Merge pull request #399 from linuxserver/standard-cron

standard cron

Dockerfile

@@ -76,7 +76,7 @@ RUN \
     php82-xmlreader \
     php82-xsl \
     whois && \
-  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
     php82-pecl-mcrypt && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \

Dockerfile.aarch64

@@ -76,7 +76,7 @@ RUN \
     php82-xmlreader \
     php82-xsl \
     whois && \
-  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+  apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community \
     php82-pecl-mcrypt && \
   echo "**** install certbot plugins ****" && \
   if [ -z ${CERTBOT_VERSION+x} ]; then \

README.md

@@ -45,7 +45,7 @@ SWAG - Secure Web Application Gateway (formerly known as letsencrypt, no relatio
 
 ## Supported Architectures
 
-We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
+We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
 
 Simply pulling `lscr.io/linuxserver/swag:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
 

package_versions.txt

@@ -3,7 +3,7 @@ ConfigArgParse                  1.7                     python
 PyJWT                           2.8.0                   python  
 PyNamecheap                     0.0.3                   python  
 PyYAML                          6.0.1                   python  
-Simple Launcher Executable      1.1.0.14                dotnet  
+SimpleLauncherExecutable        1.1.0.14                dotnet  
 acme                            2.7.4                   python  
 alpine-baselayout               3.4.3-r1                apk     
 alpine-baselayout-data          3.4.3-r1                apk     
@@ -23,12 +23,12 @@ azure-mgmt-core                 1.4.0                   python
 azure-mgmt-dns                  8.1.0                   python  
 bash                            5.2.15-r5               apk     
 beautifulsoup4                  4.12.2                  python  
-boto3                           1.28.78                 python  
-botocore                        1.31.78                 python  
+boto3                           1.29.3                  python  
+botocore                        1.32.3                  python  
 brotli-libs                     1.0.9-r14               apk     
 bs4                             0.0.1                   python  
-busybox                         1.36.1-r4               apk     
-busybox-binsh                   1.36.1-r4               apk     
+busybox                         1.36.1-r5               apk     
+busybox-binsh                   1.36.1-r5               apk     
 c-client                        2007f-r15               apk     
 ca-certificates                 20230506-r0             apk     
 ca-certificates-bundle          20230506-r0             apk     
@@ -60,12 +60,12 @@ certbot-dns-he                  1.0.0                   python
 certbot-dns-hetzner             2.0.0                   python  
 certbot-dns-infomaniak          0.2.1                   python  
 certbot-dns-inwx                2.2.0                   python  
-certbot-dns-ionos               2022.11.24              python  
+certbot-dns-ionos               2023.11.13.post1        python  
 certbot-dns-linode              2.6.0                   python  
 certbot-dns-loopia              1.0.1                   python  
 certbot-dns-luadns              2.6.0                   python  
 certbot-dns-namecheap           1.0.0                   python  
-certbot-dns-netcup              1.3.1                   python  
+certbot-dns-netcup              1.4.2                   python  
 certbot-dns-njalla              1.0.0                   python  
 certbot-dns-nsone               2.6.0                   python  
 certbot-dns-ovh                 2.6.0                   python  
@@ -76,8 +76,8 @@ certbot-dns-sakuracloud         2.6.0                   python
 certbot-dns-standalone          1.1                     python  
 certbot-dns-transip             0.5.2                   python  
 certbot-dns-vultr               1.1.0                   python  
-certbot-plugin-gandi            1.4.3                   python  
-certifi                         2023.7.22               python  
+certbot-plugin-gandi            1.5.0                   python  
+certifi                         2023.11.17              python  
 cffi                            1.16.0                  python  
 charset-normalizer              3.3.2                   python  
 cloudflare                      2.12.4                  python  
@@ -109,8 +109,8 @@ gnupg-keyboxd                   2.4.3-r0                apk
 gnupg-utils                     2.4.3-r0                apk     
 gnupg-wks-client                2.4.3-r0                apk     
 gnutls                          3.8.0-r2                apk     
-google-api-core                 2.12.0                  python  
-google-api-python-client        2.106.0                 python  
+google-api-core                 2.14.0                  python  
+google-api-python-client        2.108.0                 python  
 google-auth                     2.23.4                  python  
