From 9cdedad1c8bc1e8819f236074db3c25a413da8be Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Mon, 24 Apr 2023 19:00:52 +0000 Subject: [PATCH 1/5] Simplify auth configs and include updates for Authelia 4.38 --- README.md | 1 + readme-vars.yml | 1 + .../nginx/authelia-location.conf.sample | 7 ++-- .../nginx/authelia-server.conf.sample | 35 ++++++------------- .../nginx/authentik-server.conf.sample | 28 ++++++--------- 5 files changed, 28 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 290cdc0..8c01885 100644 --- a/README.md +++ b/README.md @@ -336,6 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-server.conf - Simplify auth configs and include updates for Authelia 4.38. * **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik. * **25.03.23:** - Fix renewal post hook. * **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0). diff --git a/readme-vars.yml b/readme-vars.yml index cf36fab..290fc9f 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -154,6 +154,7 @@ app_setup_block: | # changelog changelogs: + - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-server.conf - Simplify auth configs and include updates for Authelia 4.38." } - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." } - { date: "25.03.23:", desc: "Fix renewal post hook." } - { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." } diff --git a/root/defaults/nginx/authelia-location.conf.sample b/root/defaults/nginx/authelia-location.conf.sample index ae4d630..32cd82e 100644 --- a/root/defaults/nginx/authelia-location.conf.sample +++ b/root/defaults/nginx/authelia-location.conf.sample @@ -1,10 +1,10 @@ -## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample +## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Make sure that the authelia configuration.yml has 'path: "authelia"' defined ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. -auth_request /authelia/api/verify; +auth_request /authelia/api/authz/auth-request; ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. error_page 401 = @authelia_proxy_signin; @@ -23,3 +23,6 @@ proxy_set_header Remote-User $user; ## Include the Set-Cookie header if present. auth_request_set $set_cookie $upstream_http_set_cookie; add_header Set-Cookie $set_cookie; + +## Set $redirection_url to the location header of the response from the auth request +auth_request_set $redirection_url $upstream_http_location; diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index cbc1a86..a79fb87 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample +## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Make sure that the authelia configuration.yml has 'path: "authelia"' defined @@ -10,16 +10,6 @@ location ^~ /authelia { include /config/nginx/resolver.conf; set $upstream_authelia authelia; proxy_pass http://$upstream_authelia:9091; -} - -# location for authelia auth requests -location = /authelia/api/verify { - internal; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_authelia authelia; - proxy_pass http://$upstream_authelia:9091/authelia/api/verify; ## Include the Set-Cookie header if present. auth_request_set $set_cookie $upstream_http_set_cookie; @@ -33,23 +23,18 @@ location = /authelia/api/verify { location @authelia_proxy_signin { internal; - ## Set the $target_url variable based on the original request. - set_escape_uri $target_url $scheme://$http_host$request_uri; - ## Include the Set-Cookie header if present. auth_request_set $set_cookie $upstream_http_set_cookie; add_header Set-Cookie $set_cookie; - ## Set $authelia_backend to route requests to the current domain by default - set $authelia_backend $http_host; - ## In order for Webauthn to work with multiple domains authelia must operate on a separate subdomain - ## To use authelia on a separate subdomain: - ## * comment the $authelia_backend line above - ## * rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf - ## * make sure that your dns has a cname set for authelia - ## * uncomment the $authelia_backend line below and change example.com to your domain - ## * restart the swag container - #set $authelia_backend authelia.example.com; + ## Set the $target_url variable based on the original request. + set_escape_uri $target_url $scheme://$http_host$request_uri; - return 302 https://$authelia_backend/authelia/?rd=$target_url; + ## Set $redirection_url if it is empty + if ($redirection_url = false) { + set $redirection_url