From 6084685e0c5b09d67e4c801e9f346408c5bba446 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Tue, 16 Jun 2020 00:16:11 +0100 Subject: [PATCH] Revert docker change to openssl. Add extra targets to support openssl. --- docker/1.5-openssl/Dockerfile | 90 ++++++++++++++++++++++++ docker/1.5-openssl/README.md | 49 +++++++++++++ docker/1.5-openssl/docker-entrypoint.sh | 4 ++ docker/1.5/Dockerfile | 3 +- docker/1.6-openssl/Dockerfile | 91 +++++++++++++++++++++++++ docker/1.6-openssl/README.md | 49 +++++++++++++ docker/1.6-openssl/docker-entrypoint.sh | 4 ++ docker/1.6/Dockerfile | 3 +- 8 files changed, 291 insertions(+), 2 deletions(-) create mode 100644 docker/1.5-openssl/Dockerfile create mode 100644 docker/1.5-openssl/README.md create mode 100755 docker/1.5-openssl/docker-entrypoint.sh create mode 100644 docker/1.6-openssl/Dockerfile create mode 100644 docker/1.6-openssl/README.md create mode 100755 docker/1.6-openssl/docker-entrypoint.sh diff --git a/docker/1.5-openssl/Dockerfile b/docker/1.5-openssl/Dockerfile new file mode 100644 index 00000000..e0061276 --- /dev/null +++ b/docker/1.5-openssl/Dockerfile @@ -0,0 +1,90 @@ +FROM alpine:3.12 + +LABEL maintainer="Roger Light " \ + description="Eclipse Mosquitto MQTT Broker" + +ENV VERSION=1.5.9 \ + DOWNLOAD_SHA256=d7b62aa0ca680b0d869d6883373903362f98326a6465fc6cd01a0b9e0e8f0333 \ + GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ + LWS_VERSION=2.4.2 + +RUN set -x && \ + apk --no-cache add --virtual build-deps \ + build-base \ + cmake \ + gnupg \ + openssl-dev \ + util-linux-dev && \ + wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \ + mkdir -p /build/lws && \ + tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws && \ + rm /tmp/lws.tar.gz && \ + cd /build/lws && \ + cmake . \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DLWS_IPV6=ON \ + -DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON \ + -DLWS_WITHOUT_CLIENT=ON \ + -DLWS_WITHOUT_EXTENSIONS=ON \ + -DLWS_WITHOUT_TESTAPPS=ON \ + -DLWS_WITH_SHARED=OFF \ + -DLWS_WITH_ZIP_FOPS=OFF \ + -DLWS_WITH_ZLIB=OFF && \ + make -j "$(nproc)" && \ + rm -rf /root/.cmake && \ + wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \ + echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ + wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \ + export GNUPGHOME="$(mktemp -d)" && \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ + gpgconf --kill all && \ + rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ + mkdir -p /build/mosq && \ + tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ + rm /tmp/mosq.tar.gz && \ + make -C /build/mosq -j "$(nproc)" \ + CFLAGS="-Wall -O2 -I/build/lws/include -flto" \ + LDFLAGS="-L/build/lws/lib -flto" \ + WITH_ADNS=no \ + WITH_DOCS=no \ + WITH_SHARED_LIBRARIES=yes \ + WITH_SRV=no \ + WITH_STRIP=yes \ + WITH_WEBSOCKETS=yes \ + prefix=/usr \ + binary && \ + addgroup -S -g 1883 mosquitto 2>/dev/null && \ + adduser -S -u 1883 -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ + mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ + install -d /usr/sbin/ && \ + install -s -m755 /build/mosq/client/mosquitto_pub /usr/bin/mosquitto_pub && \ + install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \ + install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \ + install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ + install -s -m755 /build/mosq/src/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + chown -R mosquitto:mosquitto /mosquitto && \ + apk --no-cache add \ + ca-certificates libuuid && \ + apk del build-deps && \ + rm -rf /build + +VOLUME ["/mosquitto/data", "/mosquitto/log"] + +# Set up the entry point script and default command +COPY docker-entrypoint.sh / +EXPOSE 1883 +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/1.5-openssl/README.md