 google-auth-httplib2            0.1.1                   python  
 googleapis-common-protos        1.61.0                  python  
@@ -139,7 +139,7 @@ libavif                         0.11.1-r2               apk
 libbsd                          0.11.7-r1               apk     
 libbz2                          1.0.8-r5                apk     
 libc-utils                      0.7.2-r5                apk     
-libcrypto3                      3.1.4-r0                apk     
+libcrypto3                      3.1.4-r1                apk     
 libcurl                         8.4.0-r0                apk     
 libdav1d                        1.2.1-r0                apk     
 libedit                         20221030.3.1-r1         apk     
@@ -165,13 +165,13 @@ libncursesw                     6.4_p20230506-r0        apk
 libnftnl                        1.2.5-r1                apk     
 libpanelw                       6.4_p20230506-r0        apk     
 libpng                          1.6.39-r3               apk     
-libpq                           15.4-r0                 apk     
+libpq                           15.5-r0                 apk     
 libproc2                        4.0.4-r0                apk     
 libsasl                         2.1.28-r4               apk     
 libseccomp                      2.5.4-r2                apk     
 libsm                           1.2.4-r1                apk     
 libsodium                       1.0.18-r3               apk     
-libssl3                         3.1.4-r0                apk     
+libssl3                         3.1.4-r1                apk     
 libstdc++                       12.2.1_git20220924-r10  apk     
 libtasn1                        4.19.0-r1               apk     
 libunistring                    1.1-r1                  apk     
@@ -227,7 +227,7 @@ nginx-mod-stream-geoip2         1.24.0-r7               apk
 nginx-vim                       1.24.0-r7               apk     
 npth                            1.6-r4                  apk     
 oniguruma                       6.9.8-r1                apk     
-openssl                         3.1.4-r0                apk     
+openssl                         3.1.4-r1                apk     
 p11-kit                         0.24.1-r2               apk     
 packaging                       23.2                    python  
 parsedatetime                   2.6                     python  
@@ -236,62 +236,62 @@ pcre2                           10.42-r1                apk
 perl                            5.36.1-r2               apk     
 perl-error                      0.17029-r1              apk     
 perl-git                        2.40.1-r0               apk     
-php82                           8.2.10-r0               apk     
-php82-bcmath                    8.2.10-r0               apk     
-php82-bz2                       8.2.10-r0               apk     
-php82-common                    8.2.10-r0               apk     
-php82-ctype                     8.2.10-r0               apk     
-php82-curl                      8.2.10-r0               apk     
-php82-dom                       8.2.10-r0               apk     
-php82-exif                      8.2.10-r0               apk     
-php82-fileinfo                  8.2.10-r0               apk     
-php82-fpm                       8.2.10-r0               apk     
-php82-ftp                       8.2.10-r0               apk     
-php82-gd                        8.2.10-r0               apk     
-php82-gmp                       8.2.10-r0               apk     
-php82-iconv                     8.2.10-r0               apk     
-php82-imap                      8.2.10-r0               apk     
-php82-intl                      8.2.10-r0               apk     
-php82-ldap                      8.2.10-r0               apk     
-php82-mbstring                  8.2.10-r0               apk     
-php82-mysqli                    8.2.10-r0               apk     
-php82-mysqlnd                   8.2.10-r0               apk     
-php82-opcache                   8.2.10-r0               apk     
-php82-openssl                   8.2.10-r0               apk     
-php82-pdo                       8.2.10-r0               apk     
-php82-pdo_mysql                 8.2.10-r0               apk     
-php82-pdo_odbc                  8.2.10-r0               apk     
-php82-pdo_pgsql                 8.2.10-r0               apk     
-php82-pdo_sqlite                8.2.10-r0               apk     
-php82-pear                      8.2.10-r0               apk     
+php82                           8.2.12-r0               apk     
+php82-bcmath                    8.2.12-r0               apk     
+php82-bz2                       8.2.12-r0               apk     
+php82-common                    8.2.12-r0               apk     
+php82-ctype                     8.2.12-r0               apk     
+php82-curl                      8.2.12-r0               apk     
+php82-dom                       8.2.12-r0               apk     
+php82-exif                      8.2.12-r0               apk     
+php82-fileinfo                  8.2.12-r0               apk     
