Skip to content

Commit

Permalink
Merge pull request #52 from theohbrothers/enhancement/add-easyrsa-3.1…
Browse files Browse the repository at this point in the history
….7-variants

Enhancement: Add easyrsa 3.1.7 variants
  • Loading branch information
theohbrothersbot authored Oct 14, 2023
2 parents c8b2d83 + 9605dfb commit 715d343
Show file tree
Hide file tree
Showing 6 changed files with 233 additions and 7 deletions.
124 changes: 123 additions & 1 deletion .github/workflows/ci-master-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,126 @@ jobs:
run: |
git diff --exit-code
build-3-1-7:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Display system info (linux)
run: |
set -e
hostname
whoami
cat /etc/*release
lscpu
free
df -h
pwd
docker info
docker version
# See: https://github.com/docker/build-push-action/blob/v2.6.1/docs/advanced/cache.md#github-cache
- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2

- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-3.1.7-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-3.1.7-
${{ runner.os }}-buildx-
- name: Login to Docker Hub registry
# Run on master and tags
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_REGISTRY_USER }}
password: ${{ secrets.DOCKERHUB_REGISTRY_PASSWORD }}

# This step generates the docker tags
- name: Prepare
id: prep-3-1-7
run: |
set -e
# Get ref, i.e. <branch_name> from refs/heads/<branch_name>, or <tag-name> from refs/tags/<tag_name>. E.g. 'master' or 'v0.0.0'
REF=$( echo "${GITHUB_REF}" | rev | cut -d '/' -f 1 | rev )
# Get short commit hash E.g. 'abc0123'
SHA=$( echo "${GITHUB_SHA}" | cut -c1-7 )
# Generate docker image tags
# E.g. 'v0.0.0-<variant>' and 'v0.0.0-abc0123-<variant>'
# E.g. 'master-<variant>' and 'master-abc0123-<variant>'
VARIANT="3.1.7"
REF_VARIANT="${REF}-${VARIANT}"
REF_SHA_VARIANT="${REF}-${SHA}-${VARIANT}"
# Pass variables to next step
echo "VARIANT_BUILD_DIR=$VARIANT_BUILD_DIR" >> $GITHUB_OUTPUT
echo "VARIANT=$VARIANT" >> $GITHUB_OUTPUT
echo "REF_VARIANT=$REF_VARIANT" >> $GITHUB_OUTPUT
echo "REF_SHA_VARIANT=$REF_SHA_VARIANT" >> $GITHUB_OUTPUT
- name: 3.1.7 - Build (PRs)
# Run only on pull requests
if: github.event_name == 'pull_request'
uses: docker/build-push-action@v3
with:
context: variants/3.1.7
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x
push: false
tags: |
${{ github.repository }}:${{ steps.prep-3-1-7.outputs.REF_VARIANT }}
${{ github.repository }}:${{ steps.prep-3-1-7.outputs.REF_SHA_VARIANT }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max

- name: 3.1.7 - Build and push (master)
# Run only on master
if: github.ref == 'refs/heads/master'
uses: docker/build-push-action@v3
with:
context: variants/3.1.7
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x
push: true
tags: |
${{ github.repository }}:${{ steps.prep-3-1-7.outputs.REF_VARIANT }}
${{ github.repository }}:${{ steps.prep-3-1-7.outputs.REF_SHA_VARIANT }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max

- name: 3.1.7 - Build and push (release)
if: startsWith(github.ref, 'refs/tags/')
uses: docker/build-push-action@v3
with:
context: variants/3.1.7
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/s390x
push: true
tags: |
${{ github.repository }}:${{ steps.prep-3-1-7.outputs.VARIANT }}
${{ github.repository }}:${{ steps.prep-3-1-7.outputs.REF_VARIANT }}
${{ github.repository }}:${{ steps.prep-3-1-7.outputs.REF_SHA_VARIANT }}
${{ github.repository }}:latest
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max

# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
build-3-1-6:
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -141,7 +261,6 @@ jobs:
${{ github.repository }}:${{ steps.prep-3-1-6.outputs.VARIANT }}
${{ github.repository }}:${{ steps.prep-3-1-6.outputs.REF_VARIANT }}
${{ github.repository }}:${{ steps.prep-3-1-6.outputs.REF_SHA_VARIANT }}
${{ github.repository }}:latest
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max

Expand Down Expand Up @@ -1940,6 +2059,7 @@ jobs:
update-draft-release:
needs:
- build-3-1-7
- build-3-1-6
- build-3-1-5
- build-3-1-4
Expand Down Expand Up @@ -1969,6 +2089,7 @@ jobs:

publish-draft-release:
needs:
- build-3-1-7
- build-3-1-6
- build-3-1-5
- build-3-1-4
Expand Down Expand Up @@ -2000,6 +2121,7 @@ jobs:

update-dockerhub-description:
needs:
- build-3-1-7
- build-3-1-6
- build-3-1-5
- build-3-1-4
Expand Down
13 changes: 7 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ The base image is `alpine`.

| Tag | Dockerfile Build Context |
|:-------:|:---------:|
| `:3.1.6`, `:latest` | [View](variants/3.1.6) |
| `:3.1.7`, `:latest` | [View](variants/3.1.7) |
| `:3.1.6` | [View](variants/3.1.6) |
| `:3.1.5` | [View](variants/3.1.5) |
| `:3.1.4` | [View](variants/3.1.4) |
| `:3.1.3` | [View](variants/3.1.3) |
Expand All @@ -37,14 +38,14 @@ In this image, the PKI will be stored in `/data/pki` (i.e. `EASYRSA_PKI=/data/pk

```sh
# Generate /data/pki
docker run --rm -it -v data:/data theohbrothers/docker-easyrsa:3.1.6 init-pki
docker run --rm -it -v data:/data theohbrothers/docker-easyrsa:3.1.7 init-pki
# Generate CA, server and client certs
docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:3.1.6 build-ca nopass
docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:3.1.6 build-server-full server-01 nopass
docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:3.1.6 build-client-full client-01 nopass
docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:3.1.7 build-ca nopass
docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:3.1.7 build-server-full server-01 nopass
docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:3.1.7 build-client-full client-01 nopass

# Alternatively, a nice one liner to do everything
docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:3.1.6 sh -c 'set -e; easyrsa init-pki; easyrsa build-ca nopass; easyrsa build-server-full server-01 nopass; easyrsa build-client-full client-01 nopass; find /data/pki'
docker run --rm -it -e EASYRSA_BATCH=true -v data:/data theohbrothers/docker-easyrsa:3.1.7 sh -c 'set -e; easyrsa init-pki; easyrsa build-ca nopass; easyrsa build-server-full server-01 nopass; easyrsa build-client-full client-01 nopass; find /data/pki'
```

According to [`easy-rsa` documentation](https://github.com/OpenVPN/easy-rsa/blob/v3.0.0/doc/EasyRSA-Advanced.md#configuration-reference), there are four ways to run `easy-rsa`, namely:
Expand Down
1 change: 1 addition & 0 deletions generate/definitions/versions.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"easyrsa": {
"versions": [
"3.1.7",
"3.1.6",
"3.1.5",
"3.1.4",
Expand Down
46 changes: 46 additions & 0 deletions variants/3.1.7/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
FROM alpine:3.17
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM"

