> "$service_file" <<< "ExecReload=${exec_reload}" + fi + # User and group + if [[ -n "$user" ]]; then + cat >> "$service_file" <<< "User=${user}" + fi + if [[ -n "$group" ]]; then + cat >> "$service_file" <<< "Group=${group}" + fi + # PID file allows to determine if the main process is running properly (for Restart=always) + if [[ -n "$pid_file" ]]; then + cat >> "$service_file" <<< "PIDFile=${pid_file}" + fi + if [[ -n "$restart" ]]; then + cat >> "$service_file" <<< "Restart=${restart}" + fi + # Environment flags + if [[ -n "$environment" ]]; then + # This variable may contain multiple Environment= directives + cat >> "$service_file" <<< "$environment" + fi + if [[ -n "$environment_file" ]]; then + # This variable may contain multiple EnvironmentFile= directives + cat >> "$service_file" <<< "$environment_file" + fi + # Logging + if [[ -n "$standard_output" ]]; then + cat >> "$service_file" <<< "StandardOutput=${standard_output}" + fi + if [[ -n "$standard_error" ]]; then + cat >> "$service_file" <<< "StandardError=${standard_error}" + fi + if [[ -n "$custom_service_content" ]]; then + # This variable may contain multiple miscellaneous directives + cat >> "$service_file" <<< "$custom_service_content" + fi + if [[ -n "$success_exit_status" ]]; then + cat >> "$service_file" <> "$service_file" <> "$service_file" <> "$service_file" <= 0 )); then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean or is the string 'yes/true' +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_boolean_yes() { + local -r bool="${1:-}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean yes/no value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_yes_no_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(yes|no)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean true/false value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_true_false_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(true|false)$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is a boolean 1/0 value +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_1_0_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^[10]$ ]]; then + true + else + false + fi +} + +######################## +# Check if the provided argument is an empty string or not defined +# Arguments: +# $1 - Value to check +# Returns: +# Boolean +######################### +is_empty_value() { + local -r val="${1:-}" + if [[ -z "$val" ]]; then + true + else + false + fi +} + +######################## +# Validate if the provided argument is a valid port +# Arguments: +# $1 - Port to validate +# Returns: +# Boolean and error message +######################### +validate_port() { + local value + local unprivileged=0 + + # Parse flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -unprivileged) + unprivileged=1 + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [[ "$#" -gt 1 ]]; then + echo "too many arguments provided" + return 2 + elif [[ "$#" -eq 0 ]]; then + stderr_print "missing port argument" + return 1 + else + value=$1 + fi + + if [[ -z "$value" ]]; then + echo "the value is empty" + return 1 + else + if ! is_int "$value"; then + echo "value is not an integer" + return 2 + elif [[ "$value" -lt 0 ]]; then + echo "negative value provided" + return 2 + elif [[ "$value" -gt 65535 ]]; then + echo "requested port is greater than 65535" + return 2 + elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then + echo "privileged port requested" + return 3 + fi + fi +} + +######################## +# Validate if the provided argument is a valid IPv6 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ipv6() { + local ip="${1:?ip is missing}" + local stat=1 + local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' + local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$' + + if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then + stat=0 + fi + return $stat +} + +######################## +# Validate if the provided argument is a valid IPv4 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ipv4() { + local ip="${1:?ip is missing}" + local stat=1 + + if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" + [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ + && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] + stat=$? + fi + return $stat +} + +######################## +# Validate if the provided argument is a valid IPv4 or IPv6 address +# Arguments: +# $1 - IP to validate +# Returns: +# Boolean +######################### +validate_ip() { + local ip="${1:?ip is missing}" + local stat=1 + + if validate_ipv4 "$ip"; then + stat=0 + else + stat=$(validate_ipv6 "$ip") + fi + return $stat +} + +######################## +# Validate a string format +# Arguments: +# $1 - String to validate +# Returns: +# Boolean +######################### +validate_string() { + local string + local min_length=-1 + local max_length=-1 + + # Parse flags + while [ "$#" -gt 0 ]; do + case "$1" in + -min-length) + shift + min_length=${1:-} + ;; + -max-length) + shift + max_length=${1:-} + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [ "$#" -gt 1 ]; then + stderr_print "too many arguments provided" + return 2 + elif [ "$#" -eq 0 ]; then + stderr_print "missing string" + return 1 + else + string=$1 + fi + + if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then + echo "string length is less than $min_length" + return 1 + fi + if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then + echo "string length is great than $max_length" + return 1 + fi +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh new file mode 100644 index 0000000000000..f0d5a5cd33892 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Library for managing versions strings + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh + +# Functions +######################## +# Gets semantic version +# Arguments: +# $1 - version: string to extract major.minor.patch +# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch +# Returns: +# array with the major, minor and release +######################### +get_sematic_version () { + local version="${1:?version is required}" + local section="${2:?section is required}" + local -a version_sections + + #Regex to parse versions: x.y.z + local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' + + if [[ "$version" =~ $regex ]]; then + local i=1 + local j=1 + local n=${#BASH_REMATCH[*]} + + while [[ $i -lt $n ]]; do + if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then + version_sections[j]="${BASH_REMATCH[$i]}" + ((j++)) + fi + ((i++)) + done + + local number_regex='^[0-9]+$' + if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then + echo "${version_sections[$section]}" + return + else + stderr_print "Section allowed values are: 1, 2, and 3" + return 1 + fi + fi +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh new file mode 100644 index 0000000000000..acb84fc2339bb --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh @@ -0,0 +1,476 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami web server handler library + +# shellcheck disable=SC1090,SC1091 + +# Load generic libraries +. /opt/bitnami/scripts/liblog.sh + +######################## +# Execute a command (or list of commands) with the web server environment and library loaded +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_execute() { + local -r web_server="${1:?missing web server}" + shift + # Run program in sub-shell to avoid web server environment getting loaded when not necessary + ( + . "/opt/bitnami/scripts/lib${web_server}.sh" + . "/opt/bitnami/scripts/${web_server}-env.sh" + "$@" + ) +} + +######################## +# Prints the list of enabled web servers +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_list() { + local -r -a supported_web_servers=(apache nginx) + local -a existing_web_servers=() + for web_server in "${supported_web_servers[@]}"; do + [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") + done + echo "${existing_web_servers[@]:-}" +} + +######################## +# Prints the currently-enabled web server type (only one, in order of preference) +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_type() { + local -a web_servers + read -r -a web_servers <<< "$(web_server_list)" + echo "${web_servers[0]:-}" +} + +######################## +# Validate that a supported web server is configured +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +web_server_validate() { + local error_code=0 + local supported_web_servers=("apache" "nginx") + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then + print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" + elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then + print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." + fi + + return "$error_code" +} + +######################## +# Check whether the web server is running +# Globals: +# * +# Arguments: +# None +# Returns: +# true if the web server is running, false otherwise +######################### +is_web_server_running() { + "is_$(web_server_type)_running" +} + +######################## +# Start web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_start() { + info "Starting $(web_server_type) in background" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl start "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" + fi +} + +######################## +# Stop web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_stop() { + info "Stopping $(web_server_type)" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl stop "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" + fi +} + +######################## +# Restart web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_restart() { + info "Restarting $(web_server_type)" + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl restart "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" + fi +} + +######################## +# Reload web server +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_reload() { + if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then + systemctl reload "bitnami.$(web_server_type).service" + else + "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" + fi +} + +######################## +# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on which configuration template to use +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --disable - Whether to render server configurations with a .disabled prefix +# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix +# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix +# --http-port - HTTP port number +# --https-port - HTTPS port number +# --document-root - Path to document root directory +# Apache-specific flags: +# --apache-additional-configuration - Additional vhost configuration (no default) +# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) +# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) +# --apache-before-vhost-configuration - Configuration to add before the directive (no default) +# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --apache-extra-directory-configuration - Extra configuration for the document root directory +# --apache-proxy-address - Address where to proxy requests +# --apache-proxy-configuration - Extra configuration for the proxy +# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost +# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost +# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# NGINX-specific flags: +# --nginx-additional-configuration - Additional server block configuration (no default) +# --nginx-external-configuration - Configuration external to server block (no default) +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_web_server_app_configuration_exists() { + local app="${1:?missing app}" + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --disable \ + | --disable-http \ + | --disable-https \ + ) + apache_args+=("$1") + nginx_args+=("$1") + ;; + --hosts \ + | --server-name \ + | --server-aliases \ + | --type \ + | --allow-remote-connections \ + | --http-port \ + | --https-port \ + | --document-root \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-additional-http-configuration \ + | --apache-additional-https-configuration \ + | --apache-before-vhost-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-proxy-address \ + | --apache-proxy-configuration \ + | --apache-proxy-http-configuration \ + | --apache-proxy-https-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "${2:?missing value}") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration \ + | --nginx-external-configuration) + nginx_args+=("${1//nginx-/}" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" + done +} + +######################## +# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Returns: +# true if the configuration was disabled, false otherwise +######################## +ensure_web_server_app_configuration_not_exists() { + local app="${1:?missing app}" + local -a web_servers + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" + done +} + +######################## +# Ensure the web server loads the configuration for an application in a URL prefix +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --document-root - Path to document root directory +# --prefix - URL prefix from where it will be accessible (i.e. /myapp) +# --type - Application type, which has an effect on what configuration template will be used +# Apache-specific flags: +# --apache-additional-configuration - Additional vhost configuration (no default) +# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') +# --apache-extra-directory-configuration - Extra configuration for the document root directory +# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup +# NGINX-specific flags: +# --nginx-additional-configuration - Additional server block configuration (no default) +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_web_server_prefix_configuration_exists() { + local app="${1:?missing app}" + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --allow-remote-connections \ + | --document-root \ + | --prefix \ + | --type \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "$2") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration) + nginx_args+=("${1//nginx-/}" "$2") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" + done +} + +######################## +# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) +# It serves as a wrapper for the specific web server function +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --enable-http - Enable HTTP app configuration (if not enabled already) +# --enable-https - Enable HTTPS app configuration (if not enabled already) +# --disable-http - Disable HTTP app configuration (if not disabled already) +# --disable-https - Disable HTTPS app configuration (if not disabled already) +# --http-port - HTTP port number +# --https-port - HTTPS port number +# Returns: +# true if the configuration was updated, false otherwise +######################## +web_server_update_app_configuration() { + local app="${1:?missing app}" + shift + local -a args web_servers + args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --enable-http \ + | --enable-https \ + | --disable-http \ + | --disable-https \ + ) + args+=("$1") + ;; + --hosts \ + | --server-name \ + | --server-aliases \ + | --http-port \ + | --https-port \ + ) + args+=("$1" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + read -r -a web_servers <<< "$(web_server_list)" + for web_server in "${web_servers[@]}"; do + web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" + done +} + +######################## +# Enable loading page, which shows users that the initialization process is not yet completed +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_enable_loading_page() { + ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ + --apache-additional-configuration " +# Show a HTTP 503 Service Unavailable page by default +RedirectMatch 503 ^/$ +# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes +ErrorDocument 404 /index.html +ErrorDocument 503 /index.html" \ + --nginx-additional-configuration " +# Show a HTTP 503 Service Unavailable page by default +location / { + return 503; +} +# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes +error_page 404 @installing; +error_page 503 @installing; +location @installing { + rewrite ^(.