b/docker/1.5-openssl/README.md new file mode 100644 index 00000000..8a54a86b --- /dev/null +++ b/docker/1.5-openssl/README.md @@ -0,0 +1,49 @@ +# Eclipse Mosquitto Docker Image +Containers built with this Dockerfile build as source from published tarballs. + +## Mount Points +A docker mount point has been created in the image to be used for configuration. +``` +/mosquitto/config +``` + +Two docker volumes have been created in the image to be used for persistent storage and logs. +``` +/mosquitto/data +/mosquitto/log +``` + +## User/Group + +The image runs mosquitto under the mosquitto user and group, which are created +with a uid and gid of 1883. + +## Configuration +When creating a container from the image, the default configuration values are used. +To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` +``` +docker run -it -p 1883:1883 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +:boom: if the mosquitto configuration (mosquitto.conf) was modified +to use non-default ports, the docker run command will need to be updated +to expose the ports that have been configured, for example: + +``` +docker run -it -p 1883:1883 -p 8080:8080 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +Configuration can be changed to: + +* persist data to `/mosquitto/data` +* log to `/mosquitto/log/mosquitto.log` + +i.e. add the following to `mosquitto.conf`: +``` +persistence true +persistence_location /mosquitto/data/ + +log_dest file /mosquitto/log/mosquitto.log +``` + +**Note**: For any volume used, the data will be persistent between containers. diff --git a/docker/1.5-openssl/docker-entrypoint.sh b/docker/1.5-openssl/docker-entrypoint.sh new file mode 100755 index 00000000..b381ac57 --- /dev/null +++ b/docker/1.5-openssl/docker-entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/ash +set -e + +exec "$@" diff --git a/docker/1.5/Dockerfile b/docker/1.5/Dockerfile index e0061276..7a0a10a3 100644 --- a/docker/1.5/Dockerfile +++ b/docker/1.5/Dockerfile @@ -13,7 +13,7 @@ RUN set -x && \ build-base \ cmake \ gnupg \ - openssl-dev \ + libressl-dev \ util-linux-dev && \ wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \ mkdir -p /build/lws && \ @@ -62,6 +62,7 @@ RUN set -x && \ WITH_SHARED_LIBRARIES=yes \ WITH_SRV=no \ WITH_STRIP=yes \ + WITH_TLS_PSK=no \ WITH_WEBSOCKETS=yes \ prefix=/usr \ binary && \ diff --git a/docker/1.6-openssl/Dockerfile b/docker/1.6-openssl/Dockerfile new file mode 100644 index 00000000..8cc94464 --- /dev/null +++ b/docker/1.6-openssl/Dockerfile @@ -0,0 +1,91 @@ +FROM alpine:3.12 + +LABEL maintainer="Roger Light " \ + description="Eclipse Mosquitto MQTT Broker" + +ENV VERSION=1.6.10 \ + DOWNLOAD_SHA256=92d1807717f0f6d57d1ac1207ffdb952e8377e916c7b0bb4718f745239774232 \ + GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ + LWS_VERSION=2.4.2 + +RUN set -x && \ + apk --no-cache add --virtual build-deps \ + build-base \ + cmake \ + gnupg \ + openssl-dev \ + util-linux-dev && \ + wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \ + mkdir -p /build/lws && \ + tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws && \ + rm /tmp/lws.tar.gz && \ + cd /build/lws && \ + cmake . \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DLWS_IPV6=ON \ + -DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON \ + -DLWS_WITHOUT_CLIENT=ON \ + -DLWS_WITHOUT_EXTENSIONS=ON \ + -DLWS_WITHOUT_TESTAPPS=ON \ + -DLWS_WITH_SHARED=OFF \ + -DLWS_WITH_ZIP_FOPS=OFF \ + -DLWS_WITH_ZLIB=OFF && \ + make -j "$(nproc)" && \ + rm -rf /root/.cmake && \ + wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \ + echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ + wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \ + export GNUPGHOME="$(mktemp -d)" && \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ + gpgconf --kill all && \ + rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ + mkdir -p /build/mosq && \ + tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ + rm /tmp/mosq.tar.gz && \ + make -C /build/mosq -j "$(nproc)" \ + CFLAGS="-Wall -O2 -I/build/lws/include" \ + LDFLAGS="-L/build/lws/lib" \ + WITH_ADNS=no \ + WITH_DOCS=no \ + WITH_SHARED_LIBRARIES=yes \ + WITH_SRV=no \ + WITH_STRIP=yes \ + WITH_WEBSOCKETS=yes \ + prefix=/usr \ + binary && \ + addgroup -S -g 1883 mosquitto 2>/dev/null && \ + adduser -S -u 1883 -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ + mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ + install -d /usr/sbin/ && \ + install -s -m755 /build/mosq/client/mosquitto_pub /usr/bin/mosquitto_pub && \ + install -s -m755 /build/mosq/client/mosquitto_rr /usr/bin/mosquitto_rr && \ + install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \ + install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \ + install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ + install -s -m755 /build/mosq/src/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + chown -R mosquitto:mosquitto /mosquitto && \ + apk --no-cache add \ + ca-certificates && \ + apk del build-deps && \ + rm -rf /build + +VOLUME ["/mosquitto/data", "/mosquitto/log"] + +# Set up the entry point script and default command +COPY docker-entrypoint.sh / +EXPOSE 1883 +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/1.6-openssl/README.md b/docker/1.6-openssl/README.md new file mode 100644 index 00000000..8a54a86b --- /dev/null +++ b/docker/1.6-openssl/README.md @@ -0,0 +1,49 @@ +# Eclipse Mosquitto Docker Image +Containers built with this Dockerfile build as source from published tarballs. + +## Mount Points +A docker mount point has been created in the image to be used for configuration. +``` +/mosquitto/config +``` + +Two docker volumes have been created in the image to be used for persistent storage and logs. +``` +/mosquitto/data +/mosquitto/log +``` + +## User/Group + +The image runs mosquitto under the mosquitto user and group, which are created +with a uid and gid of 1883. + +## Configuration +When creating a container from the image, the default configuration values are used. +To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` +``` +docker run -it -p 1883:1883 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +:boom: if the mosquitto configuration (mosquitto.conf) was modified +to use non-default ports, the docker run command will need to be updated +to expose the ports that have been configured, for example: + +``` +docker run -it -p 1883:1883 -p 8080:8080 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +Configuration can be changed to: + +* persist data to `/mosquitto/data` +* log to `/mosquitto/log/mosquitto.log` + +i.e. add the following to `mosquitto.conf`: +``` +persistence true +persistence_location /mosquitto/data/ + +log_dest file /mosquitto/log/mosquitto.log +``` + +**Note**: For any volume used, the data will be persistent between containers. diff --git a/docker/1.6-openssl/docker-entrypoint.sh b/docker/1.6-openssl/docker-entrypoint.sh new file mode 100755 index 00000000..b381ac57 --- /dev/null +++ b/docker/1.6-openssl/docker-entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/ash +set -e + +exec "$@" diff --git a/docker/1.6/Dockerfile b/docker/1.6/Dockerfile index 8cc94464..7f725437 100644 --- a/docker/1.6/Dockerfile +++ b/docker/1.6/Dockerfile @@ -13,7 +13,7 @@ RUN set -x && \ build-base \ cmake \ gnupg \ - openssl-dev \ + libressl-dev \ util-linux-dev && \ wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \ mkdir -p /build/lws && \ @@ -62,6 +62,7 @@ RUN set -x && \ WITH_SHARED_LIBRARIES=yes \ WITH_SRV=no \ WITH_STRIP=yes \ + WITH_TLS_PSK=no \ WITH_WEBSOCKETS=yes \ prefix=/usr \ binary && \