RUN apk add --no-cache ca-certificates

# Install easyrsa dependencies
RUN apk add --no-cache openssl

WORKDIR /data
ENV EASYRSA=/usr/share/easy-rsa
ENV EASYRSA_PKI=/data/pki

# Install easyrsa
# See: https://github.com/OpenVPN/easy-rsa/tree/master/release-keys
RUN set -eux; \
apk add --no-cache gnupg gpg-agent dirmngr; \
URL=https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.7/EasyRSA-3.1.7.tgz; \
FILE=$( basename $URL ); \
wget -q "$URL"; \
wget -q "$URL.sig"; \
gpg --keyserver keys.openpgp.org --recv-keys 6F4056821152F03B6B24F2FCF8489F839D7367F3; \
gpg --verify "$FILE.sig" "$FILE"; \
mkdir -p /usr/share/easy-rsa; \
tar -zxvf "$FILE" --strip-components=1 -C /usr/share/easy-rsa; \
ln -sf /usr/share/easy-rsa/easyrsa /usr/local/bin/easyrsa; \
\
easyrsa help; \
easyrsa init-pki; \
rm -rfv /data/pki; \
\
rm -fv ""; \
rm -fv ".sig"; \
apk del gnupg gpg-agent dirmngr; \
# Fix error: rm: can't remove '/root/.gnupg/S.gpg-agent.extra': No such file or directory
killall dirmngr; \
killall gpg-agent; \
rm -rf /root/.gnupg;

VOLUME /data

COPY docker-entrypoint.sh /docker-entrypoint.sh
RUN chmod +x /docker-entrypoint.sh

ENTRYPOINT ["/docker-entrypoint.sh"]
40 changes: 40 additions & 0 deletions variants/3.1.7/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
version: '2.1'
services:
easyrsa:
container_name: easyrsa
image: theohbrothers/docker-easyrsa:3.1.7

# Uncomment and configure these environment to your needs. The following are the default values, according to: https://github.com/OpenVPN/easy-rsa/blob/v3.0.8/doc/EasyRSA-Advanced.md#configuration-reference
# Using environment variables is preferred to using a vars file
# Double dollar signs '$$' is to escape a dollar sign in the docker-compose yaml parser, see: https://stackoverflow.com/a/40621373
# environment:
# - EASYRSA_SSL_CONF=/etc/ssl/openssl.cnf
# - EASYRSA=$${0%/*}
# - EASYRSA_OPENSSL=openssl
# - EASYRSA_SSL_CONF=$$EASYRSA/openssl-easyrsa.cnf
# - EASYRSA_PKI=$$PWD/pki
# - EASYRSA_DN=cn_only
# - EASYRSA_REQ_COUNTRY=US
# - EASYRSA_REQ_PROVINCE=California
# - EASYRSA_REQ_CITY=San Francisco
# - EASYRSA_REQ_ORG=Copyleft Certificate Co
# - EASYRSA_REQ_EMAIL=me@example.net
# - EASYRSA_REQ_OU=My Organizational Unit
# - EASYRSA_KEY_SIZE=2048
# - EASYRSA_ALGO=rsa
# - EASYRSA_CURVE=secp384r1
# - EASYRSA_CA_EXPIRE=3650
# - EASYRSA_CERT_EXPIRE=180
# - EASYRSA_CERT_RENEW=30
# - EASYRSA_NS_SUPPORT=no
# - EASYRSA_NS_COMMENT=Easy-RSA Generated Certificate
# - EASYRSA_TEMP_FILE=$$EASYRSA_PKI/extensions.temp
# - EASYRSA_EXT_DIR=$$EASYRSA/x509-types
# - EASYRSA_REQ_CN=ChangeMe
# - EASYRSA_DIGEST=sha256
# - EASYRSA_BATCH=

# Uncomment this to mount your own openssl.cnf, vars file(s)
# volumes:
# - ./path/to/openssl.conf:/etc/ssl/openssl.cnf
# - ./path/to/vars:/etc/ssl/openssl.cnf
16 changes: 16 additions & 0 deletions variants/3.1.7/docker-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/sh
set -eu

if [ $# -gt 0 ]; then
# Get all subcommands. 'help' is also a subcommand
SUBCOMMANDS=$( easyrsa help | awk "/init-pki/,/^$/" | awk '{print $1}' | awk NF ; echo help )
if echo "$SUBCOMMANDS" | grep "^$1$"; then
set "easyrsa" "$@"
echo "Executing: $@"
exec "$@"
fi
else
exec "easyrsa" "$@"
fi

exec "$@"

0 comments on commit 715d343

Please sign in to comment.