*)$ /index.html break; +}" + web_server_reload +} + +######################## +# Enable loading page, which shows users that the initialization process is not yet completed +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_disable_install_page() { + ensure_web_server_app_configuration_not_exists "__loading" + web_server_reload +} diff --git a/bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/install_packages b/bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/install_packages new file mode 100755 index 0000000000000..ccce248b2d141 --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/install_packages @@ -0,0 +1,27 @@ +#!/bin/sh +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +set -eu + +n=0 +max=2 +export DEBIAN_FRONTEND=noninteractive + +until [ $n -gt $max ]; do + set +e + ( + apt-get update -qq && + apt-get install -y --no-install-recommends "$@" + ) + CODE=$? + set -e + if [ $CODE -eq 0 ]; then + break + fi + if [ $n -eq $max ]; then + exit $CODE + fi + echo "apt failed, retrying" + n=$(($n + 1)) +done +apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives diff --git a/bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/run-script b/bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/run-script new file mode 100755 index 0000000000000..0e07c9038dfde --- /dev/null +++ b/bitnami/drupal/11/debian-12/prebuildfs/usr/sbin/run-script @@ -0,0 +1,24 @@ +#!/bin/sh +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +set -u + +if [ $# -eq 0 ]; then + >&2 echo "No arguments provided" + exit 1 +fi + +script=$1 +exit_code="${2:-96}" +fail_if_not_present="${3:-n}" + +if test -f "$script"; then + sh $script + + if [ $? -ne 0 ]; then + exit $((exit_code)) + fi +elif [ "$fail_if_not_present" = "y" ]; then + >&2 echo "script not found: $script" + exit 127 +fi diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf new file mode 100644 index 0000000000000..6016f8fbe5829 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/deflate.conf @@ -0,0 +1,5 @@ + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript + AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript + AddOutputFilterByType DEFLATE application/rss+xml + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf new file mode 100644 index 0000000000000..c0838da2a4e53 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf @@ -0,0 +1,7 @@ + + ServerName status.localhost + + Require local + SetHandler server-status + + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh new file mode 100644 index 0000000000000..b8762c6583591 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-env.sh @@ -0,0 +1,81 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for apache + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-apache}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +apache_env_vars=( + APACHE_HTTP_PORT_NUMBER + APACHE_HTTPS_PORT_NUMBER + APACHE_SERVER_TOKENS + APACHE_HTTP_PORT + APACHE_HTTPS_PORT +) +for env_var in "${apache_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset apache_env_vars +export WEB_SERVER_TYPE="apache" + +# Paths +export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache" +export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin" +export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf" +export APACHE_DEFAULT_CONF_DIR="${APACHE_BASE_DIR}/conf.default" +export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs" +export APACHE_TMP_DIR="${APACHE_BASE_DIR}/var/run" +export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs" +export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts" +export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess" +export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf" +export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid" +export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}" + +# System users (when running with a privileged user) +export APACHE_DAEMON_USER="daemon" +export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER" +export APACHE_DAEMON_GROUP="daemon" +export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP" +export WEB_SERVER_GROUP="$APACHE_DAEMON_GROUP" + +# Apache configuration +export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080" +export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER" # only used at build time +export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443" +export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER" # only used at build time +APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-"${APACHE_HTTP_PORT:-}"}" +export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}" +export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER" +APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-"${APACHE_HTTPS_PORT:-}"}" +export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}" +export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER" +export APACHE_SERVER_TOKENS="${APACHE_SERVER_TOKENS:-Prod}" + +# Custom environment variables may be defined below diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh new file mode 100755 index 0000000000000..f2303ab692fbf --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache-modphp/postunpack.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libversion.sh +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh +. /opt/bitnami/scripts/php-env.sh + +# Enable required Apache modules +apache_enable_module "mpm_prefork_module" +php_version="$("${PHP_BIN_DIR}/php" -v | grep ^PHP | cut -d' ' -f2))" +php_major_version="$(get_sematic_version "$php_version" 1)" +if [[ "$php_major_version" -eq "8" ]]; then + apache_enable_module "php_module" "modules/libphp.so" +else + apache_enable_module "php${php_major_version}_module" "modules/libphp${php_major_version}.so" +fi + +# Disable incompatible Apache modules +apache_disable_module "mpm_event_module" + +# Write Apache configuration +apache_php_conf_file="${APACHE_CONF_DIR}/bitnami/php.conf" +cat > "$apache_php_conf_file" < + {{server_name_configuration}} + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl new file mode 100644 index 0000000000000..589538513c9c9 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-https-vhost.conf.tpl @@ -0,0 +1,10 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl new file mode 100644 index 0000000000000..c895e537502a2 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-generic-prefix.conf.tpl @@ -0,0 +1 @@ +{{additional_configuration}} diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl new file mode 100644 index 0000000000000..96be8f8227715 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-http-vhost.conf.tpl @@ -0,0 +1,15 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + + {{additional_http_configuration}} + {{additional_configuration}} + {{htaccess_include}} + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl new file mode 100644 index 0000000000000..1ad938929726e --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-https-vhost.conf.tpl @@ -0,0 +1,18 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + + {{additional_https_configuration}} + {{additional_configuration}} + {{htaccess_include}} + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl new file mode 100644 index 0000000000000..fc0f6c2181961 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-prefix.conf.tpl @@ -0,0 +1,9 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{extra_directory_configuration}} + +{{additional_configuration}} +{{htaccess_include}} diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl new file mode 100644 index 0000000000000..9440b89d28bfa --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-http-vhost.conf.tpl @@ -0,0 +1,11 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + {{proxy_configuration}} + {{proxy_http_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl new file mode 100644 index 0000000000000..577cd461eb9dc --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-https-vhost.conf.tpl @@ -0,0 +1,14 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + {{proxy_configuration}} + {{proxy_https_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl new file mode 100644 index 0000000000000..7ac08b131680b --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-proxy-prefix.conf.tpl @@ -0,0 +1,11 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + {{proxy_configuration}} + ProxyPass / {{proxy_address}} + ProxyPassReverse / {{proxy_address}} + {{extra_directory_configuration}} + +{{additional_configuration}} diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl new file mode 100644 index 0000000000000..f518c7d42aab8 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl @@ -0,0 +1,16 @@ +{{http_listen_configuration}} +{{before_vhost_configuration}} +PassengerPreStart http://localhost:{{http_port}}/ + + {{server_name_configuration}} + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + + {{additional_http_configuration}} + {{additional_configuration}} + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl new file mode 100644 index 0000000000000..5aae54c37d3ba --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl @@ -0,0 +1,19 @@ +{{https_listen_configuration}} +{{before_vhost_configuration}} +PassengerPreStart https://localhost:{{https_port}}/ + + {{server_name_configuration}} + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + + {{additional_https_configuration}} + {{additional_configuration}} + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl new file mode 100644 index 0000000000000..2242d656b5a83 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl @@ -0,0 +1,9 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + +{{additional_configuration}} diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl new file mode 100644 index 0000000000000..f1d31ed3ecc35 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl @@ -0,0 +1,29 @@ +# Default SSL Virtual Host configuration. + + + LoadModule ssl_module modules/mod_ssl.so + + +Listen 443 +SSLProtocol all -SSLv2 -SSLv3 +SSLHonorCipherOrder on +SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4" +SSLPassPhraseDialog builtin +SSLSessionCache "shmcb:{{APACHE_LOGS_DIR}}/ssl_scache(512000)" +SSLSessionCacheTimeout 300 + + + DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + # Error Documents + ErrorDocument 503 /503.html + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl new file mode 100644 index 0000000000000..75a255c3efee8 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl @@ -0,0 +1,17 @@ +# Default Virtual Host configuration. + +# Let Apache know we're behind a SSL reverse proxy +SetEnvIf X-Forwarded-Proto https HTTPS=on + + + DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + # Error Documents + ErrorDocument 503 /503.html + + diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh new file mode 100755 index 0000000000000..f43c6c4fe59c6 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/entrypoint.