https://$http_host/authelia/?rd=$target_url; + } + + ## Redirect to login + return 302 $redirection_url; } diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index 08ac225..b5adfd6 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample +## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf @@ -9,16 +9,6 @@ location ^~ /outpost.goauthentik.io { include /config/nginx/resolver.conf; set $upstream_authentik authentik-server; proxy_pass http://$upstream_authentik:9000; -} - -# location for authentik auth requests -location = /outpost.goauthentik.io/auth/nginx { - internal; - - include /config/nginx/proxy.conf; - include /config/nginx/resolver.conf; - set $upstream_authentik authentik-server; - proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx; ## Include the Set-Cookie header if present. auth_request_set $set_cookie $upstream_http_set_cookie; @@ -32,14 +22,18 @@ location = /outpost.goauthentik.io/auth/nginx { location @goauthentik_proxy_signin { internal; - ## Set the $target_url variable based on the original request. - set_escape_uri $target_url $scheme://$http_host$request_uri; - ## Include the Set-Cookie header if present. auth_request_set $set_cookie $upstream_http_set_cookie; add_header Set-Cookie $set_cookie; - ## Set $authentik_backend to route requests to the current domain by default - set $authentik_backend $http_host; - return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url; + ## Set the $target_url variable based on the original request. + set_escape_uri $target_url $scheme://$http_host$request_uri; + + ## Set $redirection_url if it is empty + if ($redirection_url = false) { + set $redirection_url https://$http_host/outpost.goauthentik.io/start?rd=$target_url; + } + + ## Redirect to login + return 302 $redirection_url; } From d8f252dd737f887930ff5fe3f245d6138d8c8d9c Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 27 Apr 2023 18:48:27 +0000 Subject: [PATCH 2/5] Adjust auth confs to fix cookie header conflict --- .github/workflows/call_issue_pr_tracker.yml | 6 +- .github/workflows/external_trigger.yml | 8 ++ .../workflows/external_trigger_scheduler.yml | 18 ++-- .github/workflows/package_trigger.yml | 4 + .../workflows/package_trigger_scheduler.yml | 8 +- Jenkinsfile | 91 +++++++++++++++++-- README.md | 2 +- readme-vars.yml | 2 +- .../nginx/authelia-location.conf.sample | 13 ++- .../nginx/authelia-server.conf.sample | 8 +- .../nginx/authentik-location.conf.sample | 9 +- .../nginx/authentik-server.conf.sample | 8 +- 12 files changed, 133 insertions(+), 44 deletions(-) diff --git a/.github/workflows/call_issue_pr_tracker.yml b/.github/workflows/call_issue_pr_tracker.yml index 87243e2..2c30784 100755 --- a/.github/workflows/call_issue_pr_tracker.yml +++ b/.github/workflows/call_issue_pr_tracker.yml @@ -2,9 +2,11 @@ name: Issue & PR Tracker on: issues: - types: [opened,reopened,labeled,unlabeled] + types: [opened,reopened,labeled,unlabeled,closed] pull_request_target: - types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled] + types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed] + pull_request_review: + types: [submitted,edited,dismissed] jobs: manage-project: diff --git a/.github/workflows/external_trigger.yml b/.github/workflows/external_trigger.yml index 83b56e0..964c9b3 100644 --- a/.github/workflows/external_trigger.yml +++ b/.github/workflows/external_trigger.yml @@ -14,9 +14,11 @@ jobs: run: | if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" + echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****" + echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY echo "**** Retrieving external version ****" EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version') if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then @@ -30,6 +32,7 @@ jobs: fi EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g') echo "**** External version: ${EXT_RELEASE} ****" + echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY echo "**** Retrieving last pushed version ****" image="linuxserver/swag" tag="latest" @@ -65,14 +68,18 @@ jobs: exit 1 fi echo "**** Last pushed version: ${IMAGE_VERSION} ****" + echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then echo "**** Version ${EXT_RELEASE} already pushed, exiting ****" + echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY exit 0 elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****" + echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY exit 0 else echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****" + echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY response=$(curl -iX POST \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") @@ -82,6 +89,7 @@ jobs: buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl="${buildurl%$'\r'}" echo "**** Jenkins job build url: ${buildurl} ****" + echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY echo "**** Attempting to change the Jenkins job description ****" curl -iX POST \ "${buildurl}submitDescription" \ diff --git a/.github/workflows/external_trigger_scheduler.yml b/.github/workflows/external_trigger_scheduler.yml index 05db26d..353eb4b 100644 --- a/.github/workflows/external_trigger_scheduler.yml +++ b/.github/workflows/external_trigger_scheduler.yml @@ -2,7 +2,7 @@ name: External Trigger Scheduler on: schedule: - - cron: '50 * * * *' + - cron: '2 * * * *' workflow_dispatch: jobs: @@ -17,18 +17,18 @@ jobs: run: | echo "**** Branches found: ****" git for-each-ref --format='%(refname:short)' refs/remotes - echo "**** Pulling the yq docker image ****" - docker pull ghcr.io/linuxserver/yq for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) do br=$(echo "$br" | sed 's|origin/||g') echo "**** Evaluating branch ${br} ****" - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \ - | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) - if [ "$br" == "$ls_branch" ]; then - echo "**** Branch ${br} appears to be live; checking workflow. ****" + ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml) + ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch') + ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type') + if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then + echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****" if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****." + echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY curl -iX POST \ -H "Authorization: token ${{ secrets.CR_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ @@ -36,8 +36,10 @@ jobs: https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches else echo "**** Workflow doesn't exist; skipping trigger. ****" + echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else - echo "**** ${br} appears to be a dev branch; skipping trigger. ****" + echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****" + echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY fi done diff --git a/.github/workflows/package_trigger.yml b/.github/workflows/package_trigger.yml index 35847d5..7e71dfb 100644 --- a/.github/workflows/package_trigger.yml +++ b/.github/workflows/package_trigger.yml @@ -14,13 +14,16 @@ jobs: run: | if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****" + echo "Github secret \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY exit 0 fi if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****" + echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY exit 0 fi echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****" + echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY response=$(curl -iX POST \ https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \ --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") @@ -30,6 +33,7 @@ jobs: buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') buildurl="${buildurl%$'\r'}" echo "**** Jenkins job build url: ${buildurl} ****" + echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY echo "**** Attempting to change the Jenkins job description ****" curl -iX POST \ "${buildurl}submitDescription" \ diff --git a/.github/workflows/package_trigger_scheduler.yml b/.github/workflows/package_trigger_scheduler.yml index b92d6f4..b912788 100644 --- a/.github/workflows/package_trigger_scheduler.yml +++ b/.github/workflows/package_trigger_scheduler.yml @@ -17,18 +17,16 @@ jobs: run: | echo "**** Branches found: ****" git for-each-ref --format='%(refname:short)' refs/remotes - echo "**** Pulling the yq docker image ****" - docker pull ghcr.io/linuxserver/yq for br in $(git for-each-ref --format='%(refname:short)' refs/remotes) do br=$(echo "$br" | sed 's|origin/||g') echo "**** Evaluating branch ${br} ****" - ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \ - | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch) + ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml | yq -r '.ls_branch') if [ "${br}" == "${ls_branch}" ]; then echo "**** Branch ${br} appears to be live; checking workflow. ****" if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****" + echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY triggered_branches="${triggered_branches}${br} " curl -iX POST \ -H "Authorization: token ${{ secrets.CR_PAT }}" \ @@ -38,9 +36,11 @@ jobs: sleep 30 else echo "**** Workflow doesn't exist; skipping trigger. ****" + echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY fi else echo "**** ${br} appears to be a dev branch; skipping trigger. ****" + echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY fi done echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" diff --git a/Jenkinsfile b/Jenkinsfile index b859cf3..86696fe 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -40,10 +40,11 @@ pipeline { // Setup all the basic environment variables needed for the build stage("Set ENV Variables base"){ steps{ + sh '''docker pull quay.io/skopeo/stable:v1 || : ''' script{ env.EXIT_STATUS = '' env.LS_RELEASE = sh( - script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', + script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''', returnStdout: true).trim() env.LS_RELEASE_NOTES = sh( script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''', @@ -228,7 +229,7 @@ pipeline { script{ env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml' } - sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash''' + sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-jenkins-builder/master/checkrun.sh | /bin/bash''' sh '''#! /bin/bash docker run --rm \ -v ${WORKSPACE}:/mnt \ @@ -376,6 +377,26 @@ pipeline { } } } + // If this is a master build check the S6 service file perms + stage("Check S6 Service file Permissions"){ + when { + branch "master" + environment name: 'CHANGE_ID', value: '' + environment name: 'EXIT_STATUS', value: '' + } + steps { + script{ + sh '''#! /bin/bash + WRONG_PERM=$(find ./ -path "./.git" -prune -o \\( -name "run" -o -name "finish" -o -name "check" \\) -not -perm -u=x,g=x,o=x -print) + if [[ -n "${WRONG_PERM}" ]]; then + echo "The following S6 service files are missing the executable bit; canceling the faulty build: ${WRONG_PERM}" + exit 1 + else + echo "S6 service file perms look good." + fi ''' + } + } + } /* ####################### GitLab Mirroring ####################### */ @@ -668,6 +689,7 @@ pipeline { ]) { script{ env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html' + env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json' } sh '''#! /bin/bash set -e @@ -694,8 +716,6 @@ pipeline { -e WEB_SCREENSHOT=\"${CI_WEB}\" \ -e WEB_AUTH=\"${CI_AUTH}\" \ -e WEB_PATH=\"${CI_WEBPATH}\" \ - -e DO_REGION="ams3" \ - -e DO_BUCKET="lsio-ci" \ -t ghcr.io/linuxserver/ci:latest \ python3 test_build.py''' } @@ -949,8 +969,67 @@ pipeline { environment name: 'EXIT_STATUS', value: '' } steps { - sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/issues/${PULL_REQUEST}/comments \ - -d '{"body": "I am a bot, here are the test results for this PR: \\n'${CI_URL}' \\n'${SHELLCHECK_URL}'"}' ''' + sh '''#! /bin/bash + # Function to retrieve JSON data from URL + get_json() { + local url="$1" + local response=$(curl -s "$url") + if [ $? -ne 0 ]; then + echo "Failed to retrieve JSON data from $url" + return 1 + fi + local json=$(echo "$response" | jq .) + if [ $? -ne 0 ]; then + echo "Failed to parse JSON data from $url" + return 1 + fi + echo "$json" + } + + build_table() { + local data="$1" + + # Get the keys in the JSON data + local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]') + + # Check if keys are empty + if [ -z "$keys" ]; then + echo "JSON report data does not contain any keys or the report does not exist." + return 1 + fi + + # Build table header + local header="| Tag | Passed |\\n| --- | --- |\\n" + + # Loop through the JSON data to build the table rows + local rows="" + for build in $keys; do + local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success") + if [ "$status" = "true" ]; then + status="✅" + else + status="❌" + fi + local row="| "$build" | "$status" |\\n" + rows="${rows}${row}" + done + + local table="${header}${rows}" + local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g') + echo "$escaped_table" + } + + # Retrieve JSON data from URL + data=$(get_json "$CI_JSON_URL") + # Create table from JSON data + table=$(build_table "$data") + echo -e "$table" + + curl -X POST -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \ + -d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"''' + } } } diff --git a/README.md b/README.md index 8c01885..4543e8a 100644 --- a/README.md +++ b/README.md @@ -336,7 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions -* **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-server.conf - Simplify auth configs and include updates for Authelia 4.38. +* **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug. * **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik. * **25.03.23:** - Fix renewal post hook. * **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0). diff --git a/readme-vars.yml b/readme-vars.yml index 290fc9f..f36b368 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -154,7 +154,7 @@ app_setup_block: | # changelog changelogs: - - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-server.conf - Simplify auth configs and include updates for Authelia 4.38." } + - { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." } - { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." } - { date: "25.03.23:", desc: "Fix renewal post hook." } - { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." } diff --git a/root/defaults/nginx/authelia-location.conf.sample b/root/defaults/nginx/authelia-location.conf.sample index 32cd82e..425b109 100644 --- a/root/defaults/nginx/authelia-location.conf.sample +++ b/root/defaults/nginx/authelia-location.conf.sample @@ -1,28 +1,27 @@ -## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample +## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Make sure that the authelia configuration.yml has 'path: "authelia"' defined ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. -auth_request /authelia/api/authz/auth-request; +auth_request /authelia/api/verify; ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. error_page 401 = @authelia_proxy_signin; -## Translate response headers from Authelia into variables +## Translate the user information response headers from the auth subrequest into variables auth_request_set $email $upstream_http_remote_email; auth_request_set $groups $upstream_http_remote_groups; auth_request_set $name $upstream_http_remote_name; auth_request_set $user $upstream_http_remote_user; -## Inject the response header variables into the request made to the actual upstream +## Inject the user information into the request made to the actual upstream proxy_set_header Remote-Email $email; proxy_set_header Remote-Groups $groups; proxy_set_header Remote-Name $name; proxy_set_header Remote-User $user; -## Include the Set-Cookie header if present. +## Translate the Set-Cookie response header from auth subrequest into a variable auth_request_set $set_cookie $upstream_http_set_cookie; -add_header Set-Cookie $set_cookie; -## Set $redirection_url to the location header of the response from the auth request +## Translate the Location response header from auth subrequest into a variable auth_request_set $redirection_url $upstream_http_location; diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index a79fb87..07b8e85 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample +## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Make sure that the authelia configuration.yml has 'path: "authelia"' defined @@ -11,8 +11,7 @@ location ^~ /authelia { set $upstream_authelia authelia; proxy_pass http://$upstream_authelia:9091; - ## Include the Set-Cookie header if present. - auth_request_set $set_cookie $upstream_http_set_cookie; + ## Include the Set-Cookie header if present add_header Set-Cookie $set_cookie; proxy_pass_request_body off; @@ -23,8 +22,7 @@ location ^~ /authelia { location @authelia_proxy_signin { internal; - ## Include the Set-Cookie header if present. - auth_request_set $set_cookie $upstream_http_set_cookie; + ## Include the Set-Cookie header if present add_header Set-Cookie $set_cookie; ## Set the $target_url variable based on the original request. diff --git a/root/defaults/nginx/authentik-location.conf.sample b/root/defaults/nginx/authentik-location.conf.sample index 39668c6..c5f32b2 100644 --- a/root/defaults/nginx/authentik-location.conf.sample +++ b/root/defaults/nginx/authentik-location.