+php82-fpm                       8.2.12-r0               apk     
+php82-ftp                       8.2.12-r0               apk     
+php82-gd                        8.2.12-r0               apk     
+php82-gmp                       8.2.12-r0               apk     
+php82-iconv                     8.2.12-r0               apk     
+php82-imap                      8.2.12-r0               apk     
+php82-intl                      8.2.12-r0               apk     
+php82-ldap                      8.2.12-r0               apk     
+php82-mbstring                  8.2.12-r0               apk     
+php82-mysqli                    8.2.12-r0               apk     
+php82-mysqlnd                   8.2.12-r0               apk     
+php82-opcache                   8.2.12-r0               apk     
+php82-openssl                   8.2.12-r0               apk     
+php82-pdo                       8.2.12-r0               apk     
+php82-pdo_mysql                 8.2.12-r0               apk     
+php82-pdo_odbc                  8.2.12-r0               apk     
+php82-pdo_pgsql                 8.2.12-r0               apk     
+php82-pdo_sqlite                8.2.12-r0               apk     
+php82-pear                      8.2.12-r0               apk     
 php82-pecl-apcu                 5.1.22-r0               apk     
 php82-pecl-igbinary             3.2.14-r0               apk     
 php82-pecl-mcrypt               1.0.6-r0                apk     
 php82-pecl-memcached            3.2.0-r1                apk     
 php82-pecl-msgpack              2.2.0-r0                apk     
 php82-pecl-redis                6.0.2-r0                apk     
-php82-pgsql                     8.2.10-r0               apk     
-php82-phar                      8.2.10-r0               apk     
-php82-posix                     8.2.10-r0               apk     
-php82-session                   8.2.10-r0               apk     
-php82-simplexml                 8.2.10-r0               apk     
-php82-soap                      8.2.10-r0               apk     
-php82-sockets                   8.2.10-r0               apk     
-php82-sodium                    8.2.10-r0               apk     
-php82-sqlite3                   8.2.10-r0               apk     
-php82-tokenizer                 8.2.10-r0               apk     
-php82-xml                       8.2.10-r0               apk     
-php82-xmlreader                 8.2.10-r0               apk     
-php82-xmlwriter                 8.2.10-r0               apk     
-php82-xsl                       8.2.10-r0               apk     
-php82-zip                       8.2.10-r0               apk     
+php82-pgsql                     8.2.12-r0               apk     
+php82-phar                      8.2.12-r0               apk     
+php82-posix                     8.2.12-r0               apk     
+php82-session                   8.2.12-r0               apk     
+php82-simplexml                 8.2.12-r0               apk     
+php82-soap                      8.2.12-r0               apk     
+php82-sockets                   8.2.12-r0               apk     
+php82-sodium                    8.2.12-r0               apk     
+php82-sqlite3                   8.2.12-r0               apk     
+php82-tokenizer                 8.2.12-r0               apk     
+php82-xml                       8.2.12-r0               apk     
+php82-xmlreader                 8.2.12-r0               apk     
+php82-xmlwriter                 8.2.12-r0               apk     
+php82-xsl                       8.2.12-r0               apk     
+php82-zip                       8.2.12-r0               apk     
 pinentry                        1.2.1-r1                apk     
 pip                             23.3.1                  python  
 pkb-client                      1.2                     python  
 popt                            1.19-r2                 apk     
 portalocker                     2.8.2                   python  
 procps-ng                       4.0.4-r0                apk     
-protobuf                        4.25.0                  python  
+protobuf                        4.25.1                  python  
 publicsuffixlist                0.9.4                   python  
 pyOpenSSL                       23.3.0                  python  
 pyRFC3339                       1.1                     python  
@@ -321,9 +321,9 @@ six                             1.16.0                  python
 skalibs                         2.13.1.1-r1             apk     
 soupsieve                       2.5                     python  
 sqlite-libs                     3.41.2-r2               apk     
-ssl_client                      1.36.1-r4               apk     
+ssl_client                      1.36.1-r5               apk     
 tiff                            4.5.1-r0                apk     
-tldextract                      5.0.1                   python  
+tldextract                      5.1.1                   python  
 typing-inspect                  0.9.0                   python  
 typing_extensions               4.8.0                   python  
 tzdata                          2023c-r1                apk     