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +#set -o xtrace + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +print_welcome_page + +# We add the copy from default config in the entrypoint to not break users +# bypassing the setup.sh logic. If the file already exists do not overwrite (in +# case someone mounts a configuration file in /opt/bitnami/apache/conf) +debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" +cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" + +if [[ "$*" == *"/opt/bitnami/scripts/apache/run.sh"* ]]; then + info "** Starting Apache setup **" + /opt/bitnami/scripts/apache/setup.sh + info "** Apache setup finished! **" +fi + +echo "" +exec "$@" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh new file mode 100755 index 0000000000000..eb8f766a37bf1 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/postunpack.sh @@ -0,0 +1,131 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh + +######################## +# Sets up the default Bitnami configuration +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_setup_bitnami_config() { + local template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates" + + # Enable Apache modules + local -a modules_to_enable=( + "deflate_module" + "negotiation_module" + "proxy[^\s]*_module" + "rewrite_module" + "slotmem_shm_module" + "socache_shmcb_module" + "ssl_module" + "status_module" + "version_module" + ) + for module in "${modules_to_enable[@]}"; do + apache_enable_module "$module" + done + + # Disable Apache modules + local -a modules_to_disable=( + "http2_module" + "proxy_hcheck_module" + "proxy_html_module" + "proxy_http2_module" + ) + for module in "${modules_to_disable[@]}"; do + apache_disable_module "$module" + done + + # Bitnami customizations + ensure_dir_exists "${APACHE_CONF_DIR}/bitnami" + render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + + # Add new configuration only once, to avoid a second postunpack run breaking Apache + local apache_conf_add + apache_conf_add="$(cat <>"$APACHE_CONF_FILE" < + RequestHeader unset Proxy + +EOF + fi +} + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +apache_setup_bitnami_config + +# Ensure non-root user has write permissions on a set of directories +for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR" "$APACHE_DEFAULT_CONF_DIR"; do + ensure_dir_exists "$dir" + chmod -R g+rwX "$dir" +done + +# Create 'apache2' symlink pointing to the 'apache' directory, for compatibility with Bitnami Docs guides +ln -sf apache "${BITNAMI_ROOT_DIR}/apache2" + +ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log" +ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log" + +# This file is necessary for avoiding the error +# "unable to write random state" +# Source: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean + +touch /.rnd && chmod g+rw /.rnd + +# Copy all initially generated configuration files to the default directory +# (this is to avoid breaking when entrypoint is being overridden) +cp -r "$APACHE_CONF_DIR"/* "$APACHE_DEFAULT_CONF_DIR" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh new file mode 100755 index 0000000000000..b5c43c48391c1 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/reload.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +info "** Reloading Apache configuration **" +exec "${APACHE_BIN_DIR}/apachectl" -k graceful diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh new file mode 100755 index 0000000000000..7735dea1e9626 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/restart.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +/opt/bitnami/scripts/apache/stop.sh +/opt/bitnami/scripts/apache/start.sh diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh new file mode 100755 index 0000000000000..23f1e3179c505 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/run.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +info "** Starting Apache **" +exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh new file mode 100755 index 0000000000000..c1f6b373c1cd6 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/setup.sh @@ -0,0 +1,98 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libapache.sh + +# Load Apache environment +. /opt/bitnami/scripts/apache-env.sh + +# Ensure Apache environment variables are valid +apache_validate + +# Ensure Apache daemon user exists when running as 'root' +am_i_root && ensure_user_exists "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" + +if ! is_dir_empty "$APACHE_DEFAULT_CONF_DIR"; then + # We add the copy from default config in the initialize function for web applications + # that make use of the Apache setup.sh script + debug "Copying files from $APACHE_DEFAULT_CONF_DIR to $APACHE_CONF_DIR" + cp -nr "$APACHE_DEFAULT_CONF_DIR"/. "$APACHE_CONF_DIR" +fi +# Generate SSL certs (without a passphrase) +ensure_dir_exists "${APACHE_CONF_DIR}/bitnami/certs" +if [[ ! -f "${APACHE_CONF_DIR}/bitnami/certs/server.crt" ]]; then + info "Generating sample certificates" + SSL_KEY_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.key" + SSL_CERT_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.crt" + SSL_CSR_FILE="${APACHE_CONF_DIR}/bitnami/certs/server.csr" + SSL_SUBJ="/CN=example.com" + SSL_EXT="subjectAltName=DNS:example.com,DNS:www.example.com,IP:127.0.0.1" + rm -f "$SSL_KEY_FILE" "$SSL_CERT_FILE" + openssl genrsa -out "$SSL_KEY_FILE" 4096 + # OpenSSL version 1.0.x does not use the same parameters as OpenSSL >= 1.1.x + if [[ "$(openssl version | grep -oE "[0-9]+\.[0-9]+")" == "1.0" ]]; then + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" + else + openssl req -new -sha256 -out "$SSL_CSR_FILE" -key "$SSL_KEY_FILE" -nodes -subj "$SSL_SUBJ" -addext "$SSL_EXT" + fi + openssl x509 -req -sha256 -in "$SSL_CSR_FILE" -signkey "$SSL_KEY_FILE" -out "$SSL_CERT_FILE" -days 1825 -extfile <(echo -n "$SSL_EXT") + rm -f "$SSL_CSR_FILE" +fi +# Load SSL configuration +if [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]] && [[ -f "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then + ensure_apache_configuration_exists "Include \"${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf\"" "bitnami-ssl\.conf" "${APACHE_CONF_DIR}/bitnami/bitnami.conf" +fi + +# Copy vhosts files +if ! is_dir_empty "/vhosts"; then + info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'" + cp -Lr "/vhosts/." "${APACHE_VHOSTS_DIR}" +fi + +# Mount certificate files +if ! is_dir_empty "${APACHE_BASE_DIR}/certs"; then + warn "The directory '${APACHE_BASE_DIR}/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#using-custom-ssl-certificates" + warn "Restoring certificates at '${APACHE_BASE_DIR}/certs' to '${APACHE_CONF_DIR}/bitnami/certs'" + rm -rf "${APACHE_CONF_DIR}/bitnami/certs" + ln -sf "${APACHE_BASE_DIR}/certs" "${APACHE_CONF_DIR}/bitnami/certs" +elif ! is_dir_empty "/certs"; then + info "Mounting certificates files from '/certs'" + rm -rf "${APACHE_CONF_DIR}/bitnami/certs" + ln -sf "/certs" "${APACHE_CONF_DIR}/bitnami/certs" +fi + +# Mount application files +if ! is_dir_empty "/app"; then + info "Mounting application files from '/app'" + rm -rf "$APACHE_HTDOCS_DIR" + ln -sf "/app" "$APACHE_HTDOCS_DIR" +fi + +# Restore persisted configuration files (deprecated) +if ! is_dir_empty "/bitnami/apache/conf"; then + warn "The directory '/bitnami/apache/conf' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '${APACHE_CONF_DIR}' instead. Find an example at: https://github.com/bitnami/containers/tree/main/bitnami/apache#full-configuration" + warn "Restoring configuration at '/bitnami/apache/conf' to '${APACHE_CONF_DIR}'" + rm -rf "$APACHE_CONF_DIR" + ln -sf "/bitnami/apache/conf" "$APACHE_CONF_DIR" +fi + +# Update ports in configuration +[[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && info "Configuring the HTTP port" && apache_configure_http_port "$APACHE_HTTP_PORT_NUMBER" +[[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && info "Configuring the HTTPS port" && apache_configure_https_port "$APACHE_HTTPS_PORT_NUMBER" + +# Configure ServerTokens with user values +[[ -n "$APACHE_SERVER_TOKENS" ]] && info "Configuring Apache ServerTokens directive" && apache_configure_server_tokens "$APACHE_SERVER_TOKENS" + +# Fix logging issue when running as root +! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh new file mode 100755 index 0000000000000..b47c8aacba892 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/start.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +error_code=0 + +if is_apache_not_running; then + "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" + if ! retry_while "is_apache_running"; then + error "apache did not start" + error_code=1 + else + info "apache started" + fi +else + info "apache is already running" +fi + +exit "$error_code" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh new file mode 100755 index 0000000000000..db8c132c0e826 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/status.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +if is_apache_running; then + info "apache is already running" +else + info "apache is not running" +fi diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh new file mode 100755 index 0000000000000..adc6613b0a9e1 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/apache/stop.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libapache.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load Apache environment variables +. /opt/bitnami/scripts/apache-env.sh + +error_code=0 + +if is_apache_running; then + BITNAMI_QUIET=1 apache_stop + if ! retry_while "is_apache_not_running"; then + error "apache could not be stopped" + error_code=1 + else + info "apache stopped" + fi +else + info "apache is not running" +fi + +exit "$error_code" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal-env.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal-env.sh new file mode 100644 index 0000000000000..92e7e7d46d39e --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal-env.sh @@ -0,0 +1,120 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Environment configuration for drupal + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-drupal}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# By setting an environment variable matching *_FILE to a file path, the prefixed environment +# variable will be overridden with the value specified in that file +drupal_env_vars=( + DRUPAL_DATA_TO_PERSIST + DRUPAL_PROFILE + DRUPAL_SITE_NAME + DRUPAL_SKIP_BOOTSTRAP + DRUPAL_ENABLE_MODULES + DRUPAL_CONFIG_SYNC_DIR + DRUPAL_HASH_SALT + DRUPAL_USERNAME + DRUPAL_PASSWORD + DRUPAL_EMAIL + DRUPAL_SMTP_HOST + DRUPAL_SMTP_PORT_NUMBER + DRUPAL_SMTP_USER + DRUPAL_SMTP_PASSWORD + DRUPAL_SMTP_PROTOCOL + DRUPAL_DATABASE_HOST + DRUPAL_DATABASE_PORT_NUMBER + DRUPAL_DATABASE_NAME + DRUPAL_DATABASE_USER + DRUPAL_DATABASE_PASSWORD + DRUPAL_DATABASE_TLS_CA_FILE + SMTP_HOST + SMTP_PORT + DRUPAL_SMTP_PORT + SMTP_USER + SMTP_PASSWORD + SMTP_PROTOCOL + MARIADB_HOST + MARIADB_PORT_NUMBER +) +for env_var in "${drupal_env_vars[@]}"; do + file_env_var="${env_var}_FILE" + if [[ -n "${!file_env_var:-}" ]]; then + if [[ -r "${!file_env_var:-}" ]]; then + export "${env_var}=$(< "${!file_env_var}")" + unset "${file_env_var}" + else + warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." + fi + fi +done +unset drupal_env_vars + +# Paths +export DRUPAL_BASE_DIR="${BITNAMI_ROOT_DIR}/drupal" +export DRUPAL_CONF_FILE="${DRUPAL_BASE_DIR}/sites/default/settings.php" +export DRUPAL_MODULES_DIR="${DRUPAL_BASE_DIR}/modules" + +# Drupal persistence configuration +export DRUPAL_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/drupal" +export DRUPAL_MOUNTED_CONF_FILE="${DRUPAL_VOLUME_DIR}/settings.php" +export DRUPAL_DATA_TO_PERSIST="${DRUPAL_DATA_TO_PERSIST:-sites/ themes/ modules/ profiles/}" + +# Drupal configuration +export DRUPAL_PROFILE="${DRUPAL_PROFILE:-standard}" # only used during the first initialization +export DRUPAL_SITE_NAME="${DRUPAL_SITE_NAME:-My blog}" # only used during the first initialization +export DRUPAL_SKIP_BOOTSTRAP="${DRUPAL_SKIP_BOOTSTRAP:-}" # only used during the first initialization +export DRUPAL_ENABLE_MODULES="${DRUPAL_ENABLE_MODULES:-}" # only used during the first initialization +export DRUPAL_CONFIG_SYNC_DIR="${DRUPAL_CONFIG_SYNC_DIR:-}" # only used during the first initialization +export DRUPAL_HASH_SALT="${DRUPAL_HASH_SALT:-}" # only used during the first initialization + +# Drupal credentials +export DRUPAL_USERNAME="${DRUPAL_USERNAME:-user}" # only used during the first initialization +export DRUPAL_PASSWORD="${DRUPAL_PASSWORD:-bitnami}" # only used during the first initialization +export DRUPAL_EMAIL="${DRUPAL_EMAIL:-user@example.com}" # only used during the first initialization + +# Drupal SMTP credentials +DRUPAL_SMTP_HOST="${DRUPAL_SMTP_HOST:-"${SMTP_HOST:-}"}" +export DRUPAL_SMTP_HOST="${DRUPAL_SMTP_HOST:-}" # only used during the first initialization +DRUPAL_SMTP_PORT_NUMBER="${DRUPAL_SMTP_PORT_NUMBER:-"${SMTP_PORT:-}"}" +DRUPAL_SMTP_PORT_NUMBER="${DRUPAL_SMTP_PORT_NUMBER:-"${DRUPAL_SMTP_PORT:-}"}" +export DRUPAL_SMTP_PORT_NUMBER="${DRUPAL_SMTP_PORT_NUMBER:-25}" # only used during the first initialization +DRUPAL_SMTP_USER="${DRUPAL_SMTP_USER:-"${SMTP_USER:-}"}" +export DRUPAL_SMTP_USER="${DRUPAL_SMTP_USER:-}" # only used during the first initialization +DRUPAL_SMTP_PASSWORD="${DRUPAL_SMTP_PASSWORD:-"${SMTP_PASSWORD:-}"}" +export DRUPAL_SMTP_PASSWORD="${DRUPAL_SMTP_PASSWORD:-}" # only used during the first initialization +DRUPAL_SMTP_PROTOCOL="${DRUPAL_SMTP_PROTOCOL:-"${SMTP_PROTOCOL:-}"}" +export DRUPAL_SMTP_PROTOCOL="${DRUPAL_SMTP_PROTOCOL:-standard}" # only used during the first initialization + +# Database configuration +export DRUPAL_DEFAULT_DATABASE_HOST="mariadb" # only used at build time +DRUPAL_DATABASE_HOST="${DRUPAL_DATABASE_HOST:-"${MARIADB_HOST:-}"}" +export DRUPAL_DATABASE_HOST="${DRUPAL_DATABASE_HOST:-$DRUPAL_DEFAULT_DATABASE_HOST}" # only used during the first initialization +DRUPAL_DATABASE_PORT_NUMBER="${DRUPAL_DATABASE_PORT_NUMBER:-"${MARIADB_PORT_NUMBER:-}"}" +export DRUPAL_DATABASE_PORT_NUMBER="${DRUPAL_DATABASE_PORT_NUMBER:-3306}" # only used during the first initialization +export DRUPAL_DATABASE_NAME="${DRUPAL_DATABASE_NAME:-bitnami_drupal}" # only used during the first initialization +export DRUPAL_DATABASE_USER="${DRUPAL_DATABASE_USER:-bn_drupal}" # only used during the first initialization +export DRUPAL_DATABASE_PASSWORD="${DRUPAL_DATABASE_PASSWORD:-}" # only used during the first initialization +export DRUPAL_DATABASE_TLS_CA_FILE="${DRUPAL_DATABASE_TLS_CA_FILE:-}" # only used during the first initialization + +# PHP configuration +export PHP_DEFAULT_MEMORY_LIMIT="256M" # only used at build time + +# Custom environment variables may be defined below diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/entrypoint.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/entrypoint.sh new file mode 100755 index 0000000000000..07b42659f520b --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/entrypoint.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load Drupal environment +. /opt/bitnami/scripts/drupal-env.sh + +# Load libraries +. /opt/bitnami/scripts/libbitnami.