- Includes Mod Security 2 module for Apache, disabled by default (PR #8)
- Should no longer complain about OpenSSL versions (Debian fixed this, not me)
- Kerberos support in Apache, from libapache2-mod-auth-gssapi and krb5-user (PRs #6 & #7)
- Update to Dockerfile base image to be more specific (Bookworm)
- A warning about OpenSSL versions may be shown (due to upstream Debian issues) but does not seem to be a problem.
- Package names for Shibboleth SP have been updated to match the new names in recent Debian releases
- Includes mod-auth-cas as an optional module. Enable it by setting
APACHE_EXTRA_MODS="auth_cas"
- Includes mod-auth-openidc as an optional module. Enable it by setting
APACHE_EXTRA_MODS="auth_openidc"
- Additional modules can be enabled by listing them in
APACHE_EXTRA_MODS - The default ServerName is set using the
SP_URLENV variable.
- Certificates and keys in /etc/shibboleth with typical filenames will have their permissions adjusted at runtime.
- UseCanonical is now
onby default
D'oh, a minor script bug needs to be fixed
- The keygen.sh wrapper script would not run properly in descendent images as it wouldn't overwrite. Fixed by adding a -f force flag
A big rewrite to do mostly the same thing but a little bit better
- SWITCH no longer produces custom Shibboleth SP packages but Debian's are fine now, so we use those instead.
- Scripts and tools that were copied to /opt/admin are now in /etc/rasp
- The Dehydrated package has been removed
- Inspec is no longer used due to Chef's bait-and-switch to commercial licensing
- Environment variables SP_HOST, SP_URL and SP_ID are available, by default set to the defaults used in the Shibboleth SP config files
- A keygen.sh script has been added to /etc/rasp, it will generate separate encryption and signing keypairs based on environment variables.
- The keygen.sh script will run immediately when sub-images are built
- Container images are built for both x86 and ARM64 platforms
- Container images will be available on both Dockerhub and Github.
- The Shibd process now logs to STDOUT, like Apache
- The preparation script has been moved into the Dockerfile to improve build reliability
- Most tests do not run, as only a few have been converted to Serverspec from Inspec so far.
- Is now based on Debian 10
- Uses Shibboleth SP v3, packaged by SWITCH
- Contains a runs_once directory for miscellaneous init scripts
- Improved Runit startup process
- Services now finish when the container is sent a kill signal or ctrl-c-ed from the commandline
- No warnings during Docker container build process