root/etc/crontabs/abc

@@ -0,0 +1,2 @@
+# min   hour    day     month   weekday command
+8       2       *       *       *       /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1

root/etc/crontabs/root

@@ -1,9 +0,0 @@
-# do daily/weekly/monthly maintenance
-# min   hour    day     month   weekday command
-*/15    *       *       *       *       run-parts /etc/periodic/15min
-0       *       *       *       *       run-parts /etc/periodic/hourly
-0       2       *       *       *       run-parts /etc/periodic/daily
-0       3       *       *       6       run-parts /etc/periodic/weekly
-0       5       1       *       *       run-parts /etc/periodic/monthly
-# renew letsencrypt certs
-8       2       *       *       *       /app/le-renew.sh >> /config/log/letsencrypt/letsencrypt.log 2>&1

root/etc/s6-overlay/s6-rc.d/init-certbot-config/run

@@ -31,6 +31,12 @@ if [[ "${VALIDATION}" = "dns" ]] && ! echo "${CERTBOT_DNS_AUTHENTICATORS}" | gre
     sleep infinity
 fi
 
+# set owner of certbot's CONFIG_DIR, WORK_DIR, and LOGS_DIR to abc
+lsiown -R abc:abc \
+    /etc/letsencrypt \
+    /var/lib/letsencrypt \
+    /var/log/letsencrypt
+
 # set_ini_value logic:
 # - if the name is not found in the file, append the name=value to the end of the file
 # - if the name is found in the file, replace the value
@@ -46,6 +52,7 @@ function set_ini_value() {
 
 # ensure config files exist and has at least one value set (set_ini_value does not work on empty files)
 touch /config/etc/letsencrypt/cli.ini
+lsiown abc:abc /config/etc/letsencrypt/cli.ini
 grep -qF 'agree-tos' /config/etc/letsencrypt/cli.ini || echo 'agree-tos=true' >>/config/etc/letsencrypt/cli.ini
 
 # copy dns default configs
@@ -192,9 +199,9 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
         REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
     fi
     if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+        s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
     else
-        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
+        s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
     fi
     rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -207,9 +214,9 @@ if [[ -f "/config/keys/letsencrypt/chain.pem" ]] && { [[ "${CERTPROVIDER}" == "l
     echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
     REV_ACMESERVER=("https://acme-v02.api.letsencrypt.org/directory")
     if [[ -f /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem ]]; then
-        certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
+        s6-setuidgid abc certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"${ORIGDOMAIN}"/fullchain.pem --server "${REV_ACMESERVER[@]}" || true
     else
-        certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
+        s6-setuidgid abc certbot revoke --non-interactive --cert-name "${ORIGDOMAIN}" --server "${REV_ACMESERVER[@]}" || true
     fi
     rm -rf /config/etc/letsencrypt/{accounts,archive,live,renewal}
 fi
@@ -342,7 +349,7 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
         set_ini_value "eab-hmac-key" "${ZEROSSL_EAB_HMAC_KEY}" /config/etc/letsencrypt/cli.ini
     fi
     echo "Generating new certificate"
-    certbot certonly --non-interactive --renew-by-default
+    s6-setuidgid abc certbot certonly --non-interactive --renew-by-default
     if [[ ! -d /config/keys/letsencrypt ]]; then
         if [[ "${VALIDATION}" = "dns" ]]; then
             echo "ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the ${DNSCREDENTIALFILE} file."

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

@@ -1,38 +0,0 @@
-#!/usr/bin/with-contenv bash
-# shellcheck shell=bash
-
-# make folders
-mkdir -p \
-    /config/crontabs
-
-## root
-# if crontabs do not exist in config
-if [[ ! -f /config/crontabs/root ]]; then
-    # copy crontab from system
-    if crontab -l -u root; then
-        crontab -l -u root >/config/crontabs/root
-    fi
-
-    # if crontabs still do not exist in config (were not copied from system)
-    # copy crontab from included defaults (using -n, do not overwrite an existing file)
-    cp -n /etc/crontabs/root /config/crontabs/ 2> >(grep -v 'cp: not replacing')
-fi
-# set permissions and import user crontabs
-lsiown root:root /config/crontabs/root
-crontab -u root /config/crontabs/root
-
-## abc
-# if crontabs do not exist in config
-if [[ ! -f /config/crontabs/abc ]]; then
-    # copy crontab from system
-    if crontab -l -u abc; then
-        crontab -l -u abc >/config/crontabs/abc
-    fi
-
-    # if crontabs still do not exist in config (were not copied from system)
-    # copy crontab from included defaults (using -n, do not overwrite an existing file)
-    cp -n /etc/crontabs/abc /config/crontabs/ 2> >(grep -v 'cp: not replacing')
-fi
-# set permissions and import user crontabs
-lsiown abc:abc /config/crontabs/abc
-crontab -u abc /config/crontabs/abc

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/type

@@ -1 +0,0 @@
-oneshot

root/etc/s6-overlay/s6-rc.d/init-crontabs-config/up

@@ -1 +0,0 @@
-/etc/s6-overlay/s6-rc.d/init-crontabs-config/run

root/etc/s6-overlay/s6-rc.d/init-folders-config/run

@@ -3,7 +3,7 @@
 
 # make our folders and links
 mkdir -p \
-    /config/{fail2ban,crontabs,dns-conf} \
+    /config/{fail2ban,dns-conf} \
     /config/etc/letsencrypt/renewal-hooks \
     /config/log/{fail2ban,letsencrypt,nginx} \
     /config/nginx/proxy-confs \