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libwebserver.sh + +print_welcome_page + +if [[ "$1" = "/opt/bitnami/scripts/$(web_server_type)/run.sh" ]]; then + info "** Starting Drupal setup **" + /opt/bitnami/scripts/"$(web_server_type)"/setup.sh + /opt/bitnami/scripts/php/setup.sh + /opt/bitnami/scripts/mysql-client/setup.sh + /opt/bitnami/scripts/drupal/setup.sh + /post-init.sh + info "** Drupal setup finished! **" +fi + +echo "" +exec "$@" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh new file mode 100755 index 0000000000000..b206999f26a94 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/postunpack.sh @@ -0,0 +1,68 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load Drupal environment +. /opt/bitnami/scripts/drupal-env.sh + +# Load PHP environment for 'php_conf_set' (after 'drupal-env.sh' so that MODULE is not set to a wrong value) +. /opt/bitnami/scripts/php-env.sh + +# Load libraries +. /opt/bitnami/scripts/libdrupal.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Load web server environment and functions (after Drupal environment file so MODULE is not set to a wrong value) +. "/opt/bitnami/scripts/$(web_server_type)-env.sh" + +# Enable Drupal configuration file +[[ ! -f "$DRUPAL_CONF_FILE" ]] && cp "${DRUPAL_BASE_DIR}/sites/default/default.settings.php" "$DRUPAL_CONF_FILE" + +# Create .htaccess file to avoid warning in Drupal administration panel +drupal_fix_htaccess_warning_protection + +# Ensure the Drupal base directory exists and has proper permissions +info "Configuring file permissions for Drupal" +for dir in "$DRUPAL_BASE_DIR" "${DRUPAL_BASE_DIR}/sites/default/files" "$DRUPAL_VOLUME_DIR" "${HOME}/.drush"; do + ensure_dir_exists "$dir" + configure_permissions_ownership "$dir" -d "775" -f "664" +done +for dir in "${DRUPAL_BASE_DIR}/themes" "${DRUPAL_BASE_DIR}/modules" "${DRUPAL_BASE_DIR}/sites/default/files"; do + ensure_dir_exists "$dir" + configure_permissions_ownership "$dir" -u "$WEB_SERVER_DAEMON_USER" -g "root" +done +chown "$WEB_SERVER_DAEMON_USER" "${DRUPAL_BASE_DIR}/sites/default" +chown "$WEB_SERVER_DAEMON_USER" "$DRUPAL_CONF_FILE" +for script in "${DRUPAL_BASE_DIR}/vendor/bin/drush" "${DRUPAL_BASE_DIR}/vendor/drush/drush/drush" "${DRUPAL_BASE_DIR}/vendor/drush/drush/drush.launcher" "${DRUPAL_BASE_DIR}/vendor/bin/drush.launcher"; do + [[ -f "$script" ]] && chmod +x "$script" +done + +# Configure Drupal based on build-time defaults +drupal_conf_set "\$settings['trusted_host_patterns']" "array('^.*$')" yes + +# Configure required PHP options for application to work properly, based on build-time defaults +info "Configuring default PHP options for Drupal" +php_conf_set memory_limit "$PHP_DEFAULT_MEMORY_LIMIT" + +# Enable default web server configuration for Drupal +info "Creating default web server configuration for Drupal" +web_server_validate +ensure_web_server_app_configuration_exists "drupal" --type php + +# Re-create .htaccess file after being moved into 'apache/conf/vhosts/htaccess' directory, to avoid Drupal warning +drupal_fix_htaccess_warning_protection + +# Copy all initially generated configuration files to the default directory +# (this is to avoid breaking when entrypoint is being overridden) +cp -r "/opt/bitnami/$(web_server_type)/conf"/* "/opt/bitnami/$(web_server_type)/conf.default" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/setup.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/setup.sh new file mode 100755 index 0000000000000..acab8a61a0fcd --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/drupal/setup.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load Drupal environment +. /opt/bitnami/scripts/drupal-env.sh + +# Load MySQL Client environment for 'mysql_remote_execute' (after 'drupal-env.sh' so that MODULE is not set to a wrong value) +if [[ -f /opt/bitnami/scripts/mysql-client-env.sh ]]; then + . /opt/bitnami/scripts/mysql-client-env.sh +elif [[ -f /opt/bitnami/scripts/mysql-env.sh ]]; then + . /opt/bitnami/scripts/mysql-env.sh +elif [[ -f /opt/bitnami/scripts/mariadb-env.sh ]]; then + . /opt/bitnami/scripts/mariadb-env.sh +fi + +# Load libraries +. /opt/bitnami/scripts/libdrupal.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Load web server environment and functions (after Drupal environment file so MODULE is not set to a wrong value) +. "/opt/bitnami/scripts/$(web_server_type)-env.sh" + +# Ensure Drupal environment variables are valid +drupal_validate + +# Update web server configuration with runtime environment (needs to happen before the initialization) +web_server_update_app_configuration "drupal" + +# Ensure Drupal is initialized +drupal_initialize diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libapache.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libapache.sh new file mode 100644 index 0000000000000..d6eb686df3f6f --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libapache.sh @@ -0,0 +1,808 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami Apache library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libservice.sh + +######################## +# Validate settings in APACHE_* env vars +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_validate() { + debug "Validating settings in APACHE_* environment variables" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + check_allowed_port() { + local port_var="${1:?missing port variable}" + local -a validate_port_args=() + ! am_i_root && validate_port_args+=("-unprivileged") + validate_port_args+=("${!port_var}") + if ! err=$(validate_port "${validate_port_args[@]}"); then + print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." + fi + } + + [[ -w "$APACHE_CONF_FILE" ]] || warn "The Apache configuration file '${APACHE_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied." + + if [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]]; then + if [[ "$APACHE_HTTP_PORT_NUMBER" -eq "$APACHE_HTTPS_PORT_NUMBER" ]]; then + print_validation_error "APACHE_HTTP_PORT_NUMBER and APACHE_HTTPS_PORT_NUMBER are bound to the same port!" + fi + fi + + [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTP_PORT_NUMBER + [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTPS_PORT_NUMBER + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Configure Apache's HTTP port +# Globals: +# APACHE_CONF_FILE, APACHE_CONF_DIR +# Arguments: +# None +# Returns: +# None +######################### +apache_configure_http_port() { + local -r port=${1:?missing port} + local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" + local -r server_name_exp="s|^\s*#?\s*ServerName\s+([^:\s]+)(:[0-9]+)?$|ServerName \1:${port}|" + local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_FILE}" + apache_configuration="$(sed -E -e "$listen_exp" -e "$server_name_exp" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi + + if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami.conf" + apache_configuration="$(sed -E "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami.conf")" + echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + fi + + if [[ -w "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_VHOSTS_DIR}/00_status-vhost.conf" + apache_configuration="$(sed -E "$vhost_exp" "${APACHE_VHOSTS_DIR}/00_status-vhost.conf")" + echo "$apache_configuration" > "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" + fi +} + +######################## +# Configure Apache's HTTPS port +# Globals: +# APACHE_CONF_DIR +# Arguments: +# None +# Returns: +# None +######################### +apache_configure_https_port() { + local -r port=${1:?missing port} + local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" + local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" + local apache_configuration + + if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + apache_configuration="$(sed -E -e "$listen_exp" -e "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf")" + echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + fi +} + +######################## +# Configure Apache's ServerTokens directive +# Globals: +# APACHE_CONF_DIR +# Arguments: +# $1 - Value for ServerTokens directive +# Returns: +# None +######################### +apache_configure_server_tokens() { + local -r value=${1:?missing value} + local -r server_tokens_exp="s|^\s*ServerTokens\s+\w+\s*$|ServerTokens ${value}|" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Configuring ServerTokens ${value} on file ${APACHE_CONF_FILE}" + apache_configuration="$(sed -E -e "$server_tokens_exp" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi +} + +######################## +# Enable a module in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Module to enable +# $2 - Path to module .so file (optional if already defined in httpd.conf) +# Returns: +# None +######################### +apache_enable_module() { + local -r name="${1:?missing name}" + local -r file="${2:-}" + local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Enabling module '${name}'" + if grep -q -E "$regex" "$APACHE_CONF_FILE"; then + # Uncomment line if the module was already defined + replace_in_file "$APACHE_CONF_FILE" "$regex" "\1" + elif [[ -n "$file" ]]; then + # Add right after the last LoadModule, so all Apache modules are organized in the same section of the file + append_file_after_last_match "$APACHE_CONF_FILE" "^[#\s]*LoadModule" "LoadModule ${name} ${file}" + else + error "Module ${name} was not defined in ${APACHE_CONF_FILE}. Please specify the 'file' parameter for 'apache_enable_module'." + fi + fi +} + +######################## +# Disable a module in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Module to disable +# Returns: +# None +######################### +apache_disable_module() { + local -r name="${1:?missing name}" + local -r file="${2:-}" + local -r regex="[#\s]*(LoadModule\s+${name}\s+.*)$" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Disabling module '${name}'" + replace_in_file "$APACHE_CONF_FILE" "$regex" "#\1" + fi +} + +######################## +# Stop Apache +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_stop() { + is_apache_not_running && return + stop_service_using_pid "$APACHE_PID_FILE" +} + +######################## +# Check if Apache is running +# Globals: +# APACHE_PID_FILE +# Arguments: +# None +# Returns: +# Whether Apache is running +######################## +is_apache_running() { + local pid + pid="$(get_pid_from_file "$APACHE_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if Apache is running +# Globals: +# APACHE_PID_FILE +# Arguments: +# None +# Returns: +# Whether Apache is not running +######################## +is_apache_not_running() { + ! is_apache_running +} + +######################## +# Ensure configuration gets added to the main Apache configuration file +# Globals: +# APACHE_* +# Arguments: +# $1 - configuration string +# $2 - pattern to use for checking if the configuration already exists (default: $1) +# $3 - Apache configuration file (default: $APACHE_CONF_FILE) +# Returns: +# None +######################## +ensure_apache_configuration_exists() { + local -r conf="${1:?conf missing}" + local -r pattern="${2:-"$conf"}" + local -r conf_file="${3:-"$APACHE_CONF_FILE"}" + # Enable configuration by appending to httpd.conf + if ! grep -E -q "$pattern" "$conf_file"; then + if is_file_writable "$conf_file"; then + cat >> "$conf_file" <<< "$conf" + else + error "Could not add the following configuration to '${conf_file}:" + error "" + error "$(indent "$conf" 4)" + error "" + error "Include the configuration manually and try again." + return 1 + fi + fi +} + +######################## +# Collect all the .htaccess files from /opt/bitnami/$name and write the result in the 'htaccess' directory +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# $2 - Overwrite the original .htaccess with the explanation text (defaults to 'yes') +# Flags: +# --document-root - Path to document root directory +# Returns: +# None +######################## +apache_replace_htaccess_files() { + local -r app="${1:?missing app}" + local -r result_file="${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" + # Default options + local document_root="${BITNAMI_ROOT_DIR}/${app}" + local overwrite="yes" + local -a htaccess_files + local htaccess_dir + local htaccess_contents + # Validate arguments + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --document-root) + shift + document_root="$1" + ;; + --overwrite) + shift + overwrite="$1" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + if is_file_writable "$result_file"; then + # Locate all .htaccess files inside the document root + read -r -a htaccess_files <<< "$(find "$document_root" -name .htaccess -print0 | xargs -0)" + [[ "${#htaccess_files[@]}" = 0 ]] && return + # Create file with root group write privileges, so it can be modified in non-root containers + [[ ! -f "$result_file" ]] && touch "$result_file" && chmod g+rw "$result_file" + for htaccess_file in "${htaccess_files[@]}"; do + htaccess_dir="$(dirname "$htaccess_file")" + htaccess_contents="$(indent "$(< "$htaccess_file")" 2)" + # Skip if it was already included to the resulting htaccess file + if grep -q "^" <<< "$htaccess_contents"; then + continue + fi + # Add to the htaccess file + cat >> "$result_file" < +${htaccess_contents} + +EOF + # Overwrite the original .htaccess with the explanation text + if is_boolean_yes "$overwrite"; then + echo "# This configuration has been moved to the ${result_file} config file for performance and security reasons" > "$htaccess_file" + fi + done + elif [[ ! -f "$result_file" ]]; then + error "Could not create htaccess for ${app} at '${result_file}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} htaccess file '${result_file}' is not writable. Configurations based on environment variables will not be applied for this file." + return + fi +} + +######################## +# Ensure an Apache application configuration exists (in virtual host format) +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases (defaults to '*') +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --disable - Whether to render the app's virtual hosts with a .disabled prefix +# --disable-http - Whether to render the app's HTTP virtual host with a .disabled prefix +# --disable-https - Whether to render the app's HTTPS virtual host with a .disabled prefix +# --http-port - HTTP port number +# --https-port - HTTPS port number +# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# --additional-configuration - Additional vhost configuration (no default) +# --additional-http-configuration - Additional HTTP vhost configuration (no default) +# --additional-https-configuration - Additional HTTPS vhost configuration (no default) +# --before-vhost-configuration - Configuration to add before the directive (no default) +# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --document-root - Path to document root directory +# --extra-directory-configuration - Extra configuration for the document root directory +# --proxy-address - Address where to proxy requests +# --proxy-configuration - Extra configuration for the proxy +# --proxy-http-configuration - Extra configuration for the proxy HTTP vhost +# --proxy-https-configuration - Extra configuration for the proxy HTTPS vhost +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_apache_app_configuration_exists() { + local -r app="${1:?missing app}" + # Default options + local type="" + local -a hosts=("127.0.0.1" "_default_") + local server_name="www.example.com" # Default ServerName in httpd.conf + local -a server_aliases=("*") + local allow_remote_connections="yes" + local disable="no" + local disable_http="no" + local disable_https="no" + local move_htaccess="yes" + # Template variables defaults + export additional_configuration="" + export additional_http_configuration="" + export additional_https_configuration="" + export before_vhost_configuration="" + export allow_override="All" + export document_root="${BITNAMI_ROOT_DIR}/${app}" + export extra_directory_configuration="" + export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" + export http_port="$default_http_port" + export https_port="$default_https_port" + export proxy_address="" + export proxy_configuration="" + export proxy_http_configuration="" + export proxy_https_configuration="" + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --hosts \ + | --server-aliases) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + read -r -a "${var_name?