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample +## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf @@ -7,20 +7,19 @@ auth_request /outpost.goauthentik.io/auth/nginx; ## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. error_page 401 = @goauthentik_proxy_signin; -## Translate response headers from Authentik into variables +## Translate the user information response headers from the auth subrequest into variables auth_request_set $authentik_email $upstream_http_x_authentik_email; auth_request_set $authentik_groups $upstream_http_x_authentik_groups; auth_request_set $authentik_name $upstream_http_x_authentik_name; auth_request_set $authentik_uid $upstream_http_x_authentik_uid; auth_request_set $authentik_username $upstream_http_x_authentik_username; -## Inject the response header variables into the request made to the actual upstream +## Inject the user information into the request made to the actual upstream proxy_set_header X-authentik-email $authentik_email; proxy_set_header X-authentik-groups $authentik_groups; proxy_set_header X-authentik-name $authentik_name; proxy_set_header X-authentik-uid $authentik_uid; proxy_set_header X-authentik-username $authentik_username; -## Include the Set-Cookie header if present. +## Translate the Set-Cookie response header from auth subrequest into a variable auth_request_set $set_cookie $upstream_http_set_cookie; -add_header Set-Cookie $set_cookie; diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index b5adfd6..e7af24c 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample +## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf @@ -10,8 +10,7 @@ location ^~ /outpost.goauthentik.io { set $upstream_authentik authentik-server; proxy_pass http://$upstream_authentik:9000; - ## Include the Set-Cookie header if present. - auth_request_set $set_cookie $upstream_http_set_cookie; + ## Include the Set-Cookie header if present add_header Set-Cookie $set_cookie; proxy_pass_request_body off; @@ -22,8 +21,7 @@ location ^~ /outpost.goauthentik.io { location @goauthentik_proxy_signin { internal; - ## Include the Set-Cookie header if present. - auth_request_set $set_cookie $upstream_http_set_cookie; + ## Include the Set-Cookie header if present add_header Set-Cookie $set_cookie; ## Set the $target_url variable based on the original request. From a2e3c8b9fb653332ddc4684fc00aaa4e9821a58e Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 27 Apr 2023 19:34:14 +0000 Subject: [PATCH 3/5] Backwards compatibility and additional cookie handling tweaks --- root/defaults/nginx/authelia-location.conf.sample | 10 +++++----- root/defaults/nginx/authelia-server.conf.sample | 15 ++++++++++----- .../defaults/nginx/authentik-location.conf.sample | 6 +++--- root/defaults/nginx/authentik-server.conf.sample | 12 ++++++------ 4 files changed, 24 insertions(+), 19 deletions(-) diff --git a/root/defaults/nginx/authelia-location.conf.sample b/root/defaults/nginx/authelia-location.conf.sample index 425b109..5fd7d28 100644 --- a/root/defaults/nginx/authelia-location.conf.sample +++ b/root/defaults/nginx/authelia-location.conf.sample @@ -3,9 +3,9 @@ # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf # Make sure that the authelia configuration.yml has 'path: "authelia"' defined -## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. +## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource auth_request /authelia/api/verify; -## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. +## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal error_page 401 = @authelia_proxy_signin; ## Translate the user information response headers from the auth subrequest into variables @@ -20,8 +20,8 @@ proxy_set_header Remote-Groups $groups; proxy_set_header Remote-Name $name; proxy_set_header Remote-User $user; -## Translate the Set-Cookie response header from auth subrequest into a variable +## Translate the Set-Cookie response header from the auth subrequest into a variable auth_request_set $set_cookie $upstream_http_set_cookie; -## Translate the Location response header from auth subrequest into a variable -auth_request_set $redirection_url $upstream_http_location; +## Translate the Location response header from the auth subrequest into a variable +auth_request_set $signin_url $upstream_http_location; diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index 07b8e85..805aadb 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -12,6 +12,7 @@ location ^~ /authelia { proxy_pass http://$upstream_authelia:9091; ## Include