}" <<< "$1" + ;; + --disable \ + | --disable-http \ + | --disable-https \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + export "${var_name}=yes" + ;; + --type \ + | --server-name \ + | --allow-remote-connections \ + | --http-port \ + | --https-port \ + | --move-htaccess \ + | --additional-configuration \ + | --additional-http-configuration \ + | --additional-https-configuration \ + | --before-vhost-configuration \ + | --allow-override \ + | --document-root \ + | --extra-directory-configuration \ + | --proxy-address \ + | --proxy-configuration \ + | --proxy-http-configuration \ + | --proxy-https-configuration \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + export "${var_name}=${1}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Construct listen ports configuration (only to add when using non-standard ports) + export http_listen_configuration="" + export https_listen_configuration="" + [[ "$http_port" != "$default_http_port" ]] && http_listen_configuration="Listen ${http_port}" + [[ "$https_port" != "$default_https_port" ]] && https_listen_configuration="Listen ${https_port}" + # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" + export http_listen_addresses="" + export https_listen_addresses="" + for host in "${hosts[@]}"; do + http_listen="${host}:${http_port}" + https_listen="${host}:${https_port}" + [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" + [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" + done + # Construct ServerName/ServerAlias block + export server_name_configuration="" + if ! is_empty_value "${server_name:-}"; then + server_name_configuration="ServerName ${server_name}" + fi + if [[ "${#server_aliases[@]}" -gt 0 ]]; then + server_name_configuration+=$'\n'"ServerAlias ${server_aliases[*]}" + fi + # App .htaccess support (only when type is not defined) + export htaccess_include + [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" + if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then + allow_override="None" + htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" + else + # allow_override is already set to the expected value + htaccess_include="" + fi + # ACL configuration + export acl_configuration + if is_boolean_yes "$allow_remote_connections"; then + acl_configuration="Require all granted" + else + acl_configuration="$(cat < "$http_vhost" + elif [[ ! -f "$http_vhost" ]]; then + error "Could not create virtual host for ${app} at '${http_vhost}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + if is_file_writable "$https_vhost"; then + # Create file with root group write privileges, so it can be modified in non-root containers + [[ ! -f "$https_vhost" ]] && touch "$https_vhost" && chmod g+rw "$https_vhost" + render-template "${template_dir}/${template_name}-https-vhost.conf.tpl" | sed '/^\s*$/d' > "$https_vhost" + elif [[ ! -f "$https_vhost" ]]; then + error "Could not create virtual host for ${app} at '${https_vhost}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi +} + +######################## +# Ensure an Apache application configuration does not exist anymore (in virtual hosts format) +# Globals: +# * +# Arguments: +# $1 - App name +# Returns: +# true if the configuration was disabled, false otherwise +######################## +ensure_apache_app_configuration_not_exists() { + local -r app="${1:?missing app}" + local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" + local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" + local -r disable_suffix=".disabled" + # Note that 'rm -f' will not fail if the files don't exist + # However if we lack permissions to remove the file, it will result in a non-zero exit code, as expected by this function + rm -f "$http_vhost" "$https_vhost" "${http_vhost}${disable_suffix}" "${https_vhost}${disable_suffix}" +} + +######################## +# Ensure Apache loads the configuration for an application in a URL prefix +# Globals: +# APACHE_* +# Arguments: +# $1 - App name +# Flags: +# --type - Application type, which has an effect on what configuration template will be used, allowed values: php, (empty) +# --allow-remote-connections - Whether to allow remote connections or to require local connections +# --move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) +# --prefix - URL prefix from where it will be accessible (i.e. /myapp) +# --additional-configuration - Additional vhost configuration (no default) +# --allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) +# --document-root - Path to document root directory +# --extra-directory-configuration - Extra configuration for the document root directory +# Returns: +# true if the configuration was enabled, false otherwise +######################## +ensure_apache_prefix_configuration_exists() { + local -r app="${1:?missing app}" + # Default options + local type="" + local allow_remote_connections="yes" + local move_htaccess="yes" + local prefix="/${app}" + # Template variables defaults + export additional_configuration="" + export allow_override="All" + export document_root="${BITNAMI_ROOT_DIR}/${app}" + export extra_directory_configuration="" + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --type \ + | --allow-remote-connections \ + | --move-htaccess \ + | --prefix \ + | --additional-configuration \ + | --allow-override \ + | --document-root \ + | --extra-directory-configuration \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "${var_name}=${1}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # App .htaccess support (only when type is not defined) + export htaccess_include + [[ -z "$type" || "$type" = "php" ]] && is_boolean_yes "$move_htaccess" && apache_replace_htaccess_files "$app" --document-root "$document_root" + if [[ -z "$type" || "$type" = "php" ]] && [[ -f "${APACHE_HTACCESS_DIR}/${app}-htaccess.conf" ]]; then + allow_override="None" + htaccess_include="Include \"${APACHE_HTACCESS_DIR}/${app}-htaccess.conf\"" + else + # allow_override is already set to the expected value + htaccess_include="" + fi + # ACL configuration + export acl_configuration + if is_boolean_yes "$allow_remote_connections"; then + acl_configuration="Require all granted" + else + acl_configuration="$(cat < "$prefix_file" + ensure_apache_configuration_exists "Include \"$prefix_file\"" + elif [[ ! -f "$prefix_file" ]]; then + error "Could not create web server configuration file for ${app} at '${prefix_file}'. Check permissions and ownership for parent directories." + return 1 + else + warn "The ${app} web server configuration file '${prefix_file}' is not writable. Configurations based on environment variables will not be applied for this file." + fi +} + +######################## +# Ensure Apache application configuration is updated with the runtime configuration (i.e. ports) +# Globals: +# * +# Arguments: +# $1 - App name +# Flags: +# --hosts - Host listen addresses +# --server-name - Server name +# --server-aliases - Server aliases +# --enable-http - Enable HTTP app configuration (if not enabled already) +# --enable-https - Enable HTTPS app configuration (if not enabled already) +# --disable-http - Disable HTTP app configuration (if not disabled already) +# --disable-https - Disable HTTPS app configuration (if not disabled already) +# --http-port - HTTP port number +# --https-port - HTTPS port number +# Returns: +# true if the configuration was updated, false otherwise +######################## +apache_update_app_configuration() { + local -r app="${1:?missing app}" + # Default options + local -a hosts=("127.0.0.1" "_default_") + local server_name="www.example.com" # Default ServerName in httpd.conf + local -a server_aliases=() + local enable_http="no" + local enable_https="no" + local disable_http="no" + local disable_https="no" + export default_http_port="${APACHE_HTTP_PORT_NUMBER:-"$APACHE_DEFAULT_HTTP_PORT_NUMBER"}" + export default_https_port="${APACHE_HTTPS_PORT_NUMBER:-"$APACHE_DEFAULT_HTTPS_PORT_NUMBER"}" + export http_port="$default_http_port" + export https_port="$default_https_port" + local var_name + # Validate arguments + local var_name + shift + while [[ "$#" -gt 0 ]]; do + case "$1" in + --hosts \ + | --server-aliases) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + read -r -a "${var_name?}" <<< "$1" + ;; + # Common flags + --enable-http \ + | --enable-https \ + | --disable-http \ + | --disable-https \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + declare "${var_name}=yes" + ;; + --server-name \ + | --http-port \ + | --https-port \ + ) + var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")" + shift + declare "${var_name}=${1}" + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + # Construct host string in the format of "host1:port1[ host2:port2[ ...]]" + export http_listen_addresses="" + export https_listen_addresses="" + for host in "${hosts[@]}"; do + http_listen="${host}:${http_port}" + https_listen="${host}:${https_port}" + [[ -z "${http_listen_addresses:-}" ]] && http_listen_addresses="$http_listen" || http_listen_addresses="${http_listen_addresses} ${http_listen}" + [[ -z "${https_listen_addresses:-}" ]] && https_listen_addresses="$https_listen" || https_listen_addresses="${https_listen_addresses} ${https_listen}" + done + # Update configuration + local -r http_vhost="${APACHE_VHOSTS_DIR}/${app}-vhost.conf" + local -r https_vhost="${APACHE_VHOSTS_DIR}/${app}-https-vhost.conf" + local -r disable_suffix=".disabled" + # Helper function to avoid duplicating code + update_common_vhost_config() { + local -r vhost_file="${1:?missing virtual host}" + # Update ServerName + if ! is_empty_value "${server_name:-}"; then + replace_in_file "$vhost_file" "^(\s*ServerName\s+).*" "\1${server_name}" + fi + # Update ServerAlias + if [[ "${#server_aliases[@]}" -gt 0 ]]; then + replace_in_file "$vhost_file" "^(\s*ServerAlias\s+).*" "\1${server_aliases[*]}" + fi + } + # Disable and enable configuration files + rename_conf_file() { + local -r origin="$1" + local -r destination="$2" + if is_file_writable "$origin" && is_file_writable "$destination"; then + warn "Could not rename virtual host file '${origin}' to '${destination}' due to lack of permissions." + else + mv "$origin" "$destination" + fi + } + is_boolean_yes "$disable_http" && [[ -e "$http_vhost" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" + is_boolean_yes "$disable_https" && [[ -e "$https_vhost" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" + is_boolean_yes "$enable_http" && [[ -e "${http_vhost}${disable_suffix}" ]] && rename_conf_file "${http_vhost}${disable_suffix}" "$http_vhost" + is_boolean_yes "$enable_https" && [[ -e "${https_vhost}${disable_suffix}" ]] && rename_conf_file "${https_vhost}${disable_suffix}" "$https_vhost" + # Update only configuration files without the '.disabled' suffix + if [[ -e "$http_vhost" ]]; then + if is_file_writable "$http_vhost"; then + update_common_vhost_config "$http_vhost" + # Update vhost-specific config (listen port and addresses) + replace_in_file "$http_vhost" "^Listen .*" "Listen ${http_port}" + replace_in_file "$http_vhost" "^$" "" + else + warn "The ${app} virtual host file '${http_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + fi + if [[ -e "$https_vhost" ]]; then + if is_file_writable "$https_vhost"; then + update_common_vhost_config "$https_vhost" + # Update vhost-specific config (listen port and addresses) + replace_in_file "$https_vhost" "^Listen .*" "Listen ${https_port}" + replace_in_file "$https_vhost" "^$" "" + else + warn "The ${app} virtual host file '${https_vhost}' is not writable. Configurations based on environment variables will not be applied for this file." + fi + fi +} + +######################## +# Create a password file for basic authentication and restrict its permissions +# Globals: +# * +# Arguments: +# $1 - file +# $2 - username +# $3 - password +# Returns: +# true if the configuration was updated, false otherwise +######################## +apache_create_password_file() { + local -r file="${1:?missing file}" + local -r username="${2:?missing username}" + local -r password="${3:?missing password}" + + "${APACHE_BIN_DIR}/htpasswd" -bc "$file" "$username" "$password" + am_i_root && configure_permissions_ownership "$file" --file-mode "600" --user "$APACHE_DAEMON_USER" --group "$APACHE_DAEMON_GROUP" +} diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh new file mode 100644 index 0000000000000..9ea5e08ec7ceb --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libdrupal.sh @@ -0,0 +1,548 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami Drupal library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libnet.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh +. /opt/bitnami/scripts/libpersistence.sh +. /opt/bitnami/scripts/libwebserver.sh + +# Load database library +if [[ -f /opt/bitnami/scripts/libmysqlclient.sh ]]; then + . /opt/bitnami/scripts/libmysqlclient.sh +elif [[ -f /opt/bitnami/scripts/libmysql.sh ]]; then + . /opt/bitnami/scripts/libmysql.sh +elif [[ -f /opt/bitnami/scripts/libmariadb.sh ]]; then + . /opt/bitnami/scripts/libmariadb.sh +fi + +######################## +# Validate settings in DRUPAL_* env vars +# Globals: +# DRUPAL_* +# Arguments: +# None +# Returns: +# 0 if the validation succeeded, 1 otherwise +######################### +drupal_validate() { + debug "Validating settings in DRUPAL_* environment variables..." + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + check_multi_value() { + if [[ " ${2} " != *" ${!1} "* ]]; then + print_validation_error "The allowed values for ${1} are: ${2}" + fi + } + + check_yes_no_value() { + if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then + print_validation_error "The allowed values for ${1} are: yes no" + fi + } + + check_resolved_hostname() { + if ! is_hostname_resolved "$1"; then + warn "Hostname $1 could not be resolved. This could lead to connection issues" + fi + } + + check_mounted_file() { + if [[ -n "${!1:-}" ]] && ! [[ -f "${!1:-}" ]]; then + print_validation_error "The variable ${1} is defined but the file ${!1} is not accessible or does not exist" + fi + } + check_valid_port() { + local port_var="${1:?missing port variable}" + local err + if ! err="$(validate_port "${!port_var}")"; then + print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." + fi + } + + # Warn users in case the configuration file is not writable + is_file_writable "$DRUPAL_CONF_FILE" || warn "The Drupal configuration file '${DRUPAL_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied for this file." + + # Validate user inputs + ! is_empty_value "$DRUPAL_SKIP_BOOTSTRAP" && check_yes_no_value "DRUPAL_SKIP_BOOTSTRAP" + ! is_empty_value "$DRUPAL_DATABASE_PORT_NUMBER" && check_valid_port "DRUPAL_DATABASE_PORT_NUMBER" + ! is_empty_value "$DRUPAL_DATABASE_HOST" && check_resolved_hostname "$DRUPAL_DATABASE_HOST" + check_mounted_file "DRUPAL_DATABASE_TLS_CA_FILE" + + # Validate database credentials + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + else + for empty_env_var in "DRUPAL_DATABASE_PASSWORD" "DRUPAL_PASSWORD"; do + is_empty_value "${!empty_env_var}" && print_validation_error "The ${empty_env_var} environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow a blank password. This is only recommended for development environments." + done + fi + + # Validate SMTP credentials + if ! is_empty_value "$DRUPAL_SMTP_HOST"; then + for empty_env_var in "DRUPAL_SMTP_USER" "DRUPAL_SMTP_PASSWORD"; do + is_empty_value "${!empty_env_var}" && warn "The ${empty_env_var} environment variable is empty or not set." + done + is_empty_value "$DRUPAL_SMTP_PORT_NUMBER" && print_validation_error "The DRUPAL_SMTP_PORT_NUMBER environment variable is empty or not set." + ! is_empty_value "$DRUPAL_SMTP_PORT_NUMBER" && check_valid_port "DRUPAL_SMTP_PORT_NUMBER" + ! is_empty_value "$DRUPAL_SMTP_PROTOCOL" && check_multi_value "DRUPAL_SMTP_PROTOCOL" "standard tls ssl" + fi + + # Check that the web server is properly set up + web_server_validate || print_validation_error "Web server validation failed" + + return "$error_code" +} + +######################## +# Ensure Drupal is initialized +# Globals: +# DRUPAL_* +# Arguments: +# None +# Returns: +# None +######################### +drupal_initialize() { + # Update Drupal configuration via mounted configuration files and environment variables + if is_file_writable "$DRUPAL_CONF_FILE"; then + # Enable mounted configuration files + if [[ -f "$DRUPAL_MOUNTED_CONF_FILE" ]]; then + info "Found mounted Drupal configuration file '${DRUPAL_MOUNTED_CONF_FILE}', copying to '${DRUPAL_CONF_FILE}'" + cp "$DRUPAL_MOUNTED_CONF_FILE" "$DRUPAL_CONF_FILE" + return + fi + fi + + # Check if Drupal has already been initialized and persisted in a previous run + local -r app_name="drupal" + if ! is_app_initialized "$app_name"; then + info "Trying to connect to the database server" + drupal_wait_for_db_connection "$DRUPAL_DATABASE_HOST" "$DRUPAL_DATABASE_PORT_NUMBER" "$DRUPAL_DATABASE_NAME" "$DRUPAL_DATABASE_USER" "$DRUPAL_DATABASE_PASSWORD" + + # Ensure the Drupal base directory exists and has proper permissions + info "Configuring file permissions for Drupal" + ensure_dir_exists "$DRUPAL_VOLUME_DIR" + # Use daemon:root ownership for compatibility when running as a non-root user + am_i_root && configure_permissions_ownership "$DRUPAL_VOLUME_DIR" -d "775" -f "664" -u "$WEB_SERVER_DAEMON_USER" -g "root" + + if ! is_boolean_yes "$DRUPAL_SKIP_BOOTSTRAP"; then + # Perform initial bootstrapping for Drupal + info "Installing Drupal site" + drupal_site_install + if ! is_empty_value "$DRUPAL_ENABLE_MODULES"; then + info "Enabling Drupal modules" + drupal_enable_modules + fi + if ! is_empty_value "$DRUPAL_SMTP_HOST"; then + info "Configuring SMTP" + drupal_configure_smtp + fi + info "Flushing Drupal cache" + drupal_flush_cache + else + info "An already initialized Drupal database was provided, configuration will be skipped" + if is_empty_value "$DRUPAL_DATABASE_TLS_CA_FILE"; then + drupal_set_database_settings + else + drupal_set_database_ssl_settings + fi + + # Drupal expects a directory for storing site configuration + # For more info see https://www.drupal.org/docs/configuration-management + drupal_create_config_directory + + # Drupal needs a hash value to build one-time login links, cancel links, form tokens, etc. + drupal_set_hash_salt + drupal_update_database + fi + + info "Persisting Drupal installation" + persist_app "$app_name" "$DRUPAL_DATA_TO_PERSIST" + else + info "Restoring persisted Drupal installation" + restore_persisted_app "$app_name" "$DRUPAL_DATA_TO_PERSIST" + info "Trying to connect to the database server" + db_host="$(drupal_database_conf_get 'host')" + db_port="$(drupal_database_conf_get 'port')" + db_name="$(drupal_database_conf_get 'database')" + db_user="$(drupal_database_conf_get 'username')" + db_pass="$(drupal_database_conf_get 'password')" + drupal_wait_for_db_connection "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" + drupal_update_database + fi + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Get a database entry from the Drupal configuration file (settings.php) +# Globals: +# DRUPAL_* +# Arguments: +# $1 - Key +# Returns: +# None +######################### +drupal_database_conf_get() { + local -r key="${1:?key missing}" + debug "Getting ${key} from Drupal database configuration" + grep -E "^\s*'${key}' =>" "$DRUPAL_CONF_FILE" | grep -E -o "=> '.*'" | cut -f2 -d\' +} + +######################## +# Add or modify an entry in the Drupal configuration file (settings.php) +# Globals: +# DRUPAL_* +# Arguments: +# $1 - PHP variable name +# $2 - Value to assign to the PHP variable +# $3 - Whether the value is a literal, or if instead it should be quoted (default: no) +# Returns: +# None +######################### +drupal_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + local -r is_literal="${3:-no}" + debug "Setting ${key} to '${value}' in Drupal configuration (literal: ${is_literal})" + # Sanitize key (sed does not support fixed string substitutions) + local sanitized_pattern + sanitized_pattern="^(#\s*)?$(sed 's/[]\[^$.*/]/\\&/g' <<< "$key")\s*=.*" + local entry + is_boolean_yes "$is_literal" && entry="${key} = $value;" || entry="${key} = '$value';" + # Check if the configuration exists in the file + if grep -q -E "$sanitized_pattern" "$DRUPAL_CONF_FILE"; then + # It exists, so replace the line + replace_in_file "$DRUPAL_CONF_FILE" "$sanitized_pattern" "$entry" + else + echo "$entry" >> "$DRUPAL_CONF_FILE" + fi +} + +######################## +# Wait until the database is accessible with the currently-known credentials +# Globals: +# * +# Arguments: +# $1 - database host +# $2 - database port +# $3 - database name +# $4 - database username +# $5 - database user password (optional) +# Returns: +# true if the database connection succeeded, false otherwise +######################### +drupal_wait_for_db_connection() { + local -r db_host="${1:?missing database host}" + local -r db_port="${2:?missing database port}" + local -r db_name="${3:?missing database name}" + local -r db_user="${4:?missing database user}" + local -r db_pass="${5:-}" + check_mysql_connection() { + echo "SELECT 1" | mysql_remote_execute "$db_host" "$db_port" "$db_name" "$db_user" "$db_pass" + } + if ! retry_while "check_mysql_connection"; then + error "Could not connect to the database" + return 1 + fi +} + +######################## +# Drupal Site Install +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_site_install() { + is_empty_value "$DRUPAL_DATABASE_TLS_CA_FILE" || drupal_set_database_ssl_settings + + ( + # Unfortunately there is no way to disable mail sending via sendmail when installing Drupal + # The "hack" consists of overriding the sendmail path to an executable that does nothing (i.e. "/bin/true") + # This is also what Drush is doing in their CI + PHP_OPTIONS="-d sendmail_path=$(which true)" + export PHP_OPTIONS + + drush_execute "site:install" \ + "--db-url=mysql://${DRUPAL_DATABASE_USER}:${DRUPAL_DATABASE_PASSWORD}@${DRUPAL_DATABASE_HOST}:${DRUPAL_DATABASE_PORT_NUMBER}/${DRUPAL_DATABASE_NAME}" \ + "--account-name=${DRUPAL_USERNAME}" \ + "--account-mail=${DRUPAL_EMAIL}" \ + "--account-pass=${DRUPAL_PASSWORD}" \ + "--site-name=${DRUPAL_SITE_NAME}" \ + "--site-mail=${DRUPAL_EMAIL}" \ + "-y" "$DRUPAL_PROFILE" + ) + + # When Drupal settings are patched to allow SSL database connections, the database settings block is duplicated + # after the installation with Drush + is_empty_value "$DRUPAL_DATABASE_TLS_CA_FILE" || drupal_remove_duplicated_database_settings + # Restrict permissions of the configuration file to keep the site secure + if am_i_root; then + configure_permissions_ownership "$DRUPAL_CONF_FILE" -u "root" -g "$WEB_SERVER_DAEMON_USER" -f "644" + else + # HACK: The drupal installation is changing the ownership of the sites/default folder. When running as + # 1001:1001 this is causing an issue with the persist_app function. This sets the folder with write permissions + # so the function works. We add || true to not break docker-compose installations + chmod u+w "${DRUPAL_BASE_DIR}/sites/default" || true + fi +} + +######################## +# Create Drupal sync configuration directory (DRUPAL_SKIP_BOOTSTRAP only) +# Globals: +# DRUPAL_BASE_DIR +# Arguments: +# None +# Returns: +# None +######################### +drupal_create_config_directory() { + local config_sync_dir="${DRUPAL_CONFIG_SYNC_DIR:-}" + if is_empty_value "$config_sync_dir"; then + config_sync_dir="${DRUPAL_BASE_DIR}/sites/default/files/config_$(generate_random_string -t alphanumeric -c 16)" + fi + ensure_dir_exists "$config_sync_dir" + drupal_conf_set "\$settings['config_sync_directory']" "$config_sync_dir" +} + +######################## +# Create Drupal hash salt value (DRUPAL_SKIP_BOOTSTRAP only) +# Globals: +# DRUPAL_HASH_SALT +# Arguments: +# None +# Returns: +# None +######################### +drupal_set_hash_salt() { + local hash_salt="${DRUPAL_HASH_SALT:-}" + if is_empty_value "$hash_salt"; then + hash_salt="$(generate_random_string -t alphanumeric -c 32)" + fi + drupal_conf_set "\$settings['hash_salt']" "$hash_salt" +} + +######################## +# Execute Drush Tool +# Globals: +# * +# Arguments: +# $@ - Arguments to pass to the Drush tool +# Returns: +# None +######################### +drush_execute() { + if am_i_root; then + debug_execute run_as_user "$WEB_SERVER_DAEMON_USER" drush "--root=${DRUPAL_BASE_DIR}" "$@" + else + debug_execute drush "--root=${DRUPAL_BASE_DIR}" "$@" + fi +} + +######################## +# Execute Drush Tool to set a config option +# Globals: +# * +# Arguments: +# $1 - config group +# $2 - config key +# $3 - config value +# Returns: +# None +######################### +drush_config_set() { + local -r group="${1:?missing config group}" + local -r key="${2:?missing config key}" + local -r value="${3:-}" + + drush_execute "config-set" "--yes" "$group" "$key" "$value" +} + +######################## +# Drupal enable modules +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_enable_modules() { + local -a modules + read -r -a modules <<< "${DRUPAL_ENABLE_MODULES/,/ }" + [[ "${#modules[@]}" -gt 0 ]] || return 0 + drush_execute "pm:enable" "--yes" "${modules[@]}" +} + +######################## +# Drupal configure SMTP +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_configure_smtp() { + drush_execute "pm:enable" "--yes" "smtp" + + drush_config_set "system.mail" "interface.default" "SMTPMailSystem" + drush_config_set "smtp.settings" "smtp_on" "1" + drush_config_set "smtp.settings" "smtp_host" "$DRUPAL_SMTP_HOST" + drush_config_set "smtp.settings" "smtp_port" "$DRUPAL_SMTP_PORT_NUMBER" + drush_config_set "smtp.settings" "smtp_protocol" "$DRUPAL_SMTP_PROTOCOL" + drush_config_set "smtp.settings" "smtp_username" "$DRUPAL_SMTP_USER" + drush_config_set "smtp.settings" "smtp_password" "$DRUPAL_SMTP_PASSWORD" + drush_config_set "smtp.settings" "smtp_from" "$DRUPAL_EMAIL" + drush_config_set "smtp.settings" "smtp_fromname" "$DRUPAL_SITE_NAME" +} + +######################## +# Drupal flush cache +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_flush_cache() { + drush_execute "cache:rebuild" +} + +######################## +# Drupal update database +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_update_database() { + debug 'Upgrading Drupal database with drush...' + drush_execute "updatedb" +} + +######################## +# Drupal set