the Set-Cookie header if present + auth_request_set $set_cookie $upstream_http_set_cookie; add_header Set-Cookie $set_cookie; proxy_pass_request_body off; @@ -23,16 +24,20 @@ location @authelia_proxy_signin { internal; ## Include the Set-Cookie header if present + auth_request_set $set_cookie $upstream_http_set_cookie; add_header Set-Cookie $set_cookie; - ## Set the $target_url variable based on the original request. + ## Set the $target_url variable based on the original request set_escape_uri $target_url $scheme://$http_host$request_uri; - ## Set $redirection_url if it is empty - if ($redirection_url = false) { - set $redirection_url https://$http_host/authelia/?rd=$target_url; + ## Translate the Location response header from the auth subrequest into a variable + auth_request_set $signin_url $upstream_http_location; + + if ($signin_url = '') { + ## Set the $signin_url variable + set $signin_url https://$http_host/authelia/?rd=$target_url; } ## Redirect to login - return 302 $redirection_url; + return 302 $signin_url; } diff --git a/root/defaults/nginx/authentik-location.conf.sample b/root/defaults/nginx/authentik-location.conf.sample index c5f32b2..d27f681 100644 --- a/root/defaults/nginx/authentik-location.conf.sample +++ b/root/defaults/nginx/authentik-location.conf.sample @@ -2,9 +2,9 @@ # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf -## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource. +## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource auth_request /outpost.goauthentik.io/auth/nginx; -## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. +## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal error_page 401 = @goauthentik_proxy_signin; ## Translate the user information response headers from the auth subrequest into variables @@ -21,5 +21,5 @@ proxy_set_header X-authentik-name $authentik_name; proxy_set_header X-authentik-uid $authentik_uid; proxy_set_header X-authentik-username $authentik_username; -## Translate the Set-Cookie response header from auth subrequest into a variable +## Translate the Set-Cookie response header from the auth subrequest into a variable auth_request_set $set_cookie $upstream_http_set_cookie; diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index e7af24c..29bd233 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -11,6 +11,7 @@ location ^~ /outpost.goauthentik.io { proxy_pass http://$upstream_authentik:9000; ## Include the Set-Cookie header if present + auth_request_set $set_cookie $upstream_http_set_cookie; add_header Set-Cookie $set_cookie; proxy_pass_request_body off; @@ -22,16 +23,15 @@ location @goauthentik_proxy_signin { internal; ## Include the Set-Cookie header if present + auth_request_set $set_cookie $upstream_http_set_cookie; add_header Set-Cookie $set_cookie; - ## Set the $target_url variable based on the original request. + ## Set the $target_url variable based on the original request set_escape_uri $target_url $scheme://$http_host$request_uri; - ## Set $redirection_url if it is empty - if ($redirection_url = false) { - set $redirection_url https://$http_host/outpost.goauthentik.io/start?rd=$target_url; - } + ## Set the $signin_url variable + set $signin_url https://$http_host/outpost.goauthentik.io/start?rd=$target_url; ## Redirect to login - return 302 $redirection_url; + return 302 $signin_url; } From 77b9dc3348b0780c8d8fc42bcc415be3f7bd6c6e Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 27 Apr 2023 20:53:07 +0000 Subject: [PATCH 4/5] Unsimplify --- root/defaults/nginx/authelia-server.conf.sample | 12 +++++++++++- root/defaults/nginx/authentik-server.conf.sample | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index 805aadb..17d5a93 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -10,6 +10,16 @@ location ^~ /authelia { include /config/nginx/resolver.conf; set $upstream_authelia authelia; proxy_pass http://$upstream_authelia:9091; +} + +# location for authelia auth requests +location = /authelia/api/verify { + internal; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_authelia authelia; + proxy_pass http://$upstream_authelia:9091; ## Include the Set-Cookie header if present auth_request_set $set_cookie $upstream_http_set_cookie; @@ -19,7 +29,7 @@ location ^~ /authelia { proxy_set_header Content-Length ""; } -# Virtual location for authelia 401 redirects +# virtual location for authelia 401 redirects location @authelia_proxy_signin { internal; diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index 29bd233..aadaf62 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -9,6 +9,16 @@ location ^~ /outpost.goauthentik.io { include /config/nginx/resolver.conf; set $upstream_authentik authentik-server; proxy_pass http://$upstream_authentik:9000; +} + +# location for authentik auth requests +location = /outpost.goauthentik.io/auth/nginx { + internal; + + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_authentik authentik-server; + proxy_pass http://$upstream_authentik:9000; ## Include the Set-Cookie header if present auth_request_set $set_cookie $upstream_http_set_cookie; @@ -18,7 +28,7 @@ location ^~ /outpost.goauthentik.io { proxy_set_header Content-Length ""; } -# Virtual location for authentik 401 redirects +# virtual location for authentik 401 redirects location @goauthentik_proxy_signin { internal; From c77eca9ec335a252925ab92afeeafc62a5ae3325 Mon Sep 17 00:00:00 2001 From: LinuxServer-CI Date: Tue, 9 May 2023 21:16:20 +0000 Subject: [PATCH 5/5] Bot Updating Package Versions --- package_versions.txt | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/package_versions.txt b/package_versions.txt index 886f3ea..feaa327 100755 --- a/package_versions.txt +++ b/package_versions.txt @@ -1,8 +1,8 @@ NAME VERSION TYPE ConfigArgParse 1.5.3 python -PyJWT 2.6.0 python +PyJWT 2.7.0 python PyYAML 6.0 python -acme 2.5.0 python +acme 2.6.0 python alpine-baselayout 3.4.0-r0 apk alpine-baselayout-data 3.4.0-r0 apk alpine-keys 2.4-r1 apk @@ -21,58 +21,58 @@ azure-mgmt-core 1.4.0 python azure-mgmt-dns 8.0.0 python bash 5.2.15-r0 apk beautifulsoup4 4.12.2 python -boto3 1.26.129 python -botocore 1.29.129 python +boto3 1.26.131 python +botocore 1.29.131 python brotli-libs 1.0.9-r9 apk bs4 0.0.1 python busybox 1.35.0 binary busybox 1.35.0-r29 apk busybox-binsh 1.35.0-r29 apk c-client 2007f-r14 apk -ca-certificates 20220614-r4 apk +ca-certificates 20230506-r0 apk ca-certificates-bundle 20220614-r4 apk cachetools 5.3.0 python -certbot 2.5.0 python +certbot 2.6.0 python certbot-dns-acmedns 0.1.0 python certbot-dns-aliyun 2.0.0 python certbot-dns-azure 2.1.0 python -certbot-dns-cloudflare 2.5.0 python +certbot-dns-cloudflare 2.6.0 python certbot-dns-cpanel 0.4.0 python certbot-dns-desec 1.2.1 python -certbot-dns-digitalocean 2.5.0 python +certbot-dns-digitalocean 2.6.0 python certbot-dns-directadmin 1.0.3 python -certbot-dns-dnsimple 2.5.0 python -certbot-dns-dnsmadeeasy 2.5.0 python +certbot-dns-dnsimple 2.6.0 python +certbot-dns-dnsmadeeasy 2.6.0 python certbot-dns-dnspod 0.1.0 python certbot-dns-do 0.31.0 python certbot-dns-domeneshop 0.2.9 python certbot-dns-duckdns 1.3 python certbot-dns-dynu 0.0.4 python -certbot-dns-gehirn 2.5.0 python +certbot-dns-gehirn 2.6.0 python certbot-dns-godaddy 0.2.2 python -certbot-dns-google 2.5.0 python +certbot-dns-google 2.6.0 python certbot-dns-google-domains 0.1.11 python certbot-dns-he 1.0.0 python certbot-dns-hetzner 2.0.0 python certbot-dns-infomaniak 0.2.1 python certbot-dns-inwx 2.2.0 python certbot-dns-ionos 2022.11.24 python -certbot-dns-linode 2.5.0 python +certbot-dns-linode 2.6.0 python certbot-dns-loopia 1.0.1 python -certbot-dns-luadns 2.5.0 python +certbot-dns-luadns 2.6.0 python certbot-dns-netcup 1.2.0 python certbot-dns-njalla 1.0.0 python -certbot-dns-nsone 2.5.0 python -certbot-dns-ovh 2.5.0 python +certbot-dns-nsone 2.6.0 python +certbot-dns-ovh 2.6.0 python certbot-dns-porkbun 0.8 python -certbot-dns-rfc2136 2.5.0 python -certbot-dns-route53 2.5.0 python -certbot-dns-sakuracloud 2.5.0 python +certbot-dns-rfc2136 2.6.0 python +certbot-dns-route53 2.6.0 python +certbot-dns-sakuracloud 2.6.0 python certbot-dns-standalone 1.1 python certbot-dns-transip 0.5.2 python certbot-dns-vultr 1.0.3 python certbot-plugin-gandi 1.4.3 python -certifi 2022.12.7 python +certifi 2023.5.7 python cffi 1.15.1 python charset-normalizer 3.1.0 python cloudflare 2.11.1 python @@ -221,7 +221,6 @@ nginx-mod-stream 1.22.1-r0 apk nginx-mod-stream-geoip2 1.22.1-r0 apk nginx-vim 1.22.1-r0 apk npth 1.6-r2 apk -oauth2client 4.1.3 python oauthlib 3.2.2 python oniguruma 6.9.8-r0 apk openssl 3.0.8-r4 apk @@ -291,7 +290,7 @@ pkb-client 1.2 python popt 1.19-r0 apk portalocker 2.7.0 python procps 3.3.17-r2 apk -protobuf 4.22.4 python +protobuf 4.23.0 python publicsuffixlist 0.9.4 python pyOpenSSL 23.1.1 python pyRFC3339 1.1 python