database SSL settings +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_set_database_ssl_settings() { + cat >>"$DRUPAL_CONF_FILE" < '${DRUPAL_DATABASE_NAME}', + 'username' => '${DRUPAL_DATABASE_USER}', + 'password' => '${DRUPAL_DATABASE_PASSWORD}', + 'prefix' => '', + 'host' => '${DRUPAL_DATABASE_HOST}', + 'port' => '${DRUPAL_DATABASE_PORT_NUMBER}', + 'namespace' => 'Drupal\\Core\\Database\\Driver\\mysql', + 'driver' => 'mysql', + 'pdo' => array ( + PDO::MYSQL_ATTR_SSL_CA => '${DRUPAL_DATABASE_TLS_CA_FILE}', + PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => 0 + ) +); +EOF +} + +######################## +# Drupal set database non-SSL settings (DRUPAL_SKIP_BOOTSTRAP only) +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_set_database_settings() { + cat >>"$DRUPAL_CONF_FILE" < '${DRUPAL_DATABASE_NAME}', + 'username' => '${DRUPAL_DATABASE_USER}', + 'password' => '${DRUPAL_DATABASE_PASSWORD}', + 'prefix' => '', + 'host' => '${DRUPAL_DATABASE_HOST}', + 'port' => '${DRUPAL_DATABASE_PORT_NUMBER}', + 'namespace' => 'Drupal\\Core\\Database\\Driver\\mysql', + 'driver' => 'mysql', +); +EOF +} + +######################## +# Drupal remove duplicated database block from settings file +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_remove_duplicated_database_settings() { + local -r first_line_block=$'\$databases\[\'default\'\]\[\'default\'\] = array \($' + local -r last_line_block='\);' + + remove_in_file "$DRUPAL_CONF_FILE" "${first_line_block}/,/${last_line_block}" +} + +######################## +# Drupal fix htaccess warning protection. +# Drupal checks for the htaccess file to prevent malicious attacks +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +drupal_fix_htaccess_warning_protection() { + local -r files_dir="${DRUPAL_BASE_DIR}/sites/default/files/" + local -r htaccess_file="${files_dir}/.htaccess" + + ensure_dir_exists "$files_dir" + cat <"$htaccess_file" +# Recommended protections: https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2013-11-20/sa-core-2013-003-drupal-core + +# Turn off all options we don\'t need. +Options -Indexes -ExecCGI -Includes -MultiViews + +# Set the catch-all handler to prevent scripts from being executed. +SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 + + # Override the handler again if we\'re run later in the evaluation list. + SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 + + +# If we know how to do it safely, disable the PHP engine entirely. + + php_flag engine off + +EOF +} diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh new file mode 100644 index 0000000000000..95e51fc097b5f --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libmysqlclient.sh @@ -0,0 +1,1048 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami MySQL Client library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libversion.sh + +######################## +# Validate settings in MYSQL_CLIENT_* environment variables +# Globals: +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_validate() { + info "Validating settings in MYSQL_CLIENT_* env vars" + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + empty_password_enabled_warn() { + warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + } + empty_password_error() { + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + } + backslash_password_error() { + print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)" + } + + check_yes_no_value() { + if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then + print_validation_error "The allowed values for ${1} are: yes no" + fi + } + + check_multi_value() { + if [[ " ${2} " != *" ${!1} "* ]]; then + print_validation_error "The allowed values for ${1} are: ${2}" + fi + } + + # Only validate environment variables if any action needs to be performed + check_yes_no_value "MYSQL_CLIENT_ENABLE_SSL_WRAPPER" + check_multi_value "MYSQL_CLIENT_FLAVOR" "mariadb mysql" + + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then + empty_password_enabled_warn + else + if [[ -z "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" + fi + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && [[ -z "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]]; then + empty_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" + fi + fi + if [[ "${MYSQL_CLIENT_DATABASE_ROOT_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" + fi + if [[ "${MYSQL_CLIENT_CREATE_DATABASE_PASSWORD:-}" = *\\* ]]; then + backslash_password_error "MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" + fi + fi + return "$error_code" +} + +######################## +# Perform actions to a database +# Globals: +# DB_* +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_initialize() { + # Wrap binary to force the usage of SSL + if is_boolean_yes "$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"; then + mysql_client_wrap_binary_for_ssl + fi + # Wait for the database to be accessible if any action needs to be performed + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" || -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Trying to connect to the database server" + check_mysql_connection() { + echo "SELECT 1" | mysql_execute "mysql" "$MYSQL_CLIENT_DATABASE_ROOT_USER" "$MYSQL_CLIENT_DATABASE_ROOT_PASSWORD" "-h" "$MYSQL_CLIENT_DATABASE_HOST" "-P" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER" + } + if ! retry_while "check_mysql_connection"; then + error "Could not connect to the database server" + return 1 + fi + fi + # Ensure a database user exists in the server + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]]; then + info "Creating database user ${MYSQL_CLIENT_CREATE_DATABASE_USER}" + local -a args=("$MYSQL_CLIENT_CREATE_DATABASE_USER" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD" ]] && args+=("-p" "$MYSQL_CLIENT_CREATE_DATABASE_PASSWORD") + [[ -n "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$MYSQL_CLIENT_DATABASE_AUTHENTICATION_PLUGIN") + mysql_ensure_optional_user_exists "${args[@]}" + fi + # Ensure a database exists in the server (and that the user has write privileges, if specified) + if [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_NAME" ]]; then + info "Creating database ${MYSQL_CLIENT_CREATE_DATABASE_NAME}" + local -a createdb_args=("$MYSQL_CLIENT_CREATE_DATABASE_NAME" "--host" "$MYSQL_CLIENT_DATABASE_HOST" "--port" "$MYSQL_CLIENT_DATABASE_PORT_NUMBER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_USER" ]] && createdb_args+=("-u" "$MYSQL_CLIENT_CREATE_DATABASE_USER") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE" ]] && createdb_args+=("--collate" "$MYSQL_CLIENT_CREATE_DATABASE_COLLATE") + [[ -n "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES" ]] && createdb_args+=("--privileges" "$MYSQL_CLIENT_CREATE_DATABASE_PRIVILEGES") + mysql_ensure_optional_database_exists "${createdb_args[@]}" + fi +} + +######################## +# Wrap binary to force the usage of SSL +# Globals: +# DB_* +# MYSQL_CLIENT_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_client_wrap_binary_for_ssl() { + local wrapper_file="${DB_BIN_DIR}/mysql" + # In MySQL Client 10.6, mysql is a link to the mariadb binary + if [[ -f "${DB_BIN_DIR}/mariadb" ]]; then + wrapper_file="${DB_BIN_DIR}/mariadb" + fi + local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql" + local -a ssl_opts=() + read -r -a ssl_opts <<<"$(mysql_client_extra_opts)" + + mv "$wrapper_file" "$wrapped_binary_file" + cat >"$wrapper_file" <> "$custom_conf_file" + cat "$old_custom_conf_file" >> "$custom_conf_file" + fi + if am_i_root; then + [[ -e "$DB_VOLUME_DIR/.initialized" ]] && rm "$DB_VOLUME_DIR/.initialized" + rm -rf "$DB_VOLUME_DIR/conf" + else + warn "Old custom configuration migrated, please manually remove the 'conf' directory from the volume use to persist data" + fi +} + +######################## +# Ensure a db user exists with the given password for the '%' host +# Globals: +# DB_* +# Flags: +# -p|--password - database password +# -u|--user - database user +# --auth-plugin - authentication plugin +# --use-ldap - authenticate user via LDAP +# --host - database host +# --port - database host +# Arguments: +# $1 - database user +# Returns: +# None +######################### +mysql_ensure_user_exists() { + local -r user="${1:?user is required}" + local password="" + local auth_plugin="" + local use_ldap="no" + local hosts + local auth_string="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -p|--password) + shift + password="${1:?missing database password}" + ;; + --auth-plugin) + shift + auth_plugin="${1:?missing authentication plugin}" + ;; + --use-ldap) + use_ldap="yes" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + if is_boolean_yes "$use_ldap"; then + auth_string="identified via pam using '$DB_FLAVOR'" + elif [[ -n "$password" ]]; then + if [[ -n "$auth_plugin" ]]; then + auth_string="identified with $auth_plugin by '$password'" + else + auth_string="identified by '$password'" + fi + fi + debug "creating database user \'$user\'" + + local -a mysql_execute_cmd=("mysql_execute") + local -a mysql_execute_print_output_cmd=("mysql_execute_print_output") + if [[ -n "$db_host" && -n "$db_port" ]]; then + mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port") + fi + + local mysql_create_user_cmd + [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <=10.4, the mysql.user table was replaced with a view: https://mariadb.com/kb/en/mysqluser-table/ + # Views have a definer user, in this case set to 'root', which needs to exist for the view to work + # In MySQL, to avoid issues when renaming the root user, they use the 'mysql.sys' user as a definer: https://dev.mysql.com/doc/refman/5.7/en/sys-schema.html + # However, for MariaDB that is not the case, so when the 'root' user is renamed the 'mysql.user' table stops working and the view needs to be fixed + if [[ "$user" != "root" && ! "$(mysql_get_version)" =~ ^10.[0123]. ]]; then + alter_view_str="$(mysql_execute_print_output "mysql" "$user" "$password" "-s" <&2 + return 1 + ;; + esac + shift + done + + local -a mysql_execute_cmd=("mysql_execute") + [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port") + + local -a create_database_args=() + [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'") + [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'") + + debug "Creating database $database" + "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$user") + [[ -n "$db_host" ]] && flags+=("--host" "${db_host}") + [[ -n "$db_port" ]] && flags+=("--port" "${db_port}") + if is_boolean_yes "$use_ldap"; then + flags+=("--use-ldap") + elif [[ -n "$password" ]]; then + flags+=("-p" "$password") + [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin") + fi + mysql_ensure_user_exists "${flags[@]}" +} + +######################## +# Optionally create the given database, and then optionally give a user +# full privileges on the database. +# Flags: +# -u|--user - database user +# --character-set - character set +# --collation - collation +# --host - database host +# --port - database port +# Arguments: +# $1 - database name +# Returns: +# None +######################### +mysql_ensure_optional_database_exists() { + local -r database="${1:?database is missing}" + local character_set="" + local collate="" + local user="" + local privileges="" + # For accessing an external database + local db_host="" + local db_port="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + --character-set) + shift + character_set="${1:?missing character set}" + ;; + --collate) + shift + collate="${1:?missing collate}" + ;; + -u|--user) + shift + user="${1:?missing database user}" + ;; + --host) + shift + db_host="${1:?missing database host}" + ;; + --port) + shift + db_port="${1:?missing database port}" + ;; + --privileges) + shift + privileges="${1:?missing privileges}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + local -a flags=("$database") + [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set") + [[ -n "$collate" ]] && flags+=("--collate" "$collate") + [[ -n "$db_host" ]] && flags+=("--host" "$db_host") + [[ -n "$db_port" ]] && flags+=("--port" "$db_port") + mysql_ensure_database_exists "${flags[@]}" + + if [[ -n "$user" ]]; then + mysql_ensure_user_has_database_privileges "$user" "$database" "$privileges" "$db_host" "$db_port" + fi +} + +######################## +# Add or modify an entry in the MySQL configuration file ("$DB_CONF_FILE") +# Globals: +# DB_* +# Arguments: +# $1 - MySQL variable name +# $2 - Value to assign to the MySQL variable +# $3 - Section in the MySQL configuration file the key is located (default: mysqld) +# $4 - Configuration file (default: "$BD_CONF_FILE") +# Returns: +# None +######################### +mysql_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + read -r -a sections <<<"${3:-mysqld}" + local -r ignore_inline_comments="${4:-no}" + local -r file="${5:-"$DB_CONF_FILE"}" + info "Setting ${key} option" + debug "Setting ${key} to '${value}' in ${DB_FLAVOR} configuration file ${file}" + # Check if the configuration exists in the file + for section in "${sections[@]}"; do + if is_boolean_yes "$ignore_inline_comments"; then + ini-file set --ignore-inline-comments --section "$section" --key "$key" --value "$value" "$file" + else + ini-file set --section "$section" --key "$key" --value "$value" "$file" + fi + done +} + +######################## +# Update MySQL/MariaDB configuration file with user custom inputs +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# None +######################### +mysql_update_custom_config() { + # Persisted configuration files from old versions + ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration + + # User injected custom configuration + if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then + debug "Injecting custom configuration from my_custom.conf" + cat "$DB_CONF_DIR/my_custom.cnf" > "$DB_CONF_DIR/bitnami/my_custom.cnf" + fi + + ! is_empty_value "$DB_USER" && mysql_conf_set "user" "$DB_USER" "mysqladmin" + ! is_empty_value "$DB_PORT_NUMBER" && mysql_conf_set "port" "$DB_PORT_NUMBER" "mysqld client manager" + ! is_empty_value "$DB_CHARACTER_SET" && mysql_conf_set "character_set_server" "$DB_CHARACTER_SET" + ! is_empty_value "$DB_COLLATE" && mysql_conf_set "collation_server" "$DB_COLLATE" + ! is_empty_value "$DB_BIND_ADDRESS" && mysql_conf_set "bind_address" "$DB_BIND_ADDRESS" + ! is_empty_value "$DB_AUTHENTICATION_PLUGIN" && mysql_conf_set "default_authentication_plugin" "$DB_AUTHENTICATION_PLUGIN" + ! is_empty_value "$DB_SQL_MODE" && mysql_conf_set "sql_mode" "$DB_SQL_MODE" + ! is_empty_value "$DB_ENABLE_SLOW_QUERY" && mysql_conf_set "slow_query_log" "$DB_ENABLE_SLOW_QUERY" + ! is_empty_value "$DB_LONG_QUERY_TIME" && mysql_conf_set "long_query_time" "$DB_LONG_QUERY_TIME" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Find the path to the libjemalloc library file +# Globals: +# None +# Arguments: +# None +# Returns: +# Path to a libjemalloc shared object file +######################### +find_jemalloc_lib() { + local -a locations=( "/usr/lib" "/usr/lib64" ) + local -r pattern='libjemalloc.so.[0-9]' + local path + for dir in "${locations[@]}"; do + # Find the first element matching the pattern and quit + [[ ! -d "$dir" ]] && continue + path="$(find "$dir" -name "$pattern" -print -quit)" + [[ -n "$path" ]] && break + done + echo "${path:-}" +} + +######################## +# Execute a reliable health check against the current mysql instance +# Globals: +# DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD +# Arguments: +# None +# Returns: +# mysqladmin output +######################### +mysql_healthcheck() { + local args=("-uroot" "-h0.0.0.0") + local root_password + + root_password="$(get_master_env_var_value ROOT_PASSWORD)" + if [[ -n "$root_password" ]]; then + args+=("-p${root_password}") + fi + + mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status +} + +######################## +# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# mysql client flavor +######################### +mysql_client_flavor() { + if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then + echo "mariadb" + else + echo "mysql" + fi +} + +######################## +# Prints extra options for MySQL client calls (i.e. SSL options) +# Globals: +# DB_* +# Arguments: +# None +# Returns: +# List of options to pass to "mysql" CLI +######################### +mysql_client_extra_opts() { + # Helper to get the proper value for the MySQL client environment variable + mysql_client_env_value() { + local env_name="MYSQL_CLIENT_${1:?missing name}" + if [[ -n "${!env_name:-}" ]]; then + echo "${!env_name:-}" + else + env_name="DB_CLIENT_${1}" + echo "${!env_name:-}" + fi + } + local -a opts=() + local key value + if is_boolean_yes "${DB_ENABLE_SSL:-no}"; then + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=REQUIRED") + else + opts+=("--ssl=TRUE") + fi + # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined + for key in ca key cert; do + value="$(mysql_client_env_value "SSL_${key^^}_FILE")" + [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}") + done + else + # Skip SSL validation + if [[ "$(mysql_client_flavor)" = "mysql" ]]; then + opts+=("--ssl-mode=DISABLED") + else + # SSL connections are enabled by default in MariaDB >=10.11 + local mysql_version="" + local major_version="" + local minor_version="" + mysql_version="$(mysql_get_version)" + major_version="$(get_sematic_version "${mysql_version}" 1)" + minor_version="$(get_sematic_version "${mysql_version}" 2)" + if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then + opts+=("--skip-ssl") + fi + fi + fi + echo "${opts[@]:-}" +} diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libphp.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libphp.sh new file mode 100644 index 0000000000000..838cd2b4289fa --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/libphp.sh @@ -0,0 +1,265 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Bitnami PHP library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libfile.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libwebserver.sh + +######################## +# Add or modify an entry in the main PHP configuration file (php.ini) +# Globals: +# PHP_CONF_FILE +# Arguments: +# $1 - Key +# $2 - Value +# $3 - File to modify (default: $PHP_CONF_FILE) +# Returns: +# None +######################### +php_conf_set() { + local -r key="${1:?key missing}" + local -r value="${2:?value missing}" + local -r file="${3:-"$PHP_CONF_FILE"}" + local pattern="^[; ]*${key}\s*=.*$" + if [[ "$key" = "extension" || "$key" = "zend_extension" ]]; then + # The "extension" property works a bit different for PHP, as there is one per module to be included, meaning it is additive unlike other configurations + # Because of that, we first check if the extension was defined in the file to replace the proper entry + pattern="^[; ]*${key}\s*=\s*[\"]?${value}(\.so)?[\"]?\s*$" + fi + local -r entry="${key} = ${value}" + if is_file_writable "$file"; then + # Not using the ini-file tool since it does not play well with php.ini + if grep -q -E "$pattern" "$file"; then + replace_in_file "$file" "$pattern" "$entry" + else + cat >> "$file" <<< "$entry" + fi + else + warn "The PHP configuration file '${file}' is not writable. The '${key}' option will not be configured." + fi +} + +######################## +# Ensure PHP is initialized +# Globals: +# PHP_* +# Arguments: +# None +# Returns: +# None +######################### +php_initialize() { + # Configure PHP options based on the runtime environment + info "Configuring PHP options" + if ! is_dir_empty "$PHP_DEFAULT_CONF_DIR"; then + # Copy default configuration to php configuration directory + cp -nr "$PHP_DEFAULT_CONF_DIR"/. "$PHP_CONF_DIR" + fi + php_set_runtime_config "$PHP_CONF_FILE" + + + # PHP-FPM configuration + ! is_empty_value "$PHP_FPM_LISTEN_ADDRESS" && info "Setting PHP-FPM listen option" && php_conf_set "listen" "$PHP_FPM_LISTEN_ADDRESS" "${PHP_CONF_DIR}/php-fpm.d/www.conf" + + # Avoid exit code of previous commands to affect the result of this function + true +} + +######################## +# Set PHP runtime options, based on user-provided environment variables +# Globals: +# PHP_* +# Arguments: +# None +# Returns: +# None +######################### +php_set_runtime_config() { + local -r conf_file="${1:?missing conf file}" + + ! is_empty_value "$PHP_DATE_TIMEZONE" && info "Setting PHP date.timezone option" && php_conf_set date.timezone "$PHP_DATE_TIMEZONE" "$conf_file" + ! is_empty_value "$PHP_ENABLE_OPCACHE" && info "Setting PHP opcache.enable option" && php_conf_set opcache.enable "$PHP_ENABLE_OPCACHE" "$conf_file" + ! is_empty_value "$PHP_EXPOSE_PHP" && info "Setting PHP expose_php option" && php_conf_set expose_php "$PHP_EXPOSE_PHP" "$conf_file" + ! is_empty_value "$PHP_MAX_EXECUTION_TIME" && info "Setting PHP max_execution_time option" && php_conf_set max_execution_time "$PHP_MAX_EXECUTION_TIME" "$conf_file" + ! is_empty_value "$PHP_MAX_INPUT_TIME" && info "Setting PHP max_input_time option" && php_conf_set max_input_time "$PHP_MAX_INPUT_TIME" "$conf_file" + ! is_empty_value "$PHP_MAX_INPUT_VARS" && info "Setting PHP max_input_vars option" && php_conf_set max_input_vars "$PHP_MAX_INPUT_VARS" "$conf_file" + ! is_empty_value "$PHP_MEMORY_LIMIT" && info "Setting PHP memory_limit option" && php_conf_set memory_limit "$PHP_MEMORY_LIMIT" "$conf_file" + ! is_empty_value "$PHP_POST_MAX_SIZE" && info "Setting PHP post_max_size option" && php_conf_set post_max_size "$PHP_POST_MAX_SIZE" "$conf_file" + ! is_empty_value "$PHP_UPLOAD_MAX_FILESIZE" && info "Setting PHP upload_max_filesize option" && php_conf_set upload_max_filesize "$PHP_UPLOAD_MAX_FILESIZE" "$conf_file" + ! is_empty_value "$PHP_OUTPUT_BUFFERING" && info "Setting PHP output_buffering option" && php_conf_set output_buffering "$PHP_OUTPUT_BUFFERING" "$conf_file" + + true +} + +######################## +# Convert a yes/no value to a PHP boolean +# Globals: +# None +# Arguments: +# $1 - yes/no value +# Returns: +# None +######################### +php_convert_to_boolean() { + local -r value="${1:?missing value}" + is_boolean_yes "$value" && echo "true" || echo "false" +} + +######################## +# Execute/run PHP code and print to stdout +# Globals: +# None +# Stdin: +# Code to execute +# Arguments: +# $1..$n - Input arguments to script +# Returns: +# None +######################### +php_execute_print_output() { + local php_cmd + # Obtain the command specified via stdin + php_cmd="$(/dev/null 2>&1 & + if ! retry_while "is_php_fpm_running"; then + error "php-fpm did not start" + error_code=1 + else + info "php-fpm started" + fi +else + info "php-fpm is already running" +fi + +exit "$error_code" diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/status.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/status.sh new file mode 100755 index 0000000000000..2ca4fb384d050 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/status.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/liblog.sh + +# Load PHP-FPM environment variables +. /opt/bitnami/scripts/php-env.sh + +if is_php_fpm_running; then + info "php-fpm is already running" +else + info "php-fpm is not running" +fi diff --git a/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh new file mode 100755 index 0000000000000..74274a4b4ee30 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/opt/bitnami/scripts/php/stop.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries +. /opt/bitnami/scripts/libphp.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/liblog.sh + +# Load PHP-FPM environment variables +. /opt/bitnami/scripts/php-env.sh + +error_code=0 + +if is_php_fpm_running; then + BITNAMI_QUIET=1 php_fpm_stop + if ! retry_while "is_php_fpm_not_running"; then + error "php-fpm could not be stopped" + error_code=1 + else + info "php-fpm stopped" + fi +else + info "php-fpm is not running" +fi + +exit "$error_code" diff --git a/bitnami/drupal/11/debian-12/rootfs/post-init.d/php.sh b/bitnami/drupal/11/debian-12/rootfs/post-init.d/php.sh new file mode 100755 index 0000000000000..6be2585cbc533 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/post-init.d/php.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom PHP init scripts + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ "$custom_init_script" != *".php" ]] && continue + info "Executing ${custom_init_script} with PHP interpreter" + php "$custom_init_script" || failure=1 + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/bitnami/drupal/11/debian-12/rootfs/post-init.d/shell.sh b/bitnami/drupal/11/debian-12/rootfs/post-init.d/shell.sh new file mode 100755 index 0000000000000..75a202d6ecc51 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/post-init.d/shell.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom Bash init scripts + +# shellcheck disable=SC1090,SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ "$custom_init_script" != *".sh" ]] && continue + if [[ -x "$custom_init_script" ]]; then + info "Executing ${custom_init_script}" + "$custom_init_script" || failure="1" + else + info "Sourcing ${custom_init_script} as it is not executable by the current user, any error may cause initialization to fail" + . "$custom_init_script" + fi + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/bitnami/drupal/11/debian-12/rootfs/post-init.d/sql-mysql.sh b/bitnami/drupal/11/debian-12/rootfs/post-init.d/sql-mysql.sh new file mode 100755 index 0000000000000..dc95fc879a0b9 --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/post-init.d/sql-mysql.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 +# +# Executes custom MySQL (.sql or .sql.gz) init scripts + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Load libraries with logging functions +if [[ -f /opt/bitnami/base/functions ]]; then + . /opt/bitnami/base/functions +else + . /opt/bitnami/scripts/liblog.sh +fi + +mysql_execute() { + local -r sql_file="${1:?missing file}" + local failure=0 + mysql_cmd=("mysql" "-h" "$MARIADB_HOST" "-P" "$MARIADB_PORT_NUMBER" "-u" "$MARIADB_ROOT_USER") + if [[ "${ALLOW_EMPTY_PASSWORD:-no}" != "yes" ]]; then + mysql_cmd+=("-p${MARIADB_ROOT_PASSWORD}") + fi + if [[ "$sql_file" == *".sql" ]]; then + "${mysql_cmd[@]}" < "$sql_file" || failure=$? + elif [[ "$sql_file" == *".sql.gz" ]]; then + gunzip -c "$sql_file" | "${mysql_cmd[@]}" || failure=$? + fi + return "$failure" +} + +# Loop through all input files passed via stdin +read -r -a custom_init_scripts <<< "$@" +failure=0 +if [[ "${#custom_init_scripts[@]}" -gt 0 ]]; then + for custom_init_script in "${custom_init_scripts[@]}"; do + [[ ! "$custom_init_script" =~ ^.*(\.sql|\.sql\.gz)$ ]] && continue + info "Executing ${custom_init_script}" + mysql_execute "$custom_init_script" || failure=1 + [[ "$failure" -ne 0 ]] && error "Failed to execute ${custom_init_script}" + done +fi + +exit "$failure" diff --git a/bitnami/drupal/11/debian-12/rootfs/post-init.sh b/bitnami/drupal/11/debian-12/rootfs/post-init.sh new file mode 100755 index 0000000000000..5293748594acb --- /dev/null +++ b/bitnami/drupal/11/debian-12/rootfs/post-init.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + +# Only execute init scripts once +if [[ ! -f "/bitnami/drupal/.user_scripts_initialized" && -d "/docker-entrypoint-init.d" ]]; then + read -r -a init_scripts <<< "$(find "/docker-entrypoint-init.d" -type f -print0 | sort -z | xargs -0)" + if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "/bitnami/drupal/.user_scripts_initialized" ]]; then + mkdir -p "/bitnami/drupal" + for init_script in "${init_scripts[@]}"; do + for init_script_type_handler in /post-init.d/*.sh; do + "$init_script_type_handler" "$init_script" + done + done + fi + + touch "/bitnami/drupal/.user_scripts_initialized" +fi diff --git a/bitnami/drupal/11/debian-12/tags-info.yaml b/bitnami/drupal/11/debian-12/tags-info.yaml new file mode 100644 index 0000000000000..4531522d49bd3 --- /dev/null +++ b/bitnami/drupal/11/debian-12/tags-info.yaml @@ -0,0 +1,5 @@ +rolling-tags: +- "11" +- 11-debian-12 +- 11.0.1 +- latest diff --git a/bitnami/drupal/docker-compose.yml b/bitnami/drupal/docker-compose.yml index a76338ba81969..2ac4e045ac6a8 100644 --- a/bitnami/drupal/docker-compose.yml +++ b/bitnami/drupal/docker-compose.yml @@ -13,7 +13,7 @@ services: volumes: - 'mariadb_data:/bitnami/mariadb' drupal: - image: docker.io/bitnami/drupal:10 + image: docker.io/bitnami/drupal:11 ports: - '